At the core of all cloud services, products, and solutions are software tools with three underlying pillars of functionality: Processing data and running applications (compute servers) Moving data (networking) Preserving or storing data (storage) Cloud Storage Services Cloud storage is basically defined as data storage that is made available as a service via a network….
Month: July 2021
Data Security: Access Control
Previous article in series – Data Security: Functions, Actors, and Locations As with most areas of technology, access control is merging and aligning with other combined activities—some of these are automated using single sign-on capabilities, while others operate in a standalone, segregated fashion. The combination of access control and effective management of those technologies, processes,…
Data Security: Functions, Actors, and Locations
Previous article in series – Data Security: The Secure Data Lifecyle Upon completion of mapping the various data phases, along with data locations and device access, it is necessary to identify what can be done with the data (i.e., data functions) and who can access the data (i.e., the actors). It is also important to…
Data Security : The Secure Data Lifecycle
Data security is a core element of cloud security. Cloud service providers often share the responsibility for security with the customer. Roles such as the chief information security officer (CISO), chief security officer (CSO), chief technology officer (CTO), enterprise architect, and network administrator may all play a part in providing elements of a security solution…
How Cloud impacts Supply Chain & Vendor Management
It is important to understand the capabilities and policies of your supporting vendors. Emergency communication paths should be established and tested with all vendors. Categorizing, or ranking, a vendor/supplier on some sort of scale is critical when managing the relationship with that vendor/supplier appropriately. Strategic suppliers are deemed to be mission critical and cannot be…
Risk Treatment: 4 Responses & Common Criteria
Before ISO/IEC 27005:2018: Information technology — Security techniques — Information security risk management, the typical four responses to risk or risk treatment were avoid, mitigate, transfer, and accept. ISO/IEC 27005:2018 rebrands the definitions in risk treatment to modification, retention, avoidance, and sharing. Modification: Course of action that implements controls that are technical, environmental, or cultural…
Risk Assessment: Key Metrics
Assessing risk requires the careful analysis of threat and vulnerability information to determine the extent to which circumstances or events could adversely impact an organization and the likelihood that such circumstances or events will occur. Metrics for Risk Management Quantitative assessments typically employ a set of methods, principles, or rules for assessing risk based on…
NIST SP 800-37r2: Risk Management Framework for Information Systems and Organizations
NIST SP 800-37 is subtitled, “A System Lifecycle Approach for Security and Privacy.” There are seven steps in the Risk Management Framework (RMF), a preparatory step to ensure that organizations are ready to execute the process and six main steps. All seven steps are essential for the successful execution of the RMF. The steps are:…