by Jay Heiser | February 3, 2012 | 1 Comment
The dozens of petabytes of Megaupload data belonging to millions of Internet users is manifesting itself as a giant hot potato, currently burning a cashflow and PR hole into the bottom lines of several global hosting firms.
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | February 1, 2012 | Comments Off
Last November, Gartner analyst Richard Hunter and I published research entitled ‘Black Swans’ Are Sure to Fly in the Public Cloud. Based on ideas popularized by Nassim Nicholas Taleb (The Black Swan: The Impact of the Highly Improbable, Random House, 2007), we strongly urged the users of cloud-based services to plan for the possibility of ”severe failure with [...]
Comments Off
Category: Cloud risk management security Tags: Cloud, security
by Jay Heiser | January 31, 2012 | Comments Off
Leverage and scale are two of the most fascinating aspects of Cloud Computing. In one fell swoop, the US Department of Justice burst Megaupload’s cloud, sending a loud anti-piracy message.
Comments Off
by Jay Heiser | January 30, 2012 | 4 Comments
It is almost certainly the case that individuals within thousands of organizations, having decided that Megaupload was a useful service, had uploaded corporate data into it. If that data wasn’t backed up, it is probably gone for good.
by Jay Heiser | December 14, 2011 | Comments Off
Even worse is a policy statement such as “all employees must obey all applicable laws.” What reasonable person would disagree with that requirement? For a start, I would.
Comments Off
Category: IT Governance risk management security Tags: law, policy, security
by Jay Heiser | October 10, 2011 | 1 Comment
I ask you to take a silent moment to try to visualize the sort of infosec security failure that would be solved with scooters.
Category: Cloud risk management security Tags: BCP, Cloud, security, symposium, transparency
by Jay Heiser | June 14, 2011 | Comments Off
In the worst of cases, a figurehead is appointed to give the impression that the problem is being taken care of. This is tantamount to putting a fig leaf over a sucking chest wound.
Comments Off
Category: IT Governance risk management security Tags: CISO, security, Security-Summit-NA
by Jay Heiser | June 7, 2011 | 1 Comment
Back in the days of modems and character-based terminals, it was a normal practice to provide information about the previous login as part of the login sequence. Its time for that past to return to the present.
Category: security Tags: IAM, logins, phishing, SecurID, security, Security-Summit-NA, spyware, Trojan horse
by Jay Heiser | May 23, 2011 | 1 Comment
Its not surprising that as a technology approaches the top of the Hype Cycle, some of the vendors turn their Spin Cycle up to 11, which means there are going to be some disappointed buyers, especially those with high expectations for data encryption, and data recovery.
Category: Cloud IT Governance Vendor Contracts risk management security Tags: Cloud, cloud security, continuity, disaster recovery, information security, infosec, outsourcing, risk management, security, Security-Summit-NA, vendor risk
by Jay Heiser | May 13, 2011 | Comments Off
How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.
Comments Off
Category: risk management security Tags: authentication, malware, passwords, security, Security-Summit-NA, slurping, sniffing attack, standards
