Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, August 18, 2010

Cloud computing ISO Standards in the pipeline

This was the opening remark from Standards New Zealand chief executive Debbie Chin at the recent workshop ‘Corporate governance of information technology’ that was held in Wellington recently.  Interest in cloud computing is growing rapidly in the International Standards Organisation (ISO) community.  Cloud computing delivers economies of scale and can be used to develop, deploy, and maintain business critical systems quickly and flexibly.  It is through Standards New Zealand that this country contributes to the development of international Standards, such as the new cloud computing Standard, by participating in ISO committees and running mirror committees locally.  Key issues in cloud computing are sovereignty, privacy and portability, and in understanding these requirements this country could be considered a favourable place to host services for an international audience.

The area of digital forensics concerns any digitally-stored evidence.  There is some risk in digital forensics—- legal, professional, ethical and IT technical risk.

However, many organisations have not put in the necessary preparation to handle these risks.

At the workshop Dr Brian Cusack, leader of the AUT University Digital Forensic Research Laboratories, discussed a draft working document to provide guidelines to identify, collect and/or acquire and preserve digital evidence.

The standard for corporate governance of IT (AS/NZS ISO/IEC 38500:2010) includes principles that provide a checklist for IT investment decisions and a framework to evaluate, direct and monitor the use of IT in organisations.

While he used Australian case studies, these issues are relevant to organisations here.  He also discussed common problems in IT projects—often it is not the technology itself he says, but the way organisations use it.

Posted on 08/18