Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'Security-Summit-NA'


Advanced Persistent Outdoor Threats

by Jay Heiser  |  June 17, 2011  |  Comments Off

The lack of vegetable compromise lulled me into a false sense of security this year, as clouds of vegetables thrived in my garden rack space. Unfortunately, I didn’t heed the early warning signs of hooved hackers.

Comments Off

Category: Cloud risk management security     Tags: , , , , , , , , ,

Do you really need a CISO?

by Jay Heiser  |  June 14, 2011  |  Comments Off

In the worst of cases, a figurehead is appointed to give the impression that the problem is being taken care of. This is tantamount to putting a fig leaf over a sucking chest wound.

Comments Off

Category: IT Governance risk management security     Tags: , ,

When Was Your Last Login?

by Jay Heiser  |  June 7, 2011  |  1 Comment

Back in the days of modems and character-based terminals, it was a normal practice to provide information about the previous login as part of the login sequence. Its time for that past to return to the present.

1 Comment »

Category: security     Tags: , , , , , , ,

Yes, Virginia, there are single points of failure

by Jay Heiser  |  May 30, 2011  |  Comments Off

The Commonwealth of Virginia has recently announced that they have settled up with their service provider, Northrup Grumman, over an incident last year that apparently brought down 3/4 of state applications, resulted in the loss of a several days worth of drivers license photos, and forced state offices to open on weekends.  Compensation to the state, […]

Comments Off

Category: Cloud risk management     Tags: , , , , , , ,

Breach Loading? Disappointing New Presidential Proposal

by Jay Heiser  |  May 26, 2011  |  Comments Off

I hesitate to suggest that what the world really needs are more laws, but it is not reasonable is not reasonable to suggest painting some lipstick on the breach notification pig and then taking credit for protecting consumers.

Comments Off

Category: IT Governance risk management security     Tags: , , , , , ,

SaaS Translation: What your Service Provider REALLY Means

by Jay Heiser  |  May 23, 2011  |  1 Comment

Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.

1 Comment »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , , , , , , , ,

Time for a rant about passwords

by Jay Heiser  |  May 13, 2011  |  Comments Off

How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.

Comments Off

Category: risk management security     Tags: , , , , , , ,

Your Suppliers Don’t Have Your Goals

by Jay Heiser  |  May 11, 2011  |  Comments Off

Your company will usually do whatever it needs to do to survive—so will your supplier. They are not marching to your music, they are not heading towards the same goal line, they are not thinking your thoughts, and their ultimate loyalty is to themselves, not to you.

Comments Off

Category: Cloud risk management Vendor Contracts     Tags: , , , , , ,

How long does it take to reboot a cloud?

by Jay Heiser  |  May 10, 2011  |  1 Comment

Commercial cloud  computing raises two significant disaster recovery issues: What is the cloud provider’s ability to recover their own services? What is the enterprise’s ability to obtain an alternative to a vendor that can’t recover themselves? To the extent that cloud computing actually exists, and actually is a new model, we have to consider that […]

1 Comment »

Category: Cloud risk management security     Tags: , , , ,

Diversity is nature’s way of managing portfolio risk

by Jay Heiser  |  May 9, 2011  |  Comments Off

Is it really possible that a single attack can simultaneously impact 100,000,000 people? Multi-tenancy truly gives new significance to concerns about monoculture risk.

Comments Off

Category: Cloud IT Governance risk management security     Tags: , , , , , , , , , ,