And this doesn't actually stop them form making use of 'insider information' they just have to declare it within 30 days.
No, wait, sorry ... you mean that the legislators are saying that legislators shouldn't do something that is illegal anyway? Or that, if they do something that is already illegal, it is OK as long as they declare it within 30 days? ...
It gets worse:
I'd like to claim the system is rigged so 'the rich get richer' but if I did that some people who claim they are right wing would accuse me of being left wing. Indeed, this tells me that their political outlook has not progressed since 20 June 1789. This one-dimensional view fails to describe the rich variety of political attitudes in the Washington, never mind the rest of the USA and points elsewhere on the physical compass.
Just those two show we need more that 4 axes to describe a political stance. But as I mentioned in a previous post, journalists are simple-minded and expect the rest of the world to be as limited in outlook and understanding.
Try this test:
How does this all relate to InfoSec, you ask.
Well part of that Political Compass is a view of 'how authoritarian'.
And that gets back to issues we have to deal with such as Policy and Enforcement, Do We Let Employees have Access to the Internet, and the like.
Hans Eysenk pointed out that the right wing (e.g. Fascism and Nazism) had a lot in common with the left wing (communism). Both are repressive, undemocratic and anti-Semitic. So on these issues, at least, the left-right distinction is meaningless.
How many more such simplistic distinctions such as those foisted on us by journalists are equally meaningless.
Some while ago my Australian fellow ex-pat Les Bell, who apart from being a CISSP is also a pilot, pointed out to me that the method of 'root cause analysis' is no longer used in analysing plane crashes. The reality is that "its not just one thing", its many factors. We all know that applies in most areas of life.
I suspect most people know that too; its not restricted to the digerati.
There is the old ditty that explains how because of a nail an empire was lost, but no-one is proposing that we fix the failing of the "American Empire" by manufacturing more nails.
Except possibly Journalists.
Les Bell, another ex-pat Brit who lives in Australia was discussing the importance of training and reinforcement in such matters as DR/BCP. Les is also a pilot and so many of his analogies and examples have to do with piloting and aircraft.
Part of our discussion has a much wider scope.
Les had said:
"People under extreme stress may behave unpredictably and have limited capacity for rational thought"
This is the basis of much of pilot training, particularly in simulators, where procedures that are too dangerous to be attempted in a real aircraft can be repeated until drills are automatic.
Don't quote me on this, but I seem to recall reading in an aviation safety-related article that in an emergency, something like 50% of people lose it to the extent that they are completely unable to cope, 25% are capable of functioning with some degree of impairment, and 25% of people are able to complete required tasks correctly. Training by means of drills and rehearsals is able to correct that situation to a considerable extent.
Therefore in BCP/DRP planning, it's important to - as far as possible - simulate an emergency, rather than just story-boarding it, or doing a whiteboard walkthrough. Hence the requirement for fire drills, evacuation drills and the like; repetition conditions the mind to perform the task correctly under stressful conditions.
Most of us don't get the chance to do a full interruption test for our DRP, but the closer we can get, the better.
Training - drill and reinforcement so that you can carry out the actions automatically even when extreme stress has completely blanked and cognitive functions - is an important part of military "boot camp" training and one reason I find it so comical that CISSP course training gets called "boot camp".
Les is quite right. For a variety of reasons most people "loose it" under extreme stress. This is why military heroes, people who can hang in there and think clearly and make critical decisions, are held in such esteem. Similarly test pilots (and those test pilots who became the early astronauts). Having lightening fast reactions (racing drivers) and being in top physical condition helps, but there is something more.
Some authorities look to the old American 'gunslingers' and speculate about how the adrenaline rush in such situations is handled by the body and the brain. Typically all that adrenaline pumps up the muscles for "fight or flight" and in such panic or near panic situations rationality is not the key issue. But if we shift from the evolutionary context to the 'gunslinger', standing still means that there is a lot of 'shakes'. Being able to stay calm and not have the shakes leads to being a sucesfull 'gunslinger'. Evolution in action?
There are other forms of stress as well. I've seen sysadmins who have been up for more than 30 hours trying in futile to solve a problem that to me, well rested, is simple and obvious.
The lesson here is two-fold. The first is the point that Les makes. Train and reinforce.
The second is that when the disaster does strike be aware that the stress will load up on fatigue and that stressed and fatigued people do not make good decisions. Rest, shifts, alternates, standard plans and scenarios that can work to relieve the stress are important.