Jay Heiser

A member of the Gartner Blog Network

Archives for July, 2010


Are we bringing about infosec climate change?

by Jay Heiser  |  July 28, 2010  |  1 Comment

Determining if we have an immediate need to expand today’s 1,000 cyberwar technologists by 10-30x would be like solving global warming by immediately stopping the use of fossil fuel. It may well be the right approach, but you can’t know for sure until after it is too late.

1 Comment »

Category: security Strategic Planning     Tags: , , , , ,

SAS 70 not a proof of security, privacy or ‘ccompliance’

by Jay Heiser  |  July 14, 2010  |  1 Comment

Gartner analysts have claimed that SAS 70 is being misused by many vendors and their customers.

1 Comment »

Category: Cloud IT Governance risk management security     Tags: , , , , ,

The SAS 70 Charade

by Jay Heiser  |  July 5, 2010  |  4 Comments

SAS 70 is  a) not a certification, b) not a standard, and c) isn’t meant to be applied the way it is being applied now.  To be fair, all service providers are under huge customer pressure to provide SAS 70, but instead of explaining their security, continuity, and recovery capabilities in more appropriate terms, most [...]

4 Comments »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , ,