Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'security'


Sony Sued For Losing Unprotectable Data

by Jay Heiser  |  December 18, 2014  |  Submit a Comment

The CISO asked to protect names and SSNs has been handed a sysyphean task that can never be successful.

Submit a Comment »

Category: IT Governance risk management security     Tags: , ,

Sympathy for the Sony

by Jay Heiser  |  December 12, 2014  |  1 Comment

Getting attacked by the North Koreans for making a movie that spoofs their sad little country and its tinpot dictator makes Sony the most sympathetic attack victim of the millennium.

1 Comment »

Category: security     Tags: , , , ,

All Your Phone Books Are Belong To Us

by Jay Heiser  |  October 6, 2014  |  Comments Off

We do not need to protect more data; we need to protect less.

Comments Off

Category: risk management security     Tags: , , , , ,

All your password are belong to us, or my heart bleeds

by Jay Heiser  |  April 11, 2014  |  2 Comments

Change all your passwords. Now. And then do it again in a week. Of course, there’s no evidence that any passwords have been exploited, but isn’t the lack of substantive evidence a suspicious fact in and of itself? It can be if you want it to be. My favorite presentation at the RSA Conference was […]

2 Comments »

Category: risk management security     Tags: ,

Everything is more better with Cyber on it

by Jay Heiser  |  September 13, 2013  |  2 Comments

Computer Security is dead; long live computer security.

2 Comments »

Category: risk management security     Tags: , ,

Peter G. Neumann on Cloud Risks

by Jay Heiser  |  November 28, 2012  |  1 Comment

Anyone with a stake in the overall success of cloud computing should take a few minutes to read the recent NYT interview with Peter G. Neumann, a highly-respected computer security researcher who, now entering his 9th decade, continues to do ground breaking work on digital reliability. Commercial cloud computing creates new levels of urgency for […]

1 Comment »

Category: BCP/DR Cloud risk management security     Tags: , , ,

Definition: Service Provider Security Evaluation

by Jay Heiser  |  August 10, 2012  |  2 Comments

The process in which the buyer asks a random list of questions that might have some minor relevance to some aspect of a provider’s security posture, and the potential provider pretends to answer them.

2 Comments »

Category: Cloud risk management security     Tags: , , ,

Passwords are dead; long live the password

by Jay Heiser  |  August 1, 2012  |  1 Comment

I spent a frustrating 5 minutes this weekend enduring a forced password change on a retirement account containing $400. I was sure that the randomly generated and completely unmemorizable string my password utility came up with exceeded 7 characters, contained upper and lower case letters, at least 1 number, and a special character. It finally […]

1 Comment »

Category: security     Tags: , , , , , ,

Megaupload is world’s biggest hot potato

by Jay Heiser  |  February 3, 2012  |  1 Comment

The dozens of petabytes of Megaupload data belonging to millions of Internet users is manifesting itself as a giant hot potato, currently burning a cashflow and PR hole into the bottom lines of several global hosting firms.

1 Comment »

Category: Cloud risk management security     Tags: ,

Megaupload’s Black Swan Song

by Jay Heiser  |  February 1, 2012  |  Comments Off

Last November, Gartner analyst Richard Hunter and I published research entitled ‘Black Swans’ Are Sure to Fly in the Public Cloud.  Based on ideas popularized by Nassim Nicholas Taleb (The Black Swan: The Impact of the Highly Improbable, Random House, 2007), we strongly urged the users of cloud-based services to plan for the possibility of “severe failure with […]

Comments Off

Category: Cloud risk management security     Tags: ,