Leo Tolstoy, Anna Karenina, and Cloud Security (Yes, there is a connection!)
Jul 31, 2013
To only slightly paraphrase the original: Stable clouds are all alike, every unstable cloud is unstable in its own way. Information assurance considers three major aspects of information security: Confidentiality, Integrity, and Availability. Availability is about keeping the information around. The concept is pretty simple. But you can always dig a little deeper into the […]
Just How Important is this Cloud Stuff, Anyway?
Jul 16, 2013
Information security is more than just the confidentiality needed to keep secrets. There are two more legs in the so-called CIA triad comprised of Confidentiality, Integrity, and Availability. Confidentiality is the most important for most organizations, often because of regulatory or other formal requirements. Using the public cloud requires transferring your data into providers’ platforms […]
We Need Randomness!
Sep 17, 2012
What is entropy? if you ask a chemist or physicist, entropy is disorder or heat. If you ask an electrical engineer, entropy is both of those but it is also a measure of potential information content. James Glieck’s wonderful book The Information addresses this in detail, but the short version is that an unpredictable data […]
The Undetectable Threat of Cloud Sprawl
Jul 23, 2012
In my previous post, I shared about how someone’s greatest fear about cloud computing was how easy it can be. It is so easy, and so tempting, for someone inside your organization to quickly and quietly push some of your data out into the cloud. There is no trail left to tell that this happened, […]
Circles are Bad. OVAL is Good.
Jun 26, 2012
In information assurance, it is critical to have the best reporting about your vulnerabilities. Vulnerabilities, as you may recall from an earlier blog, are software flaws that may leave a system open to exploitation. There are tools that help identify and assess vulnerabilities. They are called vulnerability scanners, or VA tools. These are tools designed […]