Life in the cloud would be so much easier if there were only some sort of ‘cloud risk seal of approval’. Most public cloud services seem to offer a reasonable risk proposition, but its extremely difficult to provide defensible evidence of this. A comprehensive and well-accepted ‘standard’ would go a long way towards bridging this [...]
Entries Tagged as 'standards'
by Jay Heiser | June 3, 2013 | 1 Comment
by Jay Heiser | January 4, 2013 | 1 Comment
We’ve recently moved house, and my collection of books, many of them heavily marked up with multi-colored highlights, Post-Its, and bookmarks, remains something of a storage issue. Over the last several months, I’ve been experimenting with digital books on an iPad. There’s a lot to be said both for and against services like Amazon’s Kindle [...]
by Jay Heiser | May 13, 2011 | Comments Off
How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.
by Jay Heiser | July 5, 2010 | 4 Comments
SAS 70 is a) not a certification, b) not a standard, and c) isn’t meant to be applied the way it is being applied now. To be fair, all service providers are under huge customer pressure to provide SAS 70, but instead of explaining their security, continuity, and recovery capabilities in more appropriate terms, most [...]