Granted: The Cloud comes with security and continuity...
|
|
- Shavonne Snow
- 5 years ago
- Views:
Transcription
1 Granted: The Cloud comes with security and continuity... or, does it? Bogac Ozgen, MSc GyroFalco Ltd.
2 Questions & Answers Do we still need security and continuity? YES Should I be concerned about risks? The only thing you need is: YES Can To I manage migrate to the your Cloud? environment YES Can I implement security and continuity in the Cloud? YES
3 Benefits of The Cloud* 70%: Already claiming to have seen cost savings and higher levels of productivity 27%: Cloud enables faster entry into new markets 36%: Cloud helps manage their supply chain *KPMG Report, February 2013, 674 senior executives at organizations using cloud across 16 countries were surveyed
4 Worries in The Cloud* 35%: Fear data loss and security breaches 25%: See security problems as a hurdle that is yet to be overcome 27%: Focus on the absence of common standards used by providers 17%: See regulation as a challenge *KPMG Report, February 2013, 674 senior executives at organizations using cloud across 16 countries were surveyed
5 SOLUTION Being aware of your needs Planning the services you need Comparison of expectations and outcomes* Factual Decision Making Structured change management Contracts management Mutually beneficial relationship with your provider Run your security practices as usual Run your continuity practices as usual (assuming you have BCP s in place) *The term outcome was used deliberately, it is not output.
6 Topics for today Risk Management What is cloud? Details of services First time buyers Cloud consumers Conclusion
7 First step: Definitions Risk Management What is cloud? Details of services First time buyers Cloud owners Conclusion
8 What is cloud computing? Oxford Dictionary cloud computing [mass noun] the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. ISO/IEC WD definition 3.1 cloud computing a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable resources (e.g. networks, servers and storage systems), applications and services that can be rapidly provisioned and released with minimal management effort or service provider interaction. [ISO/IEC WD 17788] 8
9 What is cloud service? Software as a service Software, web applications, Google Mail, Office365, Google apps, Yahoo Mail,... Platform as a service Execution runtime, web servers, application platforms OrangeScape, databases (MySQL, SQL Server,...) Infrastructure as a service Virtual servers, storage, load balancers, network, DNS,... Amazon EC2, Rackspace, OpenStack providers 9
10 What is cloud service? Cloud Deployment models Private cloud Community cloud Public cloud Hybrid cloud 10
11 What is your responsibility as a consumer? SaaS PaaS IaaS Initial setup Access control SLA and Contract Management etc. Software Installation Platform and Software Access control Updates and patch management for Platform and Software Monitoring of Platform and Software Development and improvements of Platform and Software SLA and Contract Management etc. Software and Infrastructure systems Installation Platform and Software Access control Infrastructure systems access control Updates and patch management for Platform, Software and Infrastructure Monitoring of Platform, Software and Infrastructure Development and improvements of Platform, Software and Infrastructure API s and automation Internal software development Capacity management Network management SLA and Contract Management etc. Power, cooling, etc. Subscription management Infrastructure Maintenance Monitoring SLA and Contract Management etc. 11
12 One of the most important aspects of the Cloud services for the consumer is Management of Scope and via boundaries CONTRACT MANAGEMENT
13 Tips for consumers! Risk Management What is cloud? Details of services First time buyers Cloud owners Conclusion
14 Tips for First-Time buyers Risk Management What is cloud? Details of services First time buyers Cloud owners Conclusion
15 How to implement Cloud solutions? Day to day operations
16 Steps Negative consequences Threats Vulnerabilities Control Framework Analyse your existing system and design a new system -Incorrect analysis of the existing system to be taken as the basis of the contract, SLA s -Incorrect design of the new system -Customer satisfaction: MIN* -Financial: Longer time to production/market, so loss of revenue or interest -Legal: MIN* -Operations: Cost of travel time, meetings and rework -Incorrect identification of assets and their configuration -Incorrect identification of dependencies -Lack of documentation -Lack of understanding the specifications of existing system -Lack of knowledge over architecture -Wrong expectations from the new system -Incorrect authorization requirements -Lack of expertise -Lack of business analysis -Lack of understanding of real business impact ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices Evaluate providers and purchase the solution -Consequences from the previsous step -Customer satisfaction: MIN* -Financial: Re-purchasing the services -Legal: Dispute resolution with the supplier, counselling charges or court charges -Operations: Travel time, meetings and rework -Selection of the unsuitable supplier and service -Incorrectly defined scope of services in the contract -Incorrectly defined responsibilities of consumer, provider and sub-contractors 3 4 Migrate existing systems, run systems concurrently and test -Consequences from the previsous step -Customer satisfaction: MIN* -Financial: Re-purchasing the services -Legal: MIN* -Operations: Travel time, meetings and rework 2 -Insufficient planning -Insufficient impact analysis -Tight or unsuitable scheduling -Lack of testing -Small test case coverage -Inexistence of latest backups -Lack of rollback plans -Lack of business continuity, disaster recovery and emergency response plans ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices Publish production environment and monitor the system (baby sitting) 1 -Incorrect reporting of the system performance -Being unaware of incidents Also; Threats which are related to: -Information security -Business continuity -Operational effectiveness -Customer relations -etc. -Lack of formal hand-over process between the project team and the service management team -Lack of acceptance criteria -Lack of performance reporting -Lack of training for support personnel -Lack of formal incident management process Also; Vulnerabilities related to the Threats which are related to: -Information security -Business continuity -Operational effectiveness -Customer relations -etc. ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices Decommission the old infrastructure -Customer satisfaction Customer data protection requirements are breached, customer satisfaction is damaged -Financial Penalties, loss of a work, contract -Legal Dispute resolution, Court cases brought against the company, court and counselling charges -Operations Travel time, meetings and rework -Environmental: Natural life is impacted badly -Unauthorized access to customer/company/personal data -Loss of customer/company/personal data -Contamination of natural environment -Lack of data retention processes -Lack of formal data and records destruction process -Lack of qualified supplier -Lack of protection of data/records ready to be destroyed ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices
17 Steps Negative consequences Threats Vulnerabilities Control Framework Analyse your existing system and design a new system -Incorrect analysis of the existing system to be taken as the basis of the contract, SLA s -Incorrect design of the new system -Customer satisfaction: MIN* -Financial: Longer time to production/market, so loss of revenue or interest -Legal: MIN* -Operations: Cost of travel time, meetings and rework -Incorrect identification of assets and their configuration -Incorrect identification of dependencies -Lack of documentation -Lack of understanding the specifications of existing system -Lack of knowledge over architecture -Wrong expectations from the new system -Incorrect authorization requirements -Lack of expertise -Lack of business analysis -Lack of understanding of real business impact ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices Evaluate providers and purchase the solution -Consequences from the previsous step -Customer satisfaction: MIN* -Financial: Re-purchasing the services -Legal: Dispute resolution with the supplier, counselling charges or court charges -Operations: Travel time, meetings and rework -Selection of the unsuitable supplier and service -Incorrectly defined scope of services in the contract -Incorrectly defined responsibilities of consumer, provider and sub-contractors -Lack of knowledge of supplier evaluation process -Lack of measurable evaluation criteria-lack of objective evaluation and impartiality of assessor -Lack of formal service level agreements -Lack of penalties in case of low performance -Lack of early termination clauses -Lack of definition of change management process -Lack of formal testing environment ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices Migrate existing systems, run systems concurrently and test -Consequences from the previsous step -Customer satisfaction: MIN* -Financial: Re-purchasing the services -Legal: MIN* -Operations: Travel time, meetings and rework -Incorrect project plans -Incorrect release plans -Data corruption -Cannot rollback -Insufficient planning -Insufficient impact analysis -Tight or unsuitable scheduling -Lack of testing -Small test case coverage -Inexistence of latest backups -Lack of rollback plans -Lack of business continuity, disaster recovery and emergency response plans ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices Publish production environment and monitor the system (baby sitting) -Consequences from the previsous step -Customer satisfaction Cannot meet the SLA s and contractual requirements, customer satisfaction is damaged -Financial Penalties, loss of a work, contract or delayed payments, longer time to market -Legal Dispute resolution, Court cases brought against the company, court and counselling charges -Operations Travel time, meetings and rework -Incorrect reporting of the system performance -Being unaware of incidents Also; Threats which are related to: -Information security -Business continuity -Operational effectiveness -Customer relations -etc. -Lack of formal hand-over process between the project team and the service management team -Lack of acceptance criteria -Lack of performance reporting -Lack of training for support personnel -Lack of formal incident management process Also; Vulnerabilities related to the Threats which are related to: -Information security -Business continuity -Operational effectiveness -Customer relations -etc. ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices Decommission the old infrastructure -Customer satisfaction Customer data protection requirements are breached, customer satisfaction is damaged -Financial Penalties, loss of a work, contract -Legal Dispute resolution, Court cases brought against the company, court and counselling charges -Operations Travel time, meetings and rework -Environmental: Natural life is impacted badly -Unauthorized access to customer/company/personal data -Loss of customer/company/personal data -Contamination of natural environment -Lack of data retention processes -Lack of formal data and records destruction process -Lack of qualified supplier -Lack of protection of data/records ready to be destroyed ISO9001 ISO27001 ISO20000 ISO22301 COBIT ITIL Other best practices
18 Tips for consumers! Risk Management What is cloud? Details of services First time buyers Cloud owners Conclusion
19 Tips for consumers! Risk Management What is cloud? Details of services First time buyers Cloud owners Conclusion
20 What are the risks? Sample list of risk areas: Privacy and Data protection Storage and data ownership Legal / Compliance Change management and policy enforcement Risks of the service provider Continuity Open standards / services Systems development Abuse 20
21 Which controls in ISO27002? Aligned with DIS (N11907) 5 Security Policies 6 Organisation of information security 7 Human Resource Security 8 Asset management 9 Access Control 10 Cryptography 11 Physical and environmental security 12 Operations security 13 Communications security 14 Systems acquisition, development and maintenance 15 Supplier relationships 16 Information security incident management 17 Information security aspects of business continuity management 18 Compliance 21
22 As a summary We need to understand: Scope and boundaries of the system Relationship of us (Consumer) and the Provider (and its sub-contractors) Threats and vulnerabilities related to cloud computing Controls to mitigate risks in cloud computing 22
23 Conclusion Risk Management What is cloud? Details of services First time buyers Cloud owners Conclusion
24 The Answers Do we still need security and continuity? YES Should I be concerned about risks? YES Can I migrate to the Cloud? YES Can I implement security and continuity in the Cloud? YES The only thing you need is: To manage your environment
25 SOLUTION Being aware of your needs Planning the services you need Comparison of expectations and outcomes* Factual Decision Making Structured change management Contracts management Mutually beneficial relationship with your provider Run your security practices as usual Run your continuity practices as usual (assuming you have BCP s in place) *The term outcome was used deliberately, it is not output.
26 Questions? 22/05/ Bogac Ozgen - GyroFalco Ltd. 26
27 Thank you for listening Bogac Ozgen Consultant, Assessor & Trainer Web: 22/05/ Bogac Ozgen - GyroFalco Ltd. 27
COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS
COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Number: CLO-001 Passing Score: 800 Time Limit: 120 min File Version: 39.7 http://www.gratisexam.com/ COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Exam Name: CompTIA
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationECSA Assessment Report
ECSA Assessment Report Company Test Cloud Company Name of the cloudservice textcloud.com Website of the cloudservice 11.textcloud.com Project number #10652 Projectname Dummyproject Print date 2015-12-01
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationBuilding Trust in the Era of Cloud Computing
Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT
ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT 1 BY HUSSEIN K. ISINGOMA CISA,FCCA,CIA, CPA, MSC,BBS AG. ASSISTANT COMMISSIONER/INTERNAL AUDIT MINISTRY OF FINANCE, PLANNING AND ECONOMIC
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationSUBJECT: REQUEST FOR PROPOSALS FOR HARBOR DEPARTMENT CLOUD COMPUTING SERVICES
DATE: May 30, 2017 SUBJECT: REQUEST FOR PROPOSALS FOR HARBOR DEPARTMENT CLOUD COMPUTING SERVICES Pursuant to the Harbor Department Cloud Computing Services Request for Proposals (RFP), all proposers were
More informationMoving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop
Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop 10.08.2011 What is computing? Examples of service providers Computing preface Cloud computing
More informationISACA Phoenix Chapter Meeting
The Cloud inexpensive, rapid deployment, and a governance issue? a presentation for the ISACA Phoenix Chapter Meeting Scottsdale, Arizona 14 May 2015 Hoyt L Kesterson II Terra Verde I ve looked at clouds
More informationIn this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,
In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing, where shared resources, data and information are provided
More informationLeveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group
Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement
SYSTEM KARAN ADVISER & INFORMATION CENTER Information technology- security techniques information security management systems-requirement ISO/IEC27001:2013 WWW.SYSTEMKARAN.ORG 1 www.systemkaran.org Foreword...
More informationCorporate Information Security Policy
Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationAuditing the Cloud. Paul Engle CISA, CIA
Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,
More informationPolicy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy
Policy Title: Binder Association: Author: Review Date: Pomeroy Security Principles PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Joseph Shreve September of each year or as required Purpose:...
More informationAdministration and Data Retention. Best Practices for Systems Management
Administration and Data Retention Best Practices for Systems Management Agenda Understanding the Context for IT Management Concepts for Managing Key IT Objectives Aptify and IT Management Best Practices
More informationKroll Ontrack VMware Forum. Survey and Report
Kroll Ontrack VMware Forum Survey and Report Contents I. Defining Cloud and Adoption 4 II. Risks 6 III. Challenging Recoveries with Loss 7 IV. Questions to Ask Prior to Engaging in Cloud storage Solutions
More informationCloud Computing and Its Impact on Software Licensing
Cloud Computing and Its Impact on Software Licensing By Gretchen Kwashnik & Jim Cecil January 25, 2012 What is Cloud Computing? Cloud computing is a model for enabling: on-demand network access to a shared
More informationDuncanPowell RESTRUCTURING TURNAROUND FORENSIC
Forensic Technology and the Cloud DuncanPowell RESTRUCTURING TURNAROUND FORENSIC 12 October 2017 DucanPowell Forensic Team Peter Lanthois Partner Office: (08) 8223 8107 Mobile: 0407 258 959 Email: planthois@duncanpowell.com.au
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationTesting Cloud Services: SaaS, PaaS and IaaS. Kees Blokland Jeroen Mengerink
Testing Cloud Services: SaaS, PaaS and IaaS Kees Blokland Jeroen Mengerink Agenda Introduction Cloud computing Challenges Risks Solutions Test measures Objectives Learn how to Cope with Cloud services
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationISO & ISO & ISO Cloud Documentation Toolkit
ISO & ISO 27017 & ISO 27018 Cloud ation Toolkit Note: The documentation should preferably be implemented order in which it is listed here. The order of implementation of documentation related to Annex
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationInternet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement
EasyGo security policy Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement This copy of the document was published on and is for information purposes only. It may change without further
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA ) is entered into between: A. The company stated in the Subscription Agreement (as defined below) ( Data Controller ) and B. Umbraco A/S Haubergsvej
More informationINFS 214: Introduction to Computing
INFS 214: Introduction to Computing Session 13 Cloud Computing Lecturer: Dr. Ebenezer Ankrah, Dept. of Information Studies Contact Information: eankrah@ug.edu.gh College of Education School of Continuing
More informationitsmf Annual Conference 2012
itsmf Annual Conference 2012 Applying ITIL to Cloud Computing Mr. HP Suen Director itsmf International Executive Board Agenda Definition of Cloud Computing On-demand self service Pool of resources Pre-production
More informationFRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.
FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from
More informationBusiness Technology Briefing: Fear of Flying, And How You Can Overcome It
Business Technology Briefing: Fear of Flying, And How You Can Overcome It Joseph Tobloski Senior Director for Data & Platforms R&D Accenture Technology Labs Fear of Flying And How You Can Overcome It May
More informationBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017 PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory
More informationREVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009
APPENDIX 1 REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationCLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information
CLOUD COMPUTING The Old Ways Are New Again Jeff Rowland, Vice President, USAA IT/Security Audit Services Public Information Who We Are Our Mission The mission of the association is to facilitate the financial
More informationCloud Security Standards and Guidelines
Cloud Security Standards and Guidelines V1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved version Review
More informationThis website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups.
Privacy Policy This website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups. Your privacy is important to us and this Privacy Policy ( Policy ) provides information
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationTech Talk #11. Public Cloud UNIVERSITY OF COLORADO AT BOULDER 12/14/16 CU TECH TALK #11
Tech Talk #11 Public Cloud UNIVERSITY OF COLORADO AT BOULDER 12/14/16 CU TECH TALK #11 Who is this idiot speaking? Orrie Gartner Deputy Director of Operations Where is the Tech in this Tech Talk? For those
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationIntroduction to Cloud Computing
Introduction to Cloud Computing 1 Outline 1. A brief history 2. Definition 3. Motivation, Benefit, Risk 4. Concepts 2 Outline 1. A brief history 2. Definition 3. Motivation, Benefit, Risk 4. Concepts 3
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationIntroduction To Cloud Computing
Introduction To Cloud Computing What is Cloud Computing? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g.,
More informationFundamental Concepts and Models
Fundamental Concepts and Models 1 Contents 1. Roles and Boundaries 2. Cloud Delivery Models 3. Cloud Deployment Models 2 1. Roles and Boundaries Could provider The organization that provides the cloud
More informationWEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM
SECURITY ANALYTICS WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM BLAZING PERFORMANCE, HIGH AVAILABILITY AND ROBUST SECURITY FOR YOUR CRITICAL WEB APPLICATIONS OVERVIEW Webscale is a converged multi-cloud
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationCloud Computing Overview. The Business and Technology Impact. October 2013
Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationIBM Emptoris Managed Cloud Delivery
Service Description IBM Emptoris Managed Cloud Delivery This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationInformation technology Security techniques Code of practice for personally identifiable information protection
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationFree ITIL Foundation Exam Paper 40 Questions 60 Minutes Allowed. Minimum of 26/40 to Pass. With the Compliments of www.itservicesuccess.com Good Luck!! GIVE YOURSELF THE UNFAIR ADVANTAGE! MULTIPLE CHOICE
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationChapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC
Chapter 8: SDLC Reviews and Audit... 2 8.1 Learning objectives... 2 8.1 Introduction... 2 8.2 Role of IS Auditor in SDLC... 2 8.2.1 IS Auditor as Team member... 2 8.2.2 Mid-project reviews... 3 8.2.3 Post
More informationEnabling efficiency through Data Governance: a phased approach
Enabling efficiency through Data Governance: a phased approach Transform your process efficiency, decision-making, and customer engagement by improving data accuracy An Experian white paper Enabling efficiency
More informationThe ITIL Foundation Examination
The ITIL Foundation Examination Sample Paper A, version 5.1 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. All answers are to be marked on the answer grid provided. 3. You have
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationInformation Security Management
Information Security Management BS ISO/ IEC 17799:2005 (BS ISO/ IEC 27001:2005) BS 7799-1:2005, BS 7799-2:2005 SANS Audit Check List Author: Val Thiagarajan B.E., M.Comp, CCSE, MCSE, SFS, ITS 2319, IT
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More information1. You should attempt all 40 questions. Each question is worth one mark.
Sample Paper D Question Booklet Multiple Choice Exam Duration: 60 minutes Instructions 1. You should attempt all 40 questions. Each question is worth one mark. 2. Mark your answers on the answer sheet
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationSDL Privacy Policy Cloud Services
SDL Privacy Policy Cloud Services Software-As-A-Service Products Version 11-04-2017 v1.4 SDL plc Globe House Clivemont Road, Maidenhead SL6 7DY England www.sdl.com SDL Tridion Infrastructure Summary This
More informationClearswift Managed Security Service for
Clearswift Managed Security Service for Email Service Description Revision 1.0 Copyright Published by Clearswift Ltd. 1995 2019 Clearswift Ltd. All rights reserved. The materials contained herein are the
More information