Ding Dong the witch is dead, the wicked witch, the wicked witch.... If you've got a mental munchkin voice narrating this article, for dignity's sake, stop it. Use your own voice.

immeltingohwhatacrewlworldHappily, SOPA and PIPA have been squashed, tabled, stamped out.  (Long Hail Dorothy!) So now, all us auditors and technical compliance folk have to do is come up with a way to control business enabled by cloud and virtualization, such that we actually mitigate risks using the same old familiar tool set.  Not talk about it, we need to get it done.

Who among us are actively implementing the concerns raised by ENISA in 2009, page 6 of Cloud Computing, Benefits, risks and recommendations for information security? These recommendations are that we assist customers to assure they:

  1. assess the risk of adopting cloud services (... like twitter, facebook, Google docs)
  2. compare different cloud provider offerings (... like Cloud Passage, Terremark, Savvis, Rackspace)
  3. obtain assurance from selected cloud providers (...like more comprehensive and current SOC 2)
  4. reduce the assurance burden on cloud providers (... by implementing or supporting implementation of tools like OpTier, Symplified, VSS Monitoring)
As we move away from unenforceable and unfair laws, how are we better equiped to address concerns of integrity, confidentiality and business ethics by virtue of our existing tool set?
Yeah, we get to go to the party, but can't you still hear a father saying somewhere, "Alright little lady, you can go, but you better not come home pregnant!"
The laws were ridiculously flawed and misgoverned, but that just fuels the fire to build better, more accessible and applicable GRC integration of the right standards and frameworks.
  • ISO 27001
  • NIST/FedRamp
  • CobiT
  • ITIL

Just in case you know nothing "ABOUT ENISA", their materials state: The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a center of excellence for the European Member States and European institutions in network and information security, giving advice and recommendations and acting as a switchboard for information on good practices. Moreover, the agency facilitates contacts between European institutions, the Member States, and private business and industry actors.

This work takes place in the context of ENISA’s Emerging and Future Risk program.


  • This report has been edited by:
  • Daniele Catteddu and Giles Hogben
  • e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Internet: http://www.enisa.europa.eu/
EnterpriseGRC Solutions is supporting David Drummond by re-tweeting, posting and pointing our readers. We are asking that they read this directly on Digg and other locations, follow the links and petition congress.

Take steps to become educated.  SOPA and PIPA are complex problems that all need to solve.  We can't allow others to direct our decisions, simply because it seemed too complicated to solve ourselves.  Make a commitment to spend a month of the coming year gaining new education.

Commit to re-learn what you think you know about business, technology, and privacy. The field has changed, but the application of our principles has not.  The first step is to gain education and get involved.

Don't censor the web found on Digg 1/17/2012 09:40:00 PM, where David Drummond states

"You might notice many of your favorite websites look different today. Wikipedia is down. WordPress is dark. We’re censoring our homepage logo and asking you to petition Congress. So what’s the big deal?

Right now in Washington D.C., Congress is considering two bills that would censor the web and impose burdensome regulations on American businesses. They’re known as the PROTECT IP Act (PIPA) in the Senate and the Stop Online Piracy Act (SOPA) in the House. Here’s what they’d do:

  • PIPA & SOPA will censor the web. These bills would grant new powers to law enforcement to filter the Internet and block access to tools to get around those filters. We know from experience that these powers are on the wish list of oppressive regimes throughout the world. SOPA and PIPA also eliminate due process. They provide incentives for American companies to shut down, block access to and stop servicing U.S. and foreign websites that copyright and trademark owners allege are illegal without any due process or ability of a wrongfully targeted website to seek restitution.
  • PIPA & SOPA will risk our industry’s track record of innovation and job creation. These bills would make it easier to sue law-abiding U.S. companies. Law-abiding payment processors and Internet advertising services can be subject to these private rights of action. SOPA and PIPA would also create harmful (and uncertain) technology mandates on U.S. Internet companies, as federal judges second-guess technological measures used by these companies to stop bad actors, and potentially impose inconsistent injunctions on them.
  • PIPA & SOPA will not stop piracy. These bills wouldn’t get rid of pirate sites. Pirate sites would just change their addresses in order to continue their criminal activities. There are better ways to address piracy than to ask U.S. companies to censor the Internet. The foreign rogue sites are in it for the money, and we believe the best way to shut them down is to cut off their sources of funding. As a result, Google supports alternative approaches like the OPEN Act.
Fighting online piracy is extremely important. We are investing a lot of time and money in that fight. Last year alone we acted on copyright takedown notices for more than 5 million webpages and invested more than $60 million in the fight against ads appearing on bad sites. And we think there is more that can be done here—like targeted and focused steps to cut off the money supply to foreign pirate sites. If you cut off the money flow, you cut the incentive to steal. 

Because we think there’s a good way forward that doesn’t cause collateral damage to the web, we’re joining Wikipedia, Twitter, Tumblr, Reddit, Mozilla and other Internet companies in speaking out against SOPA and PIPA. And we’re asking you to sign a petition and join the millions who have already reached out to Congress through phone calls, letters and petitions asking them to rethink SOPA and PIPA.

Posted by David Drummond, SVP Corporate Development, and Chief Legal Officer

WE ARE POINTING TO OTHER Links to this post (this is a brief re-post to our readers)