It's been many moons since my last post, but to be absent from the blog is to be present in the depths of the workforce! TGIF has never sounded so good to me. I've had enough. I spent the vast majority of my waking hours at work dealing with a server security initiative that was dropped in our lap. First, let me get some acronyms out of the way for you. (Oh yeah, you know the gub-ment just luvs it some abbreviations.)
The agency which I find myself employed with has mandated (or has had it mandated upon them) compliance with security configurations as outlined by CIS and NIST. The lines between those two "initial-sporting" agencies is blurry to say the least. Let's just say that standards and best practices for securing computers/servers/ and the applications and data which reside on them is admittedly of absolute importance. I take it serious. Very Serious! This week I've proven my obsessive nature, and dug into the utter bowels of the method behind the madness. Yes, my inner-geek has been fully embraced and given the reach around to boot!
What CIS and NIST establishes are the benchmark solutions for locking the computer world down. They formalize standards and best-practices, and analyze the hell out of the pros and cons for each configuration setting. This all sounds really great doesn't it. I'm with you, I'm all about tightening the screws down, and locking her down... but here's where things get messy. CIS and NIST think tanks have a degree of common sense, and readily assert that some of their settings have NEGATIVE IMPACT on some applications and technologies. So, they point out degrees of security and what trade offs must be faced. Unfortunately, in the "real-world"... managerial types don't tend to read the FUCKING FINE PRINT!!! Instead they treat these benchmarks as absolutes, and demand total compliance and adherence to standards they have no hope of understanding! And thus pass off to the underlings in the trenches (that'd be your lowly civil servant "cheer_dad") and say get it done... and not only get it done, do it faster than the speed of light AND then prove that you did it in a simple report, and while you're at it report on that in the form of a monthly compliancy check. Are any of you still with me so far? Well thanks, but I fear for your mental well-being.
Anyway, so someone other than the administrators gets to make the decisions about what will be done, and the tools to be used for verification and the report that they'll get in the end. As luck would have it, we've been directed to use the CIS-CAT or the Configuration Assessment Tool. OOOOh AAAAh!!! Before demanding its usage... no one in the agency really bothered to take it out for a test drive. NOW, I applaud the tool in some areas, but like a lot of things in life it still needs some work. But time is not a luxury that I really have, since despite the problems being encountered, the demands and the deadlines have NOT SHIFTED in the least.
So, I've had to educate myself quickly (down and dirty) on a compliance tool I just had thrown at me, on a project I just inherited, which is looking at new standards that are frankly a moving target. They are ever-morphing to make things more and more secure. The powers that be in the organization, simply want the check marks in place right next to the dotted i's and crossed t's. I know, I know... cheer_dad quitcherbitchin'!!! I'd say it's enough to drive me to drinking, but that's a habit that well we've established I'd long/long ago acquired and refined to the level of High Art!
I've gotten pretty good at setting up the tool and making it run in ways that many others have not. And I've put it through paces that I don't think anyone else bothered with. I've been in contact with one of the Developers of the tool and she's been great, and very receptive to feedback and suggestions and to her I am VERY GRATEFUL! Thanks Nancy! But even she recognizes where some improvements can be made. My management or the BIG GUY beating the drum at the front of this little slave ship... doesn't need to or want to hear much of it though. I'm still hearing a lot of this work harder, better, longer, faster, and be perfectly accurate.
Lucky for me I'm beginning to see at least some light at the end of the tunnel on this and along the way have picked up some valuable allies in my plight. Eventually I do believe this will get better. Eventually I think I can help to make it work better. I also think I'll have a decided impact on how secure things can be, and more to the management point... documentable. I'm learning more lately that it's more about the process than the result, at least in this stage of the game that we're in.
Anyway, I've bored you, thanks for listening, but feel free to pat me on the back and buy me a drink at the bar to congratulate my efforts. Remember, I'm with the government and I'm here to help you! (You are all so in trouble!)
While I've been away from the blogosphere though, the world has continued to spin on its axis. I've tried to play some cards online to keep my sanity at night, before heading back to work. But that hasn't been all that pretty. JR and I have been trading bad beat stories each morning when we first get to work. We've both had Kings and Aces stories to swap. JR really got to feel the warm and squishy feeling when he got it all in with pocket rockets, only to meet up against someone else's pocket rockets, and then watch as 4 cards line up all pretty like on the board of the same suit... as his opponents ACE and not his. Checks on table friggin' ONE!!! Ouch buddy, I've had that happen to me. I'd tell you I feel your pain, but frankly I don't feel like feeling that sick right now. I can do without the feeling of having my nuts yanked off! : ) I've dropped $$$ considerably, but ehhh, I've been here before. Feel the grind of the tilt-o-whirl!
In other corners of the web, there have been some really cool things that have happened that only this evening have I been able to catch up with. So, here goes:
Hillary Clinton took the state of West Virginia in the primary election. (cheer_dad shudders!) I wish I could tell you I was excited about someone running for the top office... but I'm not. I've got something not to like about all the contenders. But frankly... Hillary Clinton just friggin' scares me. People that power hungry need it, want it, and will do anything to get and keep it! In the words of Forrest Gump, "that's all I've got to say about that."
Still close to home, MTR Gaming Group (headquartered in Chester, WV) has appointed a new CFO and Executive Vice President, David R. Hughes. He's no stranger to MTR, having worked with them since 2003, in other capacities, but in total brings 24 years of experience in the gaming industry to the proverbial table. He replaces Edson R. (Ted) Arneault who recently announced that he was stepping down. Read all about it here.
According to this article from the AP Wire that I just found, Charles Barkley could be facing charges on failing to pay back $400,000 in casino markers to the Wynn Casino. Hmmm. IDIOT! Jock/celebrity that didn't do much for me before, and now does even less. If you can't pay, don't play. When you can pay, and don't... shame on you!
This article from Pokerlistings.com let me know that GSN is opting NOT to renew "High Stakes Poker." Thank goodness they'll be able to get back to showing those reruns of Family Feud! Oh wait, I forgot one thing... friggin' 'tards!
Pennsylvania is conducting hearings on House Bill 2121 which would allow Pennsylvania to enter the "casino table gaming" market. Recall it's been only a few months that the state of WV opened table games at existing racetracks... 2 of which are VERY near to PA, and causing residents to make a run for the border. Read all about it here.
Well, it's time to wrap up. I hope this makes up for my absence. Hope you all understand. I'll see many of you tomorrow night at JR's for our latest in the NDPT series. Not just cash folks there's points for this one too! : ) I for one could use a little (or a lot) of both!
Regards,
cheer_dad
No comments:
Post a Comment