US President Obama calls for stronger Cyber Security laws

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Today, US President Obama called for stronger Cyber Security laws.   It is interesting to note that theme used today emphasizes an action I called for in my paper (and later blog entry) ‘A Strategy To Secure The Federal Cyberspace‘ …  back in 2009.

The call by the President stated:

…Yet, there are core challenges that remain in our work to strengthen America’s cybersecurity:

The problem is that government and the private sector are still not always working as closely together as we should. Sometimes it’s still too hard for government to share threat information with companies. Sometimes it’s still too hard for companies to share information about cyber threats with the government. There are legal issues involved and liability issues. Sometimes, companies are reluctant to reveal their vulnerabilities or admit publicly that they have been hacked. At the same time, the American people have a legitimate interest in making sure that government is not potentially abusing information that it’s received from the private sector.

In my original work, I stated in the opening paragraphs

…that the leadership to form and coordinate the right combination of public and private partnership and a sense of common mission are essential to the task.

In fact, much of my call focused on the specific nature that such common mission must take:

One point that I would like to make clear: Government– Private sector cooperation will have to be a two-way street. The government must lead and contribute, and the private sector must respond in kind. ..

Today, for various reasons which include Privacy concerns, potential Liabilities, the rights of Discovery, and even the US anti-collusion laws hamper the possibilities of functional and efficient Government-Private Sector collaboration.   This is exactly the reason why Congress must act to shield certain types of action and protect the participants.

In 2009 I recommended the cooperation as one of the three major Tenets of my paper.   I further broke it down into two specific action items, the second of which, Task 7, is today’s call from the President:

Task 6: Create an Official advisory board of industry and government luminaries to advise the Chief Information Security Officer in his or her duties.

and

Task 7: Recommend legislative changes, where needed, to allow utilization of public capabilities to test and enhance defenses of sensitive industries.

 

I think we may be on the right track :)

 

 

 

The Microsoft approach to cloud transparency – Part VIII

Thank you for coming back for the exciting Part VIII of The Microsoft approach to cloud transparency

The Microsoft approach to cloud transparency

 

Using the Cloud Security Alliance’s Security, Trust & Assurance Registry (STAR)

 

Part VIII – Aligning to STAR

When mitigating risk while deploying a cloud solution, an organization must consider the cloud-specific risks described in the preceding “Cloud assurance challenges” section as well as organizational goals. Common as well as cloud-specific risks must be weighed and evaluated carefully to assure the best results for the organization.

One best practice is to proceed with the selection of a cloud provider as described earlier, by using a common framework. This approach will help mitigate risk but also help avoid the cost of engaging outside expertise and a costly independent review process, relying instead on combined efforts that represent years of expertise in the field.

Using STAR, an organization can compare  various cloud offerings, select criteria important to the organization, and document how and why a specific solution was selected. This approach  helps mature future selection efforts and adds to the organization’s knowledge base.

 

Organizations can use the control criteria in the CCM to help mitigate the risk of missing important evaluation criteria. STAR also allows organizations to use a fully developed framework to carefully compare similar offerings. In addition, it can provide a way to measure and quantify weighting factors for related criteria.

 

Come back next week for Part IX!