Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'risk management'


We say no because that’s what you ask us to say

by Jay Heiser  |  March 28, 2013  |  Comments Off

We’ve riffed for years on the distinction between “Dr. No” and “Mr/Ms Yes”, but many enterprises continue to back the security professional into the awkward far corner of the Business Prevention Department.  If the risk assessor is going to be blamed for security failures, then that person is always going to be motivated to make […]

Comments Off

Category: Cloud IT Governance risk management security     Tags: ,

Cruise Ships and Cloud Computing

by Jay Heiser  |  February 15, 2013  |  1 Comment

As 4,200 disgruntled holiday goers, trapped on the ironically named cruise ship Triumph, finally end their 5 day ordeal, it serves as a reminder that the eggs can have more stake in the state of the basket than the basket holder does. From the point of view of the cruise line, each booked up ship […]

1 Comment »

Category: Cloud risk management     Tags: , , , , , ,

You’ll guarantee that cloud, won’t you?

by Jay Heiser  |  October 5, 2011  |  1 Comment

The truth of the matter is that the provider actually has no idea of the likelihood of a loss event within their own offering. If a failure occurred, it could impact all of their customers simultaneously. No cloud service provider has enough cash on hand to cover that portfolio risk, and they can’t find any insurer willing to underwrite it.

1 Comment »

Category: Cloud risk management security     Tags: , , ,

Yes, Virginia, there are single points of failure

by Jay Heiser  |  May 30, 2011  |  Comments Off

The Commonwealth of Virginia has recently announced that they have settled up with their service provider, Northrup Grumman, over an incident last year that apparently brought down 3/4 of state applications, resulted in the loss of a several days worth of drivers license photos, and forced state offices to open on weekends.  Compensation to the state, […]

Comments Off

Category: Cloud risk management     Tags: , , , , , , ,

SaaS Translation: What your Service Provider REALLY Means

by Jay Heiser  |  May 23, 2011  |  1 Comment

Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.

1 Comment »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

Diversity is nature’s way of managing portfolio risk

by Jay Heiser  |  May 9, 2011  |  Comments Off

Is it really possible that a single attack can simultaneously impact 100,000,000 people? Multi-tenancy truly gives new significance to concerns about monoculture risk.

Comments Off

Category: Cloud IT Governance risk management security     Tags: , , , , , , , , , ,

Don’t Be Distracted by the Light

by Jay Heiser  |  April 29, 2011  |  Comments Off

Every service provider in the world claims to have clean power and well-aged passwords, but what’s the benefit in that if their proprietary technology is hacked? We live in an IT world characterized by pseudotransparency.

Comments Off

Category: Cloud security     Tags: , ,

Will your successors throw away your policy?

by Jay Heiser  |  January 24, 2011  |  1 Comment

I spend a lot of my time doing policy reviews. Sometimes the review request comes from the policy author, looking for some feedback. Usually, the request comes from someone else. One of the first things that many new infosec managers do is start on a policy rewrite.  While this is sometimes a political gesture, meant […]

1 Comment »

Category: IT Governance risk management security     Tags: , , ,

If you can’t stand the heat, get your cloud out of the kitchen

by Jay Heiser  |  February 9, 2010  |  Comments Off

A man walks into a physician’s office and says “Doctor, it hurts when I use my computer.” The physician replies, “then don’t use your computer.” A dumb old joke or a wise observation on human nature?  I receive several calls a week from people looking for the best practices on managing cloud computing security and […]

Comments Off

Category: Uncategorized     Tags: , , , , ,

Measuring Clouds

by Jay Heiser  |  January 26, 2010  |  1 Comment

I’ve spent a lot of the last 2 years researching the problem of making business decisions about the relative levels of risk associated with partners and service providers.  Externally provisioned services, such as Cloud Computing (whatever the service) and SaaS (whatever the computing model) are problematic.  We’ve learned a lot about security risk management over […]

1 Comment »

Category: Cloud risk management security     Tags: , , ,