Cloud First, US Gov Style (FedRAMP)

“Cloud first” is an approach I’ve heard articulated as a means to delivering on business objectives.  The policy I’ve heard has referenced if not been predicated on the fact that the US government is implementing this policy in their federal agencies. My first thought: how is the government accomplishing such a presumably agile, flexible and… Continue reading Cloud First, US Gov Style (FedRAMP)

Risk

Risk is the likelihood that a threat agent (TA) will successfully exploit a vulnerability and introduce loss to a system.

Threat Agent

Threat Agent (TA) – An entity or experience that exposes a system to a loss.   The TA needn’t be cognizant as an earthquake can topple a data center without forethought or fire consumes building and paperwork without prejudice.  A TA may also be a hacker or hackers phishing for information.

Vulnerability

Vulnerability (V) – A characteristic that exposes something to a weakness without a countermeasure to mitigate potential losses. A warehouse may have a vulnerability to fire, a data center may have a vulnerability to a physical threat like an earthquake or network may have a vulnerability around access because it lacks a firewall (or perhaps… Continue reading Vulnerability

APT – Advanced, Persistent Threat

Given enough adoption of secure policies and frameworks and a threat agent with adequate resources, access and motivation any control/countermeasure/safeguard can be overcome. This means that a sufficiently motivated and backed threat agent (nee “hacker”) can defeat any one (and in multiple cases, any) security controls put in place.   Key takeaway: If you want… Continue reading APT – Advanced, Persistent Threat