As we become more technology dependent, more so in today's "cloud"-driven
environment, IT security needs to evolve from the traditional sense of
We should see the advent and acceptance of a more holistic, flexible and
adaptive model of security that focuses more on managing information
security, people and processes in a natural evolution from the traditional
model of implementation, monitoring and updating.
According to Teubner and Feller  "Governance is understood as securing a
responsible corporate management, having its roots in value-based
With regard to Risk Management, Marshall Krantz said it best:
"Faced with threats from all quarters - recession and credit crunch, heated
global competition, continuing Sarbanes-Oxley pressures - companies are
making intensive risk management a top priority "
We can also assert that Comp... (more)
Malicious software or malware is a security nightmare. One can agree with the
statement that malware in the internet is a growing epidemic and is costing
industry billions of dollars each year.
According to Microsoft Malware "is short for malicious software and is
typically used as a catch-all term to refer to any software designed to cause
damage to a single computer, server, or computer network, whether it's a
virus, spyware, et al."
Although the growth of malware may be flattening, its design sophistication
is not. Per Kaspersky labs approximately 300,000 new malware programs ... (more)
Cloud Computing offers a sense of "vastness" in terms of storage and remote
processing. According to Simpson Garfinkil, a major challenge to any digital
forensics investigator investigating data within the cloud; can be an
inability to locate or identify data or code that is lost when single data
structures are split into elements.
This in effect directly impacts forensic visibility.
Within this ecosystem a major concern can be access to and the preservation
of data within an on-going digital forensic investigation. Of consideration
as mentioned in Part 1 - is that in a live and ... (more)
One major concern with the adoption of cloud computing is the lack of a
defined standard or standards that are specific to operations impacting
security, interoperability & mobility within the Cloud ecosystem.
As most managers of security departments will attest to, there is a fine line
between security and operations. While we as business managers want to
ensure that we maximize the ROI on our operational investments and ensure
that availability is paramount for our users, we do not want to do so at
the expense of our security measures, policies and protocols.
On the other hand... (more)
Last week at the 7th International Cloud Expo in Santa Clara, I sat on a
panel discussing virtualization and the cloud. As a follow on to my
contribution, it is my intention to expand on the position of virtualization
and the cloud ecosystem.
It is generally accepted that the concept of cloud computing or, at least the
amalgamation of services that infer the cloud ecosystem, lends to the premise
of improvements in managing deployed services. This due to an assumed
increase in efficiencies resulting from the sharing of hardware resources at
one end of the spectrum.
According to ... (more)