NISTs Guidelines for Public Cloud Security Emphasize Risk Management

The National Institute of Standards and Technology has released a preliminary set of guidelines for cloud computing security. The draft version of Special Publication 800-144, “Guidelines on Security and Privacy in Public Cloud Computing,” offers recommended precautions and policies that federal agencies should follow if they plan to use public cloud resources.The document does not dismiss public clouds as an option for government systems. But the authors of the document, NIST computer scientists Wayne Jansen and Timothy Grance, were clear about the many hazards of outsourcing systems to a public cloud provider. Much of what makes cloud computing an attractive option for government agencies is also at odds with the way agencies have traditionally applied governance and security to information systems, Jansen and Grance wrote”

Several critical pieces of technology, such as a solution for federated trust, are not yet fully realized, impinging on successful cloud computing deployments. Determining the security of complex computer systems composed together is also a long-standing security issue that plagues large-scale computing in general, and cloud computing in particular. Attaining high-assurance qualities in implementations has been an elusive goal of computer security researchers and practitioners and…is also a work in progress for cloud computing.

The rest of this post is at: Virtual Integrated System Blog – Government – NISTs Guidelines for Public Cloud Security Emphasize Risk Management.

Cyberdefense and Information Assurance

Los Alamos: Spanish for “We lost more computers”

From Los Alamos National Laboratory reportedly missing 80 computers – Related Stories – SNM SmartBrief:

“Because the losses were considered a ‘property management issue’, the “cyber security issues were not engaged in a timely manner.'”

The Department of Energy cares about security. Really they do. They just don’t engage the issues in a timely manner.


tweet! You’ve been h4x0r3d.

The Rat is a relatively recent convert to Twitter, by his own admission. Mostly, it was because “What are you doing?” question that the service asks its users to answer over and over and over again each day consistently provoked the same response from him: “None of your @#$%%^! business!”

But since his recent life change, and the discovery that there are things other people on Twitter and Facebook are up to that he actually cares about, he’s started digging in a bit deeper to social networking services–albeit with some healthy skepticism. And that skepticism was proven justified last Thursday, when “don’t click me” rolled into his Twitter friends’ timeline. Continue reading


First things first — let’s make it a holiday

Congress passed a resolution yesterday making this coming Friday “National Data Privacy Day.” If the move, intended to raise awareness of data privacy issues at a national level, seems a little last-minute –which is somehow appropriate, considering how data privacy, while a major regulatory issue, often is addressed as an afterthought.

I think we need a parade. We can have themed floats: “Don’t lose Energy Department Lab Hard Drives in the Kitchenette” and “Don’t take Veteran medical records home on your laptop” are two that immediately spring to mind.