Jay Heiser

A member of the Gartner Blog Network

Entries Tagged as 'standards'


The Dilemma that is Cloud

by Jay Heiser  |  June 3, 2013  |  1 Comment

Life in the cloud would be so much easier if there were only some sort of ‘cloud risk seal of approval’.  Most public cloud services seem to offer a reasonable risk proposition, but its extremely difficult to provide defensible evidence of this. A comprehensive and well-accepted ‘standard’ would go a long way towards bridging this [...]

1 Comment »

Category: Cloud security     Tags: , ,

That Christmas Kindle has Strings Attached

by Jay Heiser  |  January 4, 2013  |  1 Comment

We’ve recently moved house, and my collection of books, many of them heavily marked up with multi-colored highlights, Post-Its, and bookmarks, remains something of a storage issue.  Over the last several months, I’ve been experimenting with digital books on an iPad.  There’s a lot to be said both for and against services like Amazon’s Kindle [...]

1 Comment »

Category: Applications BCP/DR Cloud risk management     Tags: , , , , , , ,

Time for a rant about passwords

by Jay Heiser  |  May 13, 2011  |  Comments Off

How much mental anguish is the result of ignorant accounting grads working for Big 4s, struggling to find SOX-relevancy, totally oblivious to the huge amount of HCI research that has been done on the topics of passwords, so ignorant to the history of computer security that they don’t recognize they are demanding the use of pre-network, pre-malware controls that were developed by mathematicians who were completely ignoring human factors.

Comments Off

Category: risk management security     Tags: , , , , , , ,

The SAS 70 Charade

by Jay Heiser  |  July 5, 2010  |  4 Comments

SAS 70 is  a) not a certification, b) not a standard, and c) isn’t meant to be applied the way it is being applied now.  To be fair, all service providers are under huge customer pressure to provide SAS 70, but instead of explaining their security, continuity, and recovery capabilities in more appropriate terms, most [...]

4 Comments »

Category: Cloud IT Governance risk management security Vendor Contracts     Tags: , , , ,