The Security Blog

Clearing the Cloud Part III || How Do You Solve A Problem Like “A Cloud”? || Cloud Computing Security

This entry is part of a wonderful series, Clearing the cloud» In the first in this series of "Clearing the Cloud" columns, I explored the dangers of jumping too soon into Cloud Computing. In the second in the series, I defined relevant risks that we must consider when implementing Cloud Computing and promised to show [...]

Clearing the Cloud Part II |A Ray of Sunshine On A Cloudy Day || Cloud Computing Security

This entry is part of a wonderful series, Clearing the cloud» In the first in this series of "Clearing the Cloud" columns, I explored the dangers of jumping too soon into cloud computing. In this article, the second in the series, I continue my vision on how to manage and secure cloud-computing solutions. Clearing the Cloud Part [...]

201 CMR 17:00 A New Dawn

Back in early September, I shared with my readers that I sent a letter (you can see it here) to the Massachusetts Office of Consumer Affairs and Business Relations, OCABR, with suggestions to improve 201 CMR 17:00. On Friday, October 30th, 2009, I have received a letter from the OCABR informing me of the new version [...]

The Security Berry-meter | Security and The Blackberry

Blackberry Security Flak upon flak, hay upon hay, has been dumped on the Blackberry, and its maker, RIM, since the announcement, few days ago, of availability of >a code allowing someone to turn the berry into a microphone. This is not an indictment against RIM, conversely – it is a triumph. Unlike other electronic “toys” (such as [...]

No related posts.

Evolution of Defense in Depth

בע"ה Evolution of Defense in Depth As security professionals will tell you, one of the basic principles of a good security program is the concept of Defense in Depth. Defense in Depth is arguably the most time-tested principle in Security, and applies to physical security, as well as information security. Defense in Depth builds on a concept [...]

Comments on 201 CMR 17:00

Readers of my blog know that I was a big supporter of Massachusetts Breach Notification proposed law, 201 CMR 17:00. You may also have known that I authored an article, together with Ken Mortensen, esquire, about the rule, at CSO Magazine. You can see the article at "201 CMR 17: A New Tea Party!" At the time, we [...]

How to Create a Privacy Policy | Part 5

This entry is part of a wonderful series, How to create a Privacy policy» Hello and thank you for reading this final installment in the How to Create a Privacy Policy series of mine. Here is what we accomplished so far: Sample Privacy Policy Purpose: To define privacy expectations of visitors to the ArielSilverstone.com website. What We Collect and How We [...]

Open Letter to the PCI Council || Suggestions to Improve PCI DSS

Dear Readers, I sent this letter to the PCI Council three weeks ago to put in my two cents’ about improvement to PCI DSS. Please let me know what you think: Security Standards Council, LLC 401 Edgewater Place Suite 600 Wakefield, MA USA 01880 Thursday, August 27, 2009 Dear Council Members, As we are within phase 2 of the PCI Lifecycle, please [...]

Where PCI DSS Falls Short (and How to Make it Better)

The Value in ITIL Certification | ITIL Part VII

This entry is part of a wonderful series, ITIL» by David Moskowitz (written 3/09, revised 7/09, 9/09) This may sound strange, before ITIL, I wasn’t convinced that individual certification was worthwhile (with the exception of PMP). So, why am I writing about the value of ITIL certification? The answer is simple, I’ve seen the results. [...]

California’s New Privacy & Breach Notification Law: SB 20

The California Assembly passed a new Breach Notification Law. This proposed law, called SB 20, will become effective if and when California’s Governor, the Schwartzenator, will sign it into law. Here is my analysis of the requirements specified in the new law: Analysis of California SB 20 Privacy Law Section Text Meaning Long Title An act to amend Sections 1798.29 [...]

Unified Privacy Primer

The Security Blog

Clearing the Cloud Part III || How Do You Solve A Problem Like “A Cloud”? || Cloud Computing Security

Related Posts

Clearing the Cloud Part II |A Ray of Sunshine On A Cloudy Day || Cloud Computing Security

Related Posts

201 CMR 17:00 A New Dawn

Related Posts

The Security Berry-meter | Security and The Blackberry

Related Posts

Evolution of Defense in Depth

Related Posts

Comments on 201 CMR 17:00

Related Posts

How to Create a Privacy Policy | Part 5

Related Posts

Open Letter to the PCI Council || Suggestions to Improve PCI DSS

Related Posts

The Value in ITIL Certification | ITIL Part VII

Related Posts

California’s New Privacy & Breach Notification Law: SB 20

Related Posts