Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Staying Compliant in the Cloud Without a Cybersecurity Attorney By @BThies | @CloudExpo #Cloud
Compliance can be achieved without them

Cybersecurity is a complex field, and with laws varying across states and countries, keeping cloud usage compliant can become a real headache for enterprise security decision-makers.

As regulations continue to lag behind the rapid pace of technological advancements, many IT security professionals turn to the expertise of cybersecurity lawyers, who not only understand the ambiguities of the law, but are also able to secure and protect their employers' interests in the case of a breach.

When Is a Cybersecurity Attorney Needed?
There are times when cybersecurity lawyers are essential. Given recent developments such as Edward Snowden's National Security Agency leaks, the exponential growth of the Internet of Things, and the throwing out of Safe Harbor Rules, privacy is an ever-evolving concern for businesses. Every company must ensure the safety of its users' data, and a qualified cybersecurity attorney should review privacy policies and programs to ensure proper compliance.

The use of such legal experts should be incorporated into the incident response plan in addition to having the experts review procedures. When a breach does occur, the public relations team cannot be left to draft communications on its own.

Each state has its own laws on what is required when making a breach public. The laws set thresholds for dollars and numbers of affected records, and even criteria relating to the level of data encryption, to help determine whether a breach must be reported. This means companies have to be careful when disclosing breaches, as poor communication can risk litigation.

Staying Compliant Without One
Cybersecurity attorneys are not necessary, however, for everyday operations. While they play an important role in dealing with specific crises, it is possible for a company's security officials to cope with most situations on their own. Many companies would be better served by hiring someone to manage their information security teams and train up their general counsel to address typical security risks than by spending top dollar on an attorney specializing in cybersecurity.

The creation of an information security plan, for instance, is a task far better suited to IT security professionals and chief security officers than to lawyers, as are decisions regarding cloud strategy. When it comes to ongoing monitoring of the environment and cloud services, unbelievable technologies are available to support information security management and to serve as the eyes and ears preventing a serious compromise of data.

A cybersecurity attorney is not equipped with the experience of running governance programs or of managing risk and compliance activities for all aspects of cloud computing. The CSO must instead take the lead on those.

Performing a Risk Assessment
Before proper compliance can be built into the system, all business risks and technical controls must be reviewed. How mature are the security management practices? Organizations generally fall into three maturity levels:

  1. Basic protocol is the blocking and tackling of security. It is understaffed and lacks reporting metrics, controls, policies, and processes. It may even lack executive support for security budgeting.
  2. Compliance-driven cloud security goes beyond the basic and looks toward compliance frameworks, such as ISO 27001/2, to drive security. This is better but still lacks the focus of a proper and authoritative security system.
  3. Risk-based security is multilayered. It can correlate events, such as security incidents, across multiple disciplines and business environments to rank and respond to them. It uses dynamic information security and IT audit controls to ensure that data are safe, secure, and routinely inspected.

Once the security environment has been assessed and its maturity defined, companies must look to implement a framework that improves security in the following elemental areas:

Source: KPMG LLP's Security Maturity Continuum

Several IT governance, risk and compliance tools can be used when building the best security management programs. These help the system to run smoothly and also aid adaptation to changes in personnel, ensuring that employee turnover doesn't lead to a breach.

Cybersecurity attorneys are still important in times of crisis, but for day-to-day security they are an expensive luxury. Compliance can be achieved without them.

About Brad Thies
Brad Thies is principal at Barr Assurance & Advisory Inc., a risk consulting and compliance firm that provides business performance, information technology, and assurance services to clients across a variety of industries. He specializes in helping clients assess, design, and implement processes and controls to meet customer, regulatory, and compliance requirements. Brad is a certified public accountant and a certified information system auditor with more than 10 years of experience in the industry.

Latest Cloud Developer Stories
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchai...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSy...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices ...
The cloud era has reached the stage where it is no longer a question of whether a company should migrate, but when. Enterprises have embraced the outsourcing of where their various applications are stored and who manages them, saving significant investment along the way. Plus, th...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE