If you are looking for the acronyms above go to –> http://infoassure.blogspot.com
Most human beings have the luxury of not having to know what the acronyms DITSCAP, DIACAP, NIACAP and ISP mean. I am not one of those human beings.
You know all those times you were at work and the Big Wigs decide to come up with some new ridiculous security rule that is just more hassle; have you ever cursed the stupid, stupid bastards that came up with a web blocker that won't let you visit fark.com, ebaum's world or stileproject… I'm the that stupid, stupid bastard.
But hey, man, don't blame me. Any policy I (or any other System Security Engineer) comes up with usually is and interpretation of a company policy. And usually (at least in my experience) we aren't the ones making the final decisions.
(Sigh) Anyway, bitches…
I try to include some actual Security Engineering in this blog but it just seems a little over the top because most of my readers (who are either techies or N00bies) can not relate and/or don't have a use for.
System Security Engineering has to do with Certification and Accreditation, developing security and business plans, and creating organizational information security policies far Information Systems (boring, boring, booooring stuff… that pays pretty good). It includes all levels of computer security but also deals with things like… operational security.
http://infoassure.blogspot.com will focus on system security engineering.
I'll continue to put the SSE post in this blog but I'll hide most of them in the DITCAP category so my regular elamb.org visitors don't get nauseated.