We as humans have an innate nature to be helpful.  When it comes to providing information about ourselves, we usually do so without thinking twice, especially when the request comes from someone we trust like a doctor, hospital, or other health care provider. However, providing this personal information, such as your Social Security Number (SSN), can increase the likelihood your personal information or identity are stolen.

Originally published at cloudsecurityalliance.org Today, consumers have an increasing interest in implementing cloud solutions to process and store their data.  They are looking to take advantage of the benefits provided by cloud computing, including flexibility, cost savings, and availability.  Fortunately, there are many cloud solutions available to consumers, touting cloud computing features such as multi-tenancy, virtualization, or increased collaboration.  But is it really a cloud service? 

Originally published on www.meritalk.com The Federal government is the leading creator, collector, consumer, and communicator of information in the United States. If there are changes to its regulatory requirements, it is entirely possible those changes will eventually spread into the commercial sector.  Such is the case with two related risk management programs developed by the Federal government that now enforce commercial organizations working contractually with the Federal government to employ Federal security standards.

When assigning and reviewing user roles and privileges, reference a documented separation of duties chart, showing which roles, privileges, or other access types that one user cannot have access to in order to prevent potential conflicts of interest.

[Tweet "A user should only have access to the data, systems, hardware, etc., that they need to be able to perform their assigned duties."]

Via: FCW.com The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessments, authorizations, and continuous monitoring for cloud products and services. FedRAMP is meant to replace the current process by which federal agencies assess low and moderate baseline third party cloud service provider systems prior to procurement. Preceding FedRAMP, individual agencies managed their own assessment methodology following guidance loosely set by the Federal Information Security Management Act of 2002 (FISMA).