Visa and MasterCard are both reporting massive breaches impacting millions of card holders today. Looks like we're all playing the lottery whether we buy a ticket or not. This is just the beginning folks. I hope we don't become numb to it. That would be really bad.
It seems that cloud security is a hot topic these days. I was in Cedar Rapids last week at the chapter meeting for both the Institute of Internal Audit (IIA) and Information Systems Audit and Control Association (ISACA) presenting on cloud security and audit issues. I'll also be presenting to the Des Moines chapter of the Information Systems Security Association (ISSA) meeting today about the same topic. If you'd like a copy of the presentations feel free to contact me.
The "cloud" is a touchy subject when it comes to security. Some companies are wholeheartedly embracing it while others are running from it. Which it the right approach? That really depends on one thing. Control. How much does it mean to you and how much are you willing to spend to keep it. Everybody assumes that data is less secure in the "cloud". I'd argue that thinking is really more of a control issue. Many cloud providers, not all mind you, have top notch security programs and systems which far exceed what many small to medium companies can afford on their own. In that respect security is better. However if you measure security by other matrix such as access control, the security value may be weakened. Long story short. You must define what "secure" means and then compare your security to a cloud provider's security. Only then will you know which road to follow.
The CISSP boot camp sponsored by the Des Moines chapter of the ISSA, Pratum and the Electronic Crime Institute at DMACC is returning to Iowa the week of May 7th - 11th. ISSA members receive a $200 discount. There are also discounts for early registration, government/education and companies who send multiple students.
The course isn't just for those who wish to study for the CISSP. It's also great for anyone who has information security and risk management duties and wants to gain a deeper knowledge base in these disciplines. This is a great opportunity to get information security training in Des Moines with no out of state travel.