by Jay Heiser | May 9, 2011 | Comments Off
Is it really possible that a single attack can simultaneously impact 100,000,000 people? Multi-tenancy truly gives new significance to concerns about monoculture risk.
Comments Off
Category: Cloud IT Governance risk management security Tags: backups, BCP/DR, Cloud, cloud security, continuity, critical infrastructure, disaster recovery, risk assessment, risk management, security, Security-Summit-NA
by Jay Heiser | May 5, 2011 | 1 Comment
The final book in the Harry Potter series would have been an extremely short one if Voldemort had chosen to place all his eggs into a single basket.
Category: Cloud risk management security Tags: Cloud, cloud security, diversity, security, Security-Summit-NA
by Jay Heiser | May 4, 2011 | 1 Comment
Commercial cloud computing is like sending your rings, bracelets, and brooches out to be repaired–the service provider has your family jewels in hand. Unlike a CSP, a power company doesn’t have possession of your means of production or your IP, a signficant loss potential that is also missing from the utility trope.
Category: Cloud IT Governance risk management security Tags: Cloud, security, Security-Summit-NA, utility computing
by Jay Heiser | April 29, 2011 | Comments Off
Every service provider in the world claims to have clean power and well-aged passwords, but what’s the benefit in that if their proprietary technology is hacked? We live in an IT world characterized by pseudotransparency.
Comments Off
Category: Cloud security Tags: risk management, security, Security-Summit-NA
by Jay Heiser | April 27, 2011 | 1 Comment
The people responsible for assessing confidentiality, integrity, and availability risks should be focusing their attention on what is relevant to risk.
Category: Cloud risk management security Tags: security, Security-Summit-NA
by Jay Heiser | April 14, 2011 | Comments Off
This morning a group of analysts were comparing notes on some personal and recent experiences with credit card loss. A reasonable person might ask why credit card theft and fraud is so prevalent. The simple answer is that a huge and growing part of our financial transaction system is based on 19th century technology. [...]
Comments Off
Category: risk management security Tags: credit card theft, identity theft, security, Security-Summit-NA
by Jay Heiser | February 10, 2011 | 2 Comments
“What would be the social/economic/national/global impact of an incident that affected all the customers of a major provider?”
Category: Cloud risk management security Strategic Planning Tags: Cloud, cloud disaster, cloud regulation, cloud security, critical infrastructure, disaster recovery, national security, public policy, security
by Jay Heiser | January 24, 2011 | 1 Comment
I spend a lot of my time doing policy reviews. Sometimes the review request comes from the policy author, looking for some feedback. Usually, the request comes from someone else. One of the first things that many new infosec managers do is start on a policy rewrite. While this is sometimes a political gesture, meant [...]
Category: IT Governance risk management security Tags: policy, risk management, security, security program management
by Jay Heiser | October 1, 2010 | Comments Off
Whatever the source of Stuxnet, it would be naïve not to expect that the knowledge that such a thing is possible and existent has not already begun stimulating the minds of the politically-motived malware makers.
Comments Off
Category: security Tags: critical infrastructure, history, malware, security, Stuxnet
by Jay Heiser | July 28, 2010 | 1 Comment
Determining if we have an immediate need to expand today’s 1,000 cyberwar technologists by 10-30x would be like solving global warming by immediately stopping the use of fossil fuel. It may well be the right approach, but you can’t know for sure until after it is too late.
Category: security Strategic Planning Tags: career path, CISA, CISSP, IISP, security, skills
