The six most dangerous infosec attacks – Hackers – SC Magazine Australia – Secure Business Intelligence.
SC Magazine Autralia summarized Ed Skoudis’s and Joannes Ullrich’s RSA presentation on the six most dangerous IT Security threats of 2011 and what to expect in the year ahead. They are:
- DNS as command-and-control
- SSL slapped down
- Mobile malware as a network infection vector
- Hacktivism is back
- SCADA at home
- Cloud Security
- Social Networking
The reference to the Malware item above is that blacklisting is a losing proposition and organizations need to move to whitelisting. IMHO, this especially true for establishing positive network control at the application level.
Grok Computer Security: I’ll tell you what I want, what I really, really want from a Cloud Provider.
Micheal Berman, the CTO of Catbird, summarizes his cloud provider requirements. For security, he is looking for:
- Auditing: network and management
- Control: policy and assurance
- Metrics: continuous and interoperable
Are these capabilities to be provided by the cloud provider or should the enterprise adopt a solution it can use across multiple cloud providers? What about compatibility with private cloud deployments?
Abana 1 pc
The Top 10 Security Questions Your CEO Should Ask — CIOUpdate.com.
From PwC, here are the top 10 questions your CEO should be asking you:
- Who is accountable for protecting our critical information?
- How do we define our key security objectives to ensure they remain relevant?
- How do we evaluate the effectiveness of our security program?
- How do we monitor our systems and prevent breaches?
- What is our plan for responding to a security breach?
- How do we train employees to view security as their responsibility?
- How do we take advantage of cloud computing and still protect our information assets?
- Are we spending our money on the right things?
- How can we ensure that we comply with regulatory requirements and industry standards in the most cost-effective, efficient manner?
- How do we meet expectations regarding data privacy?
This article provides a paragraph or two on each one of these questions.
From the Concrete To The Hypervisor: Compliance and IaaS/PaaS Cloud – A Shared Responsibility | Rational Survivability.
Security, and therefore Compliance, in the cloud is a shared responsibility. In other words, no IaaS or PaaS cloud vendor can provide complete compliance since the cloud providers’ responsibilities end at the hypervisor. You, the application provider, are responsible for securing the VM and the applications/data therein.
In the case of an IaaS cloud provider who may achieve compliance from the “concrete to the hypervisor,” (let’s use PCI again,) the customer in turn must have the contents of the virtual machine (OS, Applications, operations, controls, etc.) independently assessed and meet PCI compliance in order that the entire stack of in-scope elements can be described as compliant.
Thus security — and more specifically compliance — in IaaS (and PaaS) is a shared responsibility.