No, not the failure to keep the trains running. BART blames that on time. As if it is somehow not their fault to have decrepit cars and tracks after 40 years. They’re still trying to figure out the cost of upgrades by 2017 even though “they got a lot of cash in the bank” as it was said to me by the woman selling tickets.
No, not the failure to provide Internet service. They have tried to figure it out for a few stations but they’ll shut it down at the first sign of someone saying something they disagree with. They wouldn’t call that a failure and they argue there’s no cost to silencing passengers. Perhaps that explains why they also let the tracks squeal at over 100db (louder than a jackhammer).
Over 16,000 BART customers were overcharged for parking in the transit agency’s lots over the past two years, and now the vendor responsible for the mistake is to set to dole out more than $200,000 in repayments.
Due to a software glitch, motorists using the BART lots were incorrectly nailed with fees during the weekends and some holidays — times when parking is supposed to be free. The overbilling occurred during a 28-month period, and wasn’t detected until a BART customer complained to the agency, according to spokesman Jim Allison.
The following figure depicts an evolving strategy and model for Federal cloud adoption. In this model of a hybrid and optimized Federal cloud, we see that at one end of the spectrum, [A], security requirements and service levels are relatively low. Such an environment is conducive to public facing workloads. Although still substantial, security requirements for public data are considerably less than other data types. Service levels, such as availability, hover at only three 9’s (e.g., 99.9%). At the other end of the spectrum, both security and service level requirements are extremely high [C], demanding the strictest confidentiality, integrity, availability, and service level performance (e.g. 99.999%).
I will be presenting the following Session in two weeks at VMworld Europe 2011:
Session ID: SEC1236
Title: Penetration Testing the Cloud
Twitter hashtag: #SEC1236
Track: Cloud Infrastructure: Security and Compliance
Day: Tuesday 09:00
Cloud computing is said to represent a fundamentally different approach to building IT environments. Lessons from common management tools and processes, which work with discrete processes across static computing stacks, often are not incorporated into the new virtual environments. Predictably, this causes gaps in security. This presentation shows where and how to test for weakness. You will also learn how to deploy controls and improve security when resources are pooled across multiple sources, provisioning and capacity are highly dynamic, and configurations are fluid
This is a repeat of the same session presented at VMworld in Las Vegas, which was scored overall at 4.63 (4.72 for effectiveness) out of 5.00 with nearly 500 in attendance.
I will be presenting the following Session next week at RSA Europe 2011:
Session ID: GRC-303
Title: Everything You Wanted to Know About Virtual Compliance (But Were Afraid to Ask)
Scheduled Session Times: Thursday, Oct 13, 11:10 AM
Room: Buckingham (East Wing)
The session will address the most common sticking points for virtual environments with their auditors. It will cover examples of cloud environments and virtual environments that have achieved compliance with common regulations. If you think the “Cookies Directive” or FISMA High is impossible for a cloud provider, or mulit-tenant multi-level workloads will never be accepted by a QSA for PCI DSS 2.0, this session is for you.
Hope to see you there.
a blog about the poetry of information security, since 1995
