<img src="https://secure.leadforensics.com/85060.png" style="display:none;">

Day 2: Ventiv CISO David Black reports from InfoSec World 2015

I attended the last of the cloud-focused sessions yesterday at InfoSec World 2015 in Orlando, Florida (check out yesterday’s report from this conference here). The session, entitled “Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control,” was led by David Etue of Gemalto, a global, Amsterdam-based provider of digital-security services.

Based on the description of the session, I was confident that David’s materials were going to be relevant and important. I also knew that it was possible he’d cover the topic and provide value without necessarily getting into areas of interest to me: namely, “out-clouding” or “cloud-nesting.” I did hope, however, he would jump in and expose the “latest” in the evolution of the cloud. Of course, by “latest,” I mean what’s been quietly going on behind the scenes for the past few years without much attention or knowledge. 

Topics: data security and privacy

Ventiv CISO David Black reports from InfoSec World 2015

This week I’m at InfoSec World 2015 in Orlando, Florida. It’s my favorite security conference of the year because most of the educational sessions are led by other chief information security officers or by leaders in security (and not, typically, by sales team members from security vendors).

Topics: data security and privacy

Not everything’s negotiable: What risk managers need to know about cloud contracts

If you’re a risk manager taking on greater responsibility for cyber risk management, I think you’ll benefit from reading this helpful primer on “Negotiating Cloud Contracts.” Even if you’re not negotiating new cloud agreements at this time, the article will help you understand some of the key concerns inherent in cloud-based business solutions.

Many of the points made by the authors of “Negotiating Cloud Contracts” (it was written by three lawyers from the firm of Morrison & Foerster) echo important concerns that I frequently talk about with risk, insurance and safety managers. I’d like to discuss a few of those topics in this blog.

Topics: risk management data security and privacy cyber risk

Instilling the importance of information security as an everyday activity

I haven’t read the whole study yet, but I was intrigued when I came across a strategy+business blog post from earlier this month about recent research on the effectiveness of information security efforts at large U.S. firms. The study found that IT professionals assess the threats to their firms’ data security quite differently from their non-IT counterparts (both at the management and frontline-worker level).

Topics: risk management data data security and privacy