Introduction to Andy Boots' Blog

Since retiring from the federal government in 2007, I have watched with a mixture of alarm and amusement as the Office of Management and Budget, Congress, the National Institute of Standards and technology, the inspectors general, the Government Accountability Office and agencies have continued to miss the point of information and mission assurance while enriching consultants and printer manufacturers by producing mountains of increasingly meaningless paperwork.

I intend to bring to readers’ attention various issues I believe deserve more critical thinking than is typically available in the federal enterprise (which I will henceforth call FedWorld).

I also believe:

• Information protection is better than security plans

• Privacy protection is better than privacy plans or impact statements

• Intrusion prevention beats the pants off intrusion detection

• Personnel security has almost nothing to do with HSPD-12

• Cybersecurity is only marginally related to information security

• … and so on.

Please remember my point of view before you comment on something I’ve written by chiding me that the Federal Information Security Management Act (FISMA) has it otherwise, that OMB guidance points in another direction, or that an IG will write me up. I no longer live in FedWorld so those customs and folk beliefs seem quaint.