Data Center Advisors

So you may be asking yourself, what’s the big deal about cloud computing terminology? And how can something as simple as a term or a definition be so important? Simply put, when standards development organizations (SDOs) like the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), or the International Telecommunication Union (ITU) wade [...]

Like many others organizations, I’m pleased to announce that Hitachi Data Systems has joined the Cloud Security Alliance (CSA) as a full corporate member. We are quite excited about the CSA scope of work, and in particular, we anticipate getting involved in Version 3.0 of the “Security Guidance for Critical Areas of Focus in Cloud [...]

The Federal Rules of Civil Procedure (FRCP) is a set of regulations that specify procedures for civil legal suits within United States District Courts. Federal district courts in all fifty states are required to follow these rules, and many state courts’ civil procedural rules closely follow or adopt similarly worded rules. Currently there are 86 [...]

For Security professionals, especially those of us based in the U.S., the guidance from the National Institutes of Standards and Technology provides a wealth of information. Of particular interest are the documents from the 800 Series Special Publications and the NIST Interagency or Internal Reports (NISTIRs) from the Computer Security Resource Center (CSRC) of the [...]

The Computer Security Institute (CSI), an educational membership organization for information security professionals, released the 15th edition of its annual CSI Computer Crime and Security Survey this month (December 2010). Until 2007, these surveys were a collaborative effort between the CSI and the Federal Bureau of Investigations (FBI), and it was available publicly. The current [...]

The Payment Card Industry Security Standards Council (PCI SSC) issued version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application-Data Security Standard (PA-DSS) at the end of October.  The changes to PCI DSS 2.0 and PA-DSS 2.0, which take effect on January 1, 2011, have been characterized as being “relatively [...]

When it comes to standardizing security guidelines, practices, technologies, and protocols, there are a plethora of standards development organizations or SDOs operating in this space. Some are accredited and recognized as sources of formal standards, while others produce industry, government, and de facto standards.

The Government of Singapore held its annual security conference, called GovWare 2010, during the last week of September. This event reminded me of the early days of the RSA Conference when it was much smaller and not so hyped or chaotic. The event was small enough that the organizers could entice the participants into the [...]

As data privacy and confidentiality requirements continue to increase, more and more organizations are turning to, or considering use of encryption in conjunction with storage. This has been especially true for tape-based storage, but an increasing number of sites are also looking to disk-based encryption for basic protections. Implied in all but the simplest of [...]

At the risk of being called a certification snob, I’d like to weigh in on the Cloud Security Alliance’s (CSA) Certificate of Cloud Security Knowledge (CCSK), which was announced in late July of 2010 (The CCSK examination became available on September 1, 2010 and will ultimately cost $295; however, there is a promotional period that [...]