EuroCloud Europe. Key success factors for trustworthy Cloud Adoption in the EU. 16-JUNE-2015 Riga Andreas Weiss. Trust in Cloud
|
|
- Steven Harrell
- 5 years ago
- Views:
Transcription
1 EuroCloud Europe a.s.b.l EuroCloud Deutschland_eco e.v. EuroCloud Europe Key success factors for trustworthy Cloud Adoption in the EU 16-JUNE-2015 Riga Andreas Weiss
2 European Activities Expert Groups in EuroCloud countries Special local law and regulation per country Quality Assessment (ECSA) Digital Agenda Cloud Select Industry Group SLA Code of Conduct Certification Cloud Certification Cloud Risk assessments Cloud Security Guide for SMEs Cloud Resilience Cloud Standards Interoperability SLA
3 How to meet expectations? Targeting the SME market Transparency of Cloud Services (Security, Data Privacy and Compliance) Assessment of trustworthy Cloud Services
4 Luise / pixelio.de SarahC. / pixelio.de The impact of Cloud Computing Cloud Computing is a game changer Cloud Computing addresses a global market A huge shift from on premise to outsourced services Key expectations... and affects all business lines in terms of: application portfolio IT resourcing IT and Service Management Mobile workforces delivery channels customer interaction new opportunities massive international outreach connects digital markets incubates innovation in various sectors dominated by global players with large investments for infrastructure development and applications business processes analytics modernisation business process optimisation cost reduction being competitive new markets flexible workplaces
5 What is the real Cloud adoption rate? We see a great variety of adoption rates. The key questions is: who, how many and what we are asking! Using mail services in the cloud is not a real indicator.to get insight in digital readyness, we have to establish a maturity model! (Nov 2014)
6 The Cloud Status Quo in Europe Major concerns about data privacy and data security in cloud based services No single digital market (data privacy, tax, ) In fact we are talking about the next level of digital enterprises but the base concept is not understood yet! EU initiatives not harmonized with national initiatives The majority of European SMEs needs support to define their go to cloud and go to market strategy
7 Digital Single Market Strategy 3.4 Reinforcing trust and security in digital services and in the handling of personal data 2.5. Reducing VAT related burdens and obstacles when selling across borders 4.1 Building a data economy 5.Delivering the digital single market 4. Maximising the growth potential of the digital economy
8 Gerhard Giebener / pixelio.de The SME market SMEs are concerned to keep control of their business and their data They do not see sufficient evidence on the effectiveness of Cloud Computing in their business Demand: No trust due to lack of transparency; the terminology is unclear and not understood. Supply: They have to comply with local regulation, whereas global suppliers have various options to pass by.
9 Five key issues EU providers are bound to local regulations whereas global players can pass by Lack of transparency Adequate data privacy and data protection and overall security Vendor Lock In same rules for everybody in the European Market vendor listings with appropriate assessment of the full service chain certification for cloud services with appropriate scope portability strategies and standardisation 5 Legal compliance clear rules for a digital single European market
10 Establish Trust» Despite the obvious advantages of Cloud Computing technology, many companies and institutions retain a wait and see attitude as potential customers and users» If people as a result of too much complexity are no longer capable of making a real verification, they fall back on symbolic implications like certification, success stories, reputation,
11 A joined European approach Form a group of stakeholders to establish appropriate trust mechanism Define requirements to be awarded as Trusted Cloud Service Provider Rise awareness and provide show cases and best practices Build an eco system of Consultants and Trainers to educate and support the market with tools and services.
12 The German approach as a sample Trusted Cloud Initiative by the Federal Ministry of Economic Affairs and Energy Trusted Cloud Competence Network as joined force build by associations (provider and user), governmental organisations and interested parties Trusted Cloud requirements (Legal, DPA, Security, ) Control Framework (based on EuroCloud Star Audit) National specific requirements I am using cloud to be agile be competitive be attractive I want to scope on my core business access new markets reach new clients Train supply and demand side on relevant aspects of cloud computing and provide ongoing guidance
13 The seal Trusted Cloud will promote the use of cloud services Promoting the use of cloud services with focus on SME sector through transparency and legal certainty Improving the competitive position of cloud service providers Starting in Germany but considering existing initiatives in other countries in order to build a blueprint for a pan-european seal
14 Draft Trusted Cloud Seal Management Cloud- Service User Cloud Services Catalogue Information to sealed services Management of Seals Application processing Approval processing Self-test Online Application Seal Approval Cloud- Service Provider Help, FAQ Sealed Cloud Services Seal Trusted Cloud Criteria Knowledge Base Help, FAQ Process of Accreditation Accreditation Accredited Control Orgs Application processing Application brokerage Cloud-Service Control organizations
15 TiC (trustincloud.org) Web and print Campaign Use cases and best practices
16 ECSA (eurocloud-staraudit.eu) Training package Control catalogue Further guidance Academy for consultants and trainers Self assessment service, 3rd party audit certification
17 Key areas to be addressed Provider Service description Juridical contractor and ownership structure Owner and locations of the data centers Contract Applicable law Transparency about all contracts Data protection requirements Data Control Regulations in case of service interruption or insolvency Subcontractor involvement
18 ... selection of cloud services and their providers Privacy and Security Implementation of the technical and organizational measures for data protection Implementation of security against unauthorized data access Protection against cyber attacks Datacenter Security of supplies Area Security and access control Emergency plans Operational Processes Service quality Capability for SLA fullfilment Services specific checks IaaS,PaaS, SaaS Isolation of services and data Support services Portability
19 What next for cloud security? Audit & Certification? Audit? Audit Years
20 Dynamic Certification of Cloud Services Hypotheses: It is possible to evaluate critical requirements of a certificate automatically. A completely automatic certification for dedicated test steps is possible. Automatic test steps can help to prove fulfilling requirements regarding quality, data protection and data security ensuring legal compliance. Certificate requirements (checklist) Results & Reports (e.g. Dashboard) Checklists (requirements of all certificates) Automatically verifiable technical requirements Detection rule set Analyse & Validate (e.g. CEP) Metric 1 (with threshold) Metric N Monitoring System Technical requirements but not automatically verifiable User, Auditor
21 Security in the cloud age a perimeter security concept does not help anymore cyber threads are growing very fast BYODevice and BYOService are introducing unknown risks IT Security must be pro active, not reactive Hybrid IT and dynamic audit each critical system and data storage has to be secured individually ongoing large investments against attacks like malware, DDoS, establish policies and measurements to identify risks ongoing monitoring and detection of abnormal behavior integrated monitoring of On Premise and Cloud IT
22 Security in and by cloud Professional Cloud Services are much more secure than the majority of On Premise IT Raising security effectiveness due to cloud services Security in the cloud: It is the key business of a cloud service provider to secure the systems and the data. Security by Cloud: The prevention against DDOS and Malware is most effective by cumulated cloud based intelligence and IT/communication ressources.
23 Conclusion Establish Trust is the key challenge and it will not happen without a clear action plan The establishment of joined trusted stakeholder groups who are capable of taking care of all the complex questions is highly relevant Transparency and comparability We all have to work towards a European Digital single market with respect to the European values, data privacy is a fundamental right and not protectionism of cloud provisioning is a primary goal
24 Thanks for your attention! Andreas Weiss Managing Director EuroCloud Europe Director EuroCloud Deutschland_eco e.v Wir gestalten das Internet
25 About EuroCloud 21 Countries +various Candidates Network of cloud specialist More than 1000 members companies throughout Europe Targeting the entire Cloud eco System (Cloud Service Provider and Customer) Areas of activities for Users Standards and Interoperability Single European digital market Link the European Cloud Industry Research and Innovation Start Up incubation and ISV transformation
26 Key areas to be addressed Area Control Goal Provider Contract Service description Juridical contractor and ownership structure Owner and locations of the data centers Applicable law Transparency of all contracts Data protection requirements Data Control Regulations with service interruption or insolvency Subcontractor Clarify the functional requirements related to the company's needs Examination of the possible influence by controlling shareholders Clarification of data locations and involved subcontractors Examination of location as legal entity in case of possible dispute Contracts are available in full in advance and changes in the current contract are subjects to approval Compliance with the prescribed by the BDSG formal requirements Utilisation rights of data are held exclusively by the customer. There are clear rules that guarantee an adequate repatriation of data at any time Naming all the subcontractors and agreements at change during the term involved in the service provision and their commitment to the privacy regulations
27 ... Selection of cloud services and their providers Area Control Goal Privacy and Security Implementation of the technical and organizational measures for data protection Implementation of security against unauthorized data access Protection against cyber attacks The specifications according to local DPA contractually regulated and implemented proven Safety recommendations according to ECSA, CSA, ISO Safety recommendations according to ECSA and ENISA Datacenter Security of supply Areal Security Redundancy for power, cooling, network connectivity Adequate controls against unauthorized system access Operational processes Service quality Services specific tests IaaS, PaaS, SaaS Isolation Proven implementation of service-related business processes (ITIL) and SLA compliance Measures to delimitation of areas for clients dedicated technical infrastructure and data areas
STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?
ETSI SUMMIT Releasing the Flow Data Protection and Privacy in a Data-Driven Economy 19 April 2018 STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL? Presented by
More informationECSA Assessment Report
ECSA Assessment Report Company Test Cloud Company Name of the cloudservice textcloud.com Website of the cloudservice 11.textcloud.com Project number #10652 Projectname Dummyproject Print date 2015-12-01
More informationEU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017
EU Cloud Computing Policy Luis C. Busquets Pérez 26 September 2017 The digital revolution is built on data Most economic activity will depend on data within a decade Potential of the data-driven economy
More informationTrusted Cloud Building Up Trust in Cloud Computing. CeBIT 2017 Hannover
Trusted Cloud Building Up Trust in Cloud Computing CeBIT 2017 Hannover 1 Trusted Cloud reduces obstacles to the use of cloud technologies Reasons of companies in Germany for not using cloud services Source:
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationCloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA
Cloud Computing: A European Perspective Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Overview Cloud Universe Definitions Cloud Risks in Europe Governance, Risk and Compliance
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationMicrosoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz Installation von 2000 Servern in 3 Stunden Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationIn Accountable IoT We Trust
In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design
More informationETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)
ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security
More informationCLOUD QUALITY AND CLOUD CERTIFICATION
CLOUD QUALITY AND CLOUD CERTIFICATION 8th EuroCloud Congress Cloud, Trust & Security 25th October 2017 / Brussels, Belgium Ivana Tepčević Project Manager and Lead Auditor, SGS Belgrade AGENDA SGS in brief
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationContinuous auditing certification
State of the Art in cloud service certification Cloud computing has emerged as the de-facto-standard when it comes to IT delivery. It comes with many benefits, such as flexibility, cost-efficiency and
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationCONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE
CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 18-19 APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 At the Trieste Western Balkans Summit, we stressed the importance of the
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More information13967/16 MK/mj 1 DG D 2B
Council of the European Union Brussels, 4 November 2016 (OR. en) 13967/16 'I/A' ITEM NOTE From: To: General Secretariat of the Council No. prev. doc.: 11911/3/16 REV 3 No. Cion doc.: 11013/16 Subject:
More informationWhat is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller
A guide to CLOUD COMPUTING 2014 Cloud computing Businesses that make use of cloud computing are legally liable, and must ensure that personal data is processed in accordance with the relevant legislation
More informationSecuring Europe's Information Society
Securing Europe's Information Society Dr. Udo Helmbrecht Executive Director European Network and Information Security Agency 16 June 2010 FIRST AGM Miami 16/6/2010 1 Agenda ENISA overview Challenges EU
More informationHow the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015
How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015 Claudia Prettner, Unit for Health and Well-Being, DG CONNECT Table of
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationSession 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security
Session 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security An Overview of Recent Changes to ISO 20000 Ron Lester Enterprise Service Management Consultant, Information Technology
More informationThird public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment
Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment 14 February 2017 Amsterdam Gerhard Menzel European Commission - DG MOVE EU Policy Tools Large-scale deployment
More informationCybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration
Statement Comments by the electrical industry on the EU Cybersecurity Act manufacturer s declaration industrial security Cybersecurity Quality basis security LED-Modul Statement P January 2018 German Electrical
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationCloud solution consultant
Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Level 18 Job family Professional services Date November 2017 Reports to Cloud services group
More informationBenefits of Open Cross Border Data Flows
/SMEWG41/039 Agenda Item: 16.3 Benefits of Open Cross Border Data Flows Purpose: Information Submitted by: United States 41 st Small and Medium Enterprises Working Group Meeting Iloilo, Philippines 23-24
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationCLOUD GOVERNANCE SPECIALIST Certification
CLOUD GOVERNANCE SPECIALIST Certification The Cloud Professional (CCP) program from Arcitura is dedicated to excellence in the fields of cloud computing technology, mechanisms, platforms, architecture,
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27006 Second edition 2011-12-01 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems
More informationCurrent Cloud Certification Challenges Ahead and Proposed Solutions
Current Cloud Certification Challenges Ahead and Proposed Solutions Daniele Catteddu, CTO Cloud Security Alliance AGENDA 3 Challenges 1 Framework 3 Key Requirements 3 Solutions Copyright 2011 2016 Cloud
More informationThe European Programme for Energy Efficiency in Data Centres: The Code of Conduct
The European Programme for Energy Efficiency in Data Centres: The Code of Conduct Paolo Bertoldi European Commission DG JRC Institute for Energy and Transport 1 Why Data Centres? Continuing demand for
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationBusiness Technology Briefing: Fear of Flying, And How You Can Overcome It
Business Technology Briefing: Fear of Flying, And How You Can Overcome It Joseph Tobloski Senior Director for Data & Platforms R&D Accenture Technology Labs Fear of Flying And How You Can Overcome It May
More informationWhere is the EU in cloud security certification?: Main findings
WE CAN DO SO MUCH TOGETHER Where is the EU in cloud security certification?: Main findings Certification schemes for cloud computing SMART 2016 / 0029 Leire Orue-Echevarria TECNALIA December 11 th, 2017
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationGuidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) Adopted on 4 December 2018 Adopted 1 Contents 1 Introduction... 3 2
More informationCloud solution consultant
Cloud solution consultant Role brief Directorate Jisc technologies Base location Harwell or Bristol Grade B Job level 18 Job family Professional services Date 23/10/2017 Reports to Cloud services group
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationAngela McKay Director, Government Security Policy and Strategy Microsoft
Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au
More informationOptimising cloud security, trust and transparency
Optimising cloud security, trust and transparency April 2013 Jim Reavis, CSA Founder and Executive Director Daniele Catteddu, CSA Managing Director EMEA About the Cloud Security Alliance! Global, not-for-profit
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationISO27001:2013 The New Standard Revised Edition
ECSC UNRESTRICTED ISO27001:2013 The New Standard Revised Edition +44 (0) 1274 736223 consulting@ecsc.co.uk www.ecsc.co.uk A Blue Paper from Page 1 of 14 Version 1_00 Date: 27 January 2014 For more information
More informationCall for Expressions of Interest
Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...
More informationCLOUD SECURITY SPECIALIST Certification. Cloud Security Specialist
CLOUD SECURITY SPECIALIST Certification Cloud Security The Cloud Professional (CCP) program from Arcitura is dedicated to excellence in the fields of cloud computing technology, mechanisms, platforms,
More informationBCS Foundation Certificate in Software Asset Management Essentials Syllabus
BCS Foundation Certificate in Software Asset Management Essentials Syllabus Version 4.6 March 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification
More informationAssociation for International PMOs. Expert. Practitioner. Foundation PMO. Learning.
AIPM Association for International PMOs Expert Practitioner Foundation www.pmolearning.co.uk PMO The Leading Standard and Certification for PMO Professionals Today Understand the Value of High-Performing
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 18/EN WP261 Article 29 Working Party Draft Guidelines on the accreditation of certification bodies under Regulation (EU) 2016/679 Adopted on 6 february 2018 1 THE
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationYour Trusted Partner in Europe European Business Reliance Centre
Your Trusted Partner in Europe European Business Reliance Centre Fit4Exchange 23 Septembre 2015 ebrc.com 24/09/2015 Public 1 EBRC -European Business Reliance Centre Our vision: To be the Centre of Excellence
More informationBuild confidence in the cloud Best practice frameworks for cloud security
Build confidence in the cloud Best practice frameworks for cloud security Cloud services are rapidly growing and becoming more of a focus for business. It s predicted that more than $1 trillion in IT spending
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationTHE CYBER SECURITY ENVIRONMENT IN LITHUANIA
Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit
More informationRevised November EFESC Handbook
Revised November 2015 EFESC Handbook 1 Table of Contents EFESC Handbook... 1 Table of Contents... 2 Handbook EFESC... 4 1 Background and objectives... 4 1.1 Sectoral developments... 4 1.1 Objectives...
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationIndividual Agreement. commissioned processing
Individual Agreement commissioned processing (in the following: AGREEMENT) Between 1. - Address owner / Controller - and 2. - Service provider / Processor - As of: 09/2017, Page 2 of 12 The following provisions
More informationBuilding Trust in the Era of Cloud Computing
Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.
More informationBCS EXIN ITAMOrg Software Asset Management Specialist Syllabus Version 1.1 December 2016
BCS EXIN ITAMOrg Software Asset Management Specialist Syllabus Version 1.1 December 2016 This professional certification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification
More informationTUV SUD Certified Cloud Computing Elementary Professional (TCCEP) Certification - Brochure
TUV SUD Certified Cloud Computing Elementary Professional (TCCEP) Certification - Brochure Get Certified in the Technology that will Drive the Future Course Name : Cloud Computing Version : INVL_CC_BR_02_042_1.2
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationCo-creation for Success
SAP SAPPHIRE NOW 2018 Orlando, June 5-7, 2018 Human Centric Innovation Co-creation for Success 0 2018 FUJITSU Fujitsu Hybrid IT Conduit for Digital Transformation Orlando, June 5-7, 2018 Human Centric
More informationSOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions
SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American
More informationThe emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18
The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 European Union Agency for Network and Information Security
More informationData Processing Clauses
Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.
More informationIntroduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services
When it comes to GDPR compliance, is OK for now enough? EY CertifyPoint s GDPR certification process will help you achieve and demonstrate compliance. Minds made for protecting financial services Introduction
More informationThe European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3
The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 Andrea.Servida@ec.europa.eu What is at stake with CIIs The World Economic Forum
More informationR e a c t i o n s t o t h e e - I n v o i c i n g r e p o r t o f t h e EU- E x p e r t g r o u p
Seite 1 von 6 Re: R e a c t i o n s t o t h e e - I n v o i c i n g r e p o r t o f t h e EU- E x p e r t g r o u p General assessment 1. Do you agree with the report s assessment, conclusions and recommendations?
More informationNEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES
NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES Kristina Doda & Aleksandar Vanchoski Budapest, CEPOL conference 2017 New technologies - new social interactions and economic development - need
More informationState Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017
State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationFundamental Concepts and Models
Fundamental Concepts and Models 1 Contents 1. Roles and Boundaries 2. Cloud Delivery Models 3. Cloud Deployment Models 2 1. Roles and Boundaries Could provider The organization that provides the cloud
More informationCyber Security Beyond 2020
Paulo Empadinhas Steve Purser NLO meeting ENISA Athens 26/04/2017 European Union Agency for Network and Information Security Main findings ENISA s current tasks and product portfolio shall be retained.
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationGovernment Data Center Modernization
Government Data Center Modernization Strategy Focus Group Discussion 13 March 2017 Table of Contents Welcome and Introduction Trends in Data Center Modernization Current Situation at Thailand Key Challenges
More informationA sanity check on Cloud from a Benelux point of view. Is Cloud turning into Fast Food? Are we conscious of the health risks?
A sanity check on Cloud from a Benelux point of view EEMA Event: To Cloud or not to Cloud BART DEPRETER, MANAGER PRESALES & CONSULTANCY, CEGEKA November 18, 2015 Agenda Is Cloud turning into Fast Food?
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationA SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS
A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationEDPB Certification Guidelines
EDPB Certification Guidelines Public Consultation: Comments submitted by SCOPE Europe bvba/sprl Published and Submitted: 10. July 2018 1 About SCOPE Europe sprl SCOPE Europe is a subsidiary of Selbstregulierung
More information