Are you an Oracle customer? If yes, it’s time to cash in with this awesome program Oracle just launched. For every dollar you spend on OCI, you get a discount of 25 cents on your Oracle Support bill! And the cherry on the top? Oracle will lift your workloads to OCI for free! Oh wait,…
Category: cloud
Audit: Assurance Challenges of Virtualization and Cloud
Previous article in series – Audit: Planning Traditional methods of assurance of services and controls management in an on-premises data center or even with colocation services are no longer sufficient given the complexity of virtualization and cloud services. To gain greater assurance of expected services, we can review information available from publicly accessible registries. Cloud…
Audit: Planning
Previous article in series – Audit: Internal and External Audit Controls In line with financial, compliance, regulatory, and other risk-related audits, the requirement for scoping and ensuring the appropriate focus and emphasis on components most relevant to cloud computing (and associated outsourcing) should include the following phases: Define Audit Objectives The high-level objectives should…
Data Privacy: Standard Requirements
Previous article in series – Data Privacy: Jurisdictional Differences When an organization embarks upon a path designed to improve its security posture, operational efficiency, or cultural behavior, there are many established codes of practice that can be utilized. Some of these codes of practice or guidelines come with the capability of certification. ISO/IEC 27018:2019 ISO/IEC…
Data Privacy: Jurisdictional Differences
Previous article in series – Data Privacy: EU–U.S. Privacy Shield, HIPAA, GLBA Jurisdictional variances become evident during cases involving cross-border data requests or cases of contention. Even between states in the same country there can be differences in data privacy. Section 2511 of Title 18 of the U.S. Federal Government’s legal code prohibits the unauthorized…
Data Privacy: Australia and New Zealand Privacy Principles
Previous article in series – Data Privacy: African & Asia-Pacific Legislations Regulations in Australia and New Zealand make it extremely difficult for enterprises to move sensitive information to cloud service providers that store data outside of Australian/New Zealand borders. The Office of the Australian Information Commissioner (OAIC) provides oversight and governance on data privacy regulations…
Data Privacy: African & Asia-Pacific Legislations
Previous article in series – Data Privacy: Contractual and Regulated Private Data African Personal Data Protection Nearly two-thirds of the 54 nations of the African continent has data privacy protection as a regulation, is in process of making it, or has it as part of their constitutions. For the nations that have data protection mechanisms,…
Data Privacy: Evolution and History of Modern Data Privacy
Modern data privacy has a history that goes back to a time before the World Wide Web and when the internet was more a nascent concept than a global tool. The First Data Protection Law In 1970 the German state of Hesse enacted the first data protection act in the world known as Datenschutzgesetz (DSG;…
Digital Forensics: Chain of Custody & Nonrepudiation
Previous article in series – Digital Forensics: Evidence Management Chain of custody of evidence refers to the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence. Chain of custody should clearly depict how the evidence was collected, analyzed, and preserved so it can be presented…
Digital Forensics: Evidence Management
Previous article in series – Digital Forensics: Identification, Collection, and Preservation of Digital Evidence Maintaining evidence from collection to trial is a critical part of digital forensics. You should have policies and procedures in place for the collection and management of evidence. In some cases, you may need to collect digital evidence on short notice….