Cloud deployments, whether public, private, hybrid or community, are susceptible to all the traditional cybersecurity threats and more. Let’s look at the most common threats: Virtual machine attacks: Active VMs are vulnerable to all traditional attacks that can affect physical servers. Once a VM is compromised, it may be able to attack other VMs running…
Month: January 2021
“Trust me, I am a CISO”
As things around us rapidly unfold in the cybersecurity realm, many “experts” are sprouting out of the woodwork. How do we distinguish between the real deal and the phonies? Some questions to ask every “CISO” – How do you ensure security policies, procedures, baselines, standards, and guidelines are written to address the information security needs…
QuickGuide: ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA)
ISO/IEC describes cloud computing systems from four distinct viewpoints: User view: The system context, the parties, the roles, the sub-roles, and the cloud computing activities Functional view: The functions necessary for the support of cloud computing activities Implementation view: The functions necessary for the implementation of a cloud service within service parts and/or infrastructure parts Deployment…
Weapons of Mass Disruption
Moonlight Maze In 1996, in the infancy of the Internet, someone was rummaging through military, research, and university networks primarily in the United States, stealing sensitive information on a massive scale. Victims included the Pentagon, NASA, and the Department of Energy, to name a very limited few. The scale of the theft was literally monumental,…