Archives for May, 2011
by Jay Heiser | May 30, 2011 | Comments Off
The Commonwealth of Virginia has recently announced that they have settled up with their service provider, Northrup Grumman, over an incident last year that apparently brought down 3/4 of state applications, resulted in the loss of a several days worth of drivers license photos, and forced state offices to open on weekends. Compensation to the state, [...]
Category: Cloud risk management Tags: backups, BCP/DR, continuity, critical infrastructure, disaster recovery, risk management, Security-Summit-NA, storage
by Jay Heiser | May 26, 2011 | Comments Off
I hesitate to suggest that what the world really needs are more laws, but it is not reasonable is not reasonable to suggest painting some lipstick on the breach notification pig and then taking credit for protecting consumers.
Category: IT Governance risk management security Tags: congress, Federal government, Federal regulation, legislation, privacy, regulation, Security-Summit-NA
by Jay Heiser | May 23, 2011 | 1 Comment
Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.
Category: Cloud IT Governance risk management security Vendor Contracts Tags: Cloud, cloud security, continuity, disaster recovery, information security, infosec, outsourcing, risk management, security, Security-Summit-NA, vendor risk
by Jay Heiser | May 13, 2011 | Comments Off
How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.
Category: risk management security Tags: authentication, malware, passwords, security, Security-Summit-NA, slurping, sniffing attack, standards
by Jay Heiser | May 11, 2011 | Comments Off
Your company will usually do whatever it needs to do to survive—so will your supplier. They are not marching to your music, they are not heading towards the same goal line, they are not thinking your thoughts, and their ultimate loyalty is to themselves, not to you.
Category: Cloud risk management Vendor Contracts Tags: contracts, outsourcing, Security-Summit-NA, service providers, sourcing, vendor lockin, vendor risk
by Jay Heiser | May 10, 2011 | 1 Comment
Commercial cloud computing raises two significant disaster recovery issues: What is the cloud provider’s ability to recover their own services? What is the enterprise’s ability to obtain an alternative to a vendor that can’t recover themselves? To the extent that cloud computing actually exists, and actually is a new model, we have to consider that [...]
Category: Cloud risk management security Tags: Cloud, cloud security, continuity, disaster recovery, Security-Summit-NA
by Jay Heiser | May 9, 2011 | Comments Off
Is it really possible that a single attack can simultaneously impact 100,000,000 people? Multi-tenancy truly gives new significance to concerns about monoculture risk.
Category: Cloud IT Governance risk management security Tags: backups, BCP/DR, Cloud, cloud security, continuity, critical infrastructure, disaster recovery, risk assessment, risk management, security, Security-Summit-NA
by Jay Heiser | May 6, 2011 | Comments Off
It is easier to build a nuclear bomb shelter than it is to anticipate every stroke of the software butterfly’s wing that might cascade into a cloud data storm.
Category: Cloud risk management Tags: backups, BCP/DR, Cloud, cloud security, failure mode, recovery, resiliance, Security-Summit-NA
by Jay Heiser | May 5, 2011 | 1 Comment
The final book in the Harry Potter series would have been an extremely short one if Voldemort had chosen to place all his eggs into a single basket.
Category: Cloud risk management security Tags: Cloud, cloud security, diversity, security, Security-Summit-NA
by Jay Heiser | May 4, 2011 | 1 Comment
Commercial cloud computing is like sending your rings, bracelets, and brooches out to be repaired–the service provider has your family jewels in hand. Unlike a CSP, a power company doesn’t have possession of your means of production or your IP, a signficant loss potential that is also missing from the utility trope.
Category: Cloud IT Governance risk management security Tags: Cloud, security, Security-Summit-NA, utility computing
