Month: April 2016

Program to Feature Insights and Perspectives into the Federal Government Cloud Strategy and Use of Cloud Services along with Best Practices to Ensure Cloud Security in Regulatory Environments

Washington, DC – April 28, 2016 – The Cloud Security Alliance (CSA) today announced a world-class line up of speakers and presentations for its second annual Cloud Security Alliance Federal Summit, a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center. The event, scheduled to take place on May 12, is expected to draw 250 information security professionals from civilian and defense agencies to exchange experiences, lessons learned and best practices for securely implementing cloud computing to support agency missions.

“Agencies today are being tasked with new requirements and mandates when it comes to deploying cloud services. It is now more important than ever to provide an educational platform where these information security professionals can understand and prepare for the future direction of cloud security requirements in order to effectively leverage cloud-based services,” said Jim Reavis, co-founder and CEO of the Cloud Security Alliance. “This year’s event was carefully built on the success of last year’s event where, for the first time, attendees gained unique expert access and insight that they could readily apply within their own environment. We look forward to doing that once again this year, with even greater content and use cases.”

The program will feature presentations from some of the most prominent names and organizations in the federal space including an opening keynote presentation by:

Tony Scott, U.S. Chief Information Officer, Office of Management and Budget, Executive Office of the President (pending agency approval).

Additional speakers and panelists include:

• Emery Csulak, Chief Information Security Officer, Centers for Medicare & Medicaid Services, U.S. Department of Health and Human Services
• Joe Paiva, Chief Information Officer, International Trade Administration
• Jim Tunnessen, Chief Technology Officer, Food Safety and Inspection Service, U.S. Department of Agriculture
• Noah Kunin, Director of Delivery Architecture and Infrastructure Services, 18F, U.S. General Services Administration
• Matt Goodrich, FedRAMP Director, U.S. General Services Administration
• John Hale, ‎Chief, Enterprise Applications, Defense Information Systems Agency

In addition to the one-day event, the CSA will be holding a CCSK (Certificate of Cloud Security Knowledge) Foundation Training at the Carr Workplaces at The Willard in Washington, D.C. Taking place on May 11 from 9:00 a.m. to 5:00 p.m., the CCSK Foundation course is based on V3.0 of the CCSK exam and the CSA Security Guidance for Critical Areas of Cloud Computing V3.0. The Cloud Computing Security Knowledge-Foundation class provides attendees with a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK v3.0 certificate exam. This is a fee-based workshop. For more information on this CCSK Foundation Training event, please visit: www.fedsummits.com/csa/ccsk.

Members of the media and analyst community interested in attending the event should contactkari@zagcommunications.com for more information, to receive press credentials and to schedule interviews with CSA leadership and conference speakers.

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

[Cloud Security Alliance Research News]

We have often heard these pearls of wisdom during our formative years:  “Play nice. If you don’t play nice, no one will want to play with you.” “You have to be nice.” “Be a nice girl.”

Unfortunately, many of us (myself included) suffer from what I’m calling the “Nice Syndrome.” Merriam-Webster dictionary defines nice as pleasing and agreeable. Nice was rewarded, reinforced and subsequently internalized, leading to:

• Putting other’s needs before your own
• Over apologizing
• Consistently asking for permission
• Denying your own power
• Not asking for what you want or need
• Tolerating too much negativity
• Being overly patient

In the workplace, we continue to be nice. We don’t rock the boat. We play nice even when it means denying one’s self. We sacrifice self and wait for our reward. Unfortunately, the rules we learned as girls no longer apply as women in the workplace. We instead work extra hard, do the work of others, deny ourselves lunch or breaks. We put work first, our families second, and ourselves last.

How then can we break this nice cycle without being labeled a witch or worse? How can we vanquish our misplaced guilt when we no longer play nice? We do this through:  1) language; 2) prioritization; and 3) building our brand.

Never Underestimate the Power of Words
Words create our reality and give us and others a blueprint for interacting with us. Women often use touchy-feely language that lacks self-confidence. These phrases include:  “Maybe we could…”; “I was thinking we might…”; “How about…” Instead use more assertive language:  “I believe it would be best to…”; “I propose that we…”; “It is my understanding that …”

Stop Putting Work Ahead of Everything Else
Many women of my era are referred to as the “sandwich” generation. We juggle careers, families and caring for elderly family members. We put ourselves so far down the list that we do not recognize our own needs. By playing nice, women put their needs on hold or lower their expectations. They deny their own power. Let go of the beliefs that you are powerless and that standing up for yourself is selfish. Rethink what power means. You have more power than you allow yourself to use. To reclaim your power, start by saying “no” to unreasonable requests. Express yourself in more empowered ways by stating, “I choose to…” which ties back to creating your reality. Take small steps for yourself, such as:

• Taking lunch breaks
• Taking short walks outside
• Establishing set start/stop times, and sticking to them
• Taking time for exercise
• Taking meditation or yoga classes
• Getting regular massages or facials

Build Your Brand
We all know brands that are synonymous with a product, such as Coke or Kleenex. What is your name synonymous with? Once you determine that it will inform you of your brand. It is what sets you apart from others. What is your unique story? It is said that “If you don’t build your image (brand), someone else will.” What are you really good at? Build your unique story.

Appearance is also a big part of your brand. The saying goes, “Never dress for the job you have; dress for the job you want.” Look at successful women. What style of clothes, hair, make-up and jewelry do they favor? I am not advocating a complete makeover, but maybe wear a blazer to important meetings or dress up your blouse and slacks with a scarf.

Also, observe how successful women speak. Do they use a lot of touchy-feely language? What is the pitch of their voice? Your presentation skills communicate your brand. Are you confident in front of a group? Do you talk at an acceptable rate or speak rapidly? Do you use crutch words like “ah,” “um,” and “you know?” Do you over explain or apologize when presenting? Do you use words to minimize importance or ask for permission? Do you speak too softly or at too high of a pitch? Does your voice pitch up at the end of a statement? If you struggle in any one of these areas, I suggest Toastmasters International, which offers a cost-effective communication development course that moves at your own pace.

Do you, like me, suffer from Nice Syndrome? How have you broken through this syndrome? Share your success and struggles in the comments section below.

Today, 28 April, just happens to be International Girls in Information and Communication Technologies (ICTs) Day. The goal of the event is to create a global environment that empowers and encourages girls and young women to consider careers in the growing field of ICTs. For more information click here.

Pam Nigro, MBA, CISA, CGEIT, CRISC, CRMA, DTM; Senior Manager, Internal Controls and Risk Management; Blue Cross Blue Shield of Illinois; Vice President, ISACA Chicago Chapter

[ISACA Now Blog]

The evolution of software has made possible things we never dreamed. With software upgrades come new competencies and capabilities, better security, speed, power and often disruption. Whenever something new enters an existing ecosystem, it can upset the works.

The cadence of software upgrades in large organizations is typically guided by upgrade policies; the risk of disruption is greater in large organizations—which is the chief reason large companies lag up to two versions behind current software releases. They take a wait-and-see approach, observe how the early adopters fare with software upgrades and adopt as a late majority.

A proper upgrade process involves research, planning and execution. Use these top 10 principles to establish when and why to upgrade:

1. What’s driving the upgrade? Software upgrades addressing known security vulnerabilities are a priority in the enterprise. Usability issues that impact productivity should also be addressed quickly.

2. Who depends on the legacy software? Identifying departments that depend on legacy software allows IT to schedule an upgrade when it has the least impact on productivity.

3. Can the upgrade be scheduled according to our policy? Scheduling upgrades within the standard upgrade cycle minimizes distraction and duplication of effort. Change control policies formalize how products are introduced into the environment and minimize disruption to the enterprise and IT.

4. Is the organization ready for another upgrade? Just because an organization needs a software upgrade doesn’t mean it can sustain that upgrade. Upgrade and patch fatigue are very real. Consider the number of upgrades you’ve deployed in recent months when deciding whether to undertake another one.

5. What is the upgrade going to cost? Licensing costs are only one part of the total cost associated with software upgrades. Services, staff time, impact to other projects, tech support for associated systems and upgrades for systems that no longer work with the new platform must also be included in the total cost.

6. What is the ROI of the upgrade? Software updates that defeat security vulnerabilities are non-negotiable—security itself is the ROI. Non-security related upgrades, however, must demonstrate their value through increased productivity or improved efficiency and reduced costs.

7. How will the customer be impacted? Consider all the ways an upgrade could impact customers and make adjustments before the upgrade begins. Doing so ensures you mitigate any potential issues before they happen.

8. What could go wrong? Since your goal is to increase performance, not diminish it, draft contingency plans for each identified scenario to readily address performance and stability issues, should they arise.

9. What level of support does the vendor provide? Once you understand what could go wrong during the upgrade, look into the level of support the vendor provides. Identify gaps in coverage and source outside resources to fill in as needed.

10. What’s your recourse? No one wants to think about it, but sometimes upgrades do more harm than good. In the event something goes wrong and you need to revert to a previous software version, can you?

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about how a modern endpoint backup solution can simplify software upgrades.

Rachel Holdgrafer, Business Content Strategist, Code42

[Cloud Security Alliance Blog]