Monthly Archives: August 2007

History, Security

Will it Work?

Leave a comment

Wikipedia reports that Philip Crosby is considered the forefather of the Capability Maturity Model.

I have been using this model extensively for over ten years when consulting on security controls. It is a far better way of documenting and illustrating control status rather than pass/fail, as it shows a continuum of improvement.

In other words, rather than telling a company they “failed” the security test, you can say they have achieved a initial step and only have a couple more to go.

With that in mind, I just ran into a rather funny illustration. It comes from “one of the first publications” by Crosby, meant to help reduce defects in guided missle design and manufacture.

Bendix

The Control Maturity Levels, just for handy reference, are these:

0 Control is not documented

1 Control is documented

2 Control is consistently applied (implemented)

3 Control is working (tested)

4 Control is measured

Companies often mistakenly rest on their laurels after achieving level 1, documentation of controls. This is the equivalent of trust, without verification, and rarely accurate. Meanwhile security firms often look for evidence of level 3. The gap is where the friction of compliance comes from.

Tests quickly prove vulnerabilities exist, but the real challenge is to find management that is able to move a company solidly into level 2 (implementation). In other words, do they have someone who can reliably answer the question “Will it work?”

Food, Security

You say tomato, I say mutato

Leave a comment

A man in Germany has become famous for showing that the norm is not normal:

Indeed, while they may be fun to look at, Westphal’s photos offer a subtle criticism of today’s culture of cosmetic surgery, the insistence on trying to make the food we consume — to say nothing of the way we look physically — conform to artificial standards of normality and beauty.

I think the ugly tomatoes taste the best.

Shame that in America some associations are trying to ban good taste in order to protect an artificial image.

Poetry, Security

Poetry Presence

Leave a comment

Thank you to all the people sending me poetry. Presence, presents…get it? I really appreciate it and will try to post my favorites as I find time.

Meanwhile, I couldn’t help but notice this gem in my spam filter:

Covering the land—
Oh you builders,
shaded by live oaks and bottlebrush trees
Like some poor wounded wretch—long left for dead
Trampled snow is the only rose.
Not daring to oppose
In the woods, close by,
Reshaping magnified, each risen flake
And then I go on until I am beneath an archway,
Mère and Père Chose are walking away from the
Wide, whited fields, a way unframed at last
This drizzling three-day January thaw,
snowdrops and crocuses might be fooled
And piled up at the base of the columns
XIII. The Route to the North
The winged winds, captives of that age-old foe
In the woods, close by,
Or by the loud hand of painting, always puts.
their bellies, they’re out cold, instantaneously

I found some Victor Hugo in there, you?

Almost seems like a riddle of poets, or some kind of crypt that has to be deciphered by using famous poetry as the keys. Fun stuff, once you get past the spam bits.