BSI C5 Status Quo. Dr. Clemens Doubrava, BSI,
|
|
- Marion Phyllis Chambers
- 5 years ago
- Views:
Transcription
1 BSI C5 Status Quo Dr. Clemens Doubrava, BSI,
2 Expectations Cloud Service Provider Customers, more customers, An Everything-is-secure -Certification Preferably including data protection (GDPR) Standardized security agreements No additional security agreements Restricted liability Control audit planning Cloud Service User Highest usability and seamless integration A secure cloud service and an everything is secure -certification Preferably including data protection (GDPR) Security via binding requirements in contract Significant evidence of security Dr. Clemens Doubrava BSI C5 - Status Quo Page 2
3 Reality Information security An Everything-is-secure-Certification is impossible Security has to be appropriate and not perfect Defining an appropriate security level is the responsibility of the customer or regulatory bodies Compliance Information security is an important building block for compliance standards Data protection is defined by the corresponding independent authorities and regulatory bodies. Assessments on information security must be integrated easily in compliance standards Dr. Clemens Doubrava BSI C5 - Status Quo Page 3
4 C5 in a nutshell Information Security 114 controls structured in 17 sections defining a baseline security Based on ISO 27001, CSA CCM, BSI, ANSSI, Special attention on cloud issues (IAM, Operations, ) Mapping to several other standards available Audit and Report Audit according to ISAE 3000 (or analogue national standards) Report analogue to ISAE 3402 or SOC 2 (SOC 2+) Qualification of the audit team Performed by public accountants and IT security experts Transparency Surrounding parameters for transparency Dr. Clemens Doubrava BSI C5 - Status Quo Page 4
5 Facts Timeline C5 published at CeBIT 2016 December 2016: 1 st attestation for Amazon Web Services for services from region Frankfurt February 2017: 2 nd attestation for Box March 2017: 3 rd attestation for Fabasoft Cloud May 2017: BSI publishes minimum standard for cloud usage for federal public sector August 2017: 4 th attestation for Microsoft Azure (Microsoft Cloud Deutschland) November 2017: 5 th attestation for Dropbox Business and Dropbox Education December 2017: 6 th attestation for Alibaba Cloud Services from Frankfurt and Singapore Characteristics International, European and national cloud services Attestation so far from 4 different financial audit companies (PwC, EY, KPMG, Deloitte) Dr. Clemens Doubrava BSI C5 - Status Quo Page 5
6 C5 is NOT just a new standard Business relation Cloud service user Maps the security requirements with C5 Read and understands C5 report Evaluates surrounding parameters Demands C5 + delta in a contract Just has to negotiate delta Cloud service provider Has an internal control system Holds a C5 attestation Gives C5 report to customers C5 controls are part of the contract Just has to negotiate delta C5 serves as a baseline AND a catalyzer for DSM Dr. Clemens Doubrava BSI C5 - Status Quo Page 6
7 Minimum standard for secure cloud usage Minimum standards of BSI are mandatory for federal authorities in Germany (comparable to compliance rules or corporate binding rules in enterprises) BSI published a minimum standard for the use of external cloud services Defines prerequisites, a process and 20 requirements Information security requirements are based on C5 The user still needs to decide the appropriate security level based on information and processes A more elaborated process is defined in the publication: Secure use of cloud services Dr. Clemens Doubrava BSI C5 - Status Quo Page 7
8 Check with reality Cooperation with data protection Mapping to TCDP (Trusted Cloud Data Protection) (delta is data protection only) Both audits done at the same time (e.g. Box) Public procurement Body cams for the federal police in Germany with cloud storage attached Negotiations were fast (due to catalyzer C5) Market enabler Alibaba cloud uses C5 attestation to develop European market Is it a fundament Fundament for 1 st and 2 nd -party audits (ISACA) Future regulations for professional secrets and even financial market is in progress Dr. Clemens Doubrava BSI C5 - Status Quo Page 8
9 Take Home Messages C5 defines a baseline for secure cloud services CSP can easily add C5 to their compliance management (mapping) C5 is international by design Any country can adopt or expand C5 (no problem for attestation) There is no Everything-is-secure-certification Cloud service provider and customers remain accountable and C5 will not change this C5 serves as a catalyzer for a secure DSM in the EU: Baseline? Check! Take care of the delta C5 is part of the contract Periodical audit report builds trust between customer and provider Data protection is (and will be) a remaining issue BUT overlap to C5 is large (and audit processes can be coordinated) In addition: German data protection authority recognizes C5 Most important: C5 works! Dr. Clemens Doubrava BSI C5 - Status Quo Page 9
10 Thank you very much for your attention! (German) (English) Kontakt Dr. Clemens Doubrava Head of Section Information Security in the Cloud and in Applications Bundesamt für Sicherheit in der Informationstechnik Referat B34 Postfach D Bonn Dr. Clemens Doubrava BSI C5 - Status Quo Page 10
STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?
ETSI SUMMIT Releasing the Flow Data Protection and Privacy in a Data-Driven Economy 19 April 2018 STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL? Presented by
More informationhybrid cloud for science Kickoff Phase 3 Pilot FeBRUARY, 6 th / 7 th 2018 Team T-Systems/Huawei/Cyfronet/Divia
hybrid cloud for science Kickoff Phase 3 Pilot FeBRUARY, 6 th / 7 th 2018 Team T-Systems/Huawei/Cyfronet/Divia Helix Nebula Science CLOUD Vision T-Systems Helix nebula will be the leading european hybrid
More informationData Protection in the AWS Cloud: Implementing GDPR and Overview of C5
Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5 Gerald Boyne, Christian Hesse Security Assurance Germany 25.11.2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights
More informationCSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD
More informationEU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017
EU Cloud Computing Policy Luis C. Busquets Pérez 26 September 2017 The digital revolution is built on data Most economic activity will depend on data within a decade Potential of the data-driven economy
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationRobert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014
Robert Brammer Senior Advisor to the Internet2 CEO rfbtech@internet2.edu Internet2 NET+ Security Assessment Forum 8 April 2014 INTERNET2 NET+ Security Initiative Primary objective -- develop guidance to
More informationNEWS GPS BASED METHODS FOR AREA MEASUREMENT APPROVED BY EC
NEWS GPS BASED METHODS FOR AREA MEASUREMENT APPROVED BY EC Martin Grzebellus Managing Director JRC GPS Workshop 11. 04. 08 Dublin NavCert GmbH Hermann-Blenk-Straße 22 D 38108 Braunschweig choose certainty,
More informationCompliance and Security in a Cloud-First Era
Compliance and Security in a Cloud-First Era Regions: Dublin (EU-West) 3 x Availability Zones Launched in 2007 Frankfurt (EU-Central) 2 x Availability Zones Launched 2014 Edge Locations: Amsterdam,
More informationWorking with the EU Directive High common level of network and information security. Martin Apel, SANS ICS Summit, Munich und
Working with the EU Directive High common level of network and information security Martin Apel, SANS ICS Summit, Munich und 18.06.2018 Outline 1. Overview over NIS-Directive 2. Who is an operator of essential
More informationIn Accountable IoT We Trust
In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design
More informationTrusted Cloud Building Up Trust in Cloud Computing. CeBIT 2017 Hannover
Trusted Cloud Building Up Trust in Cloud Computing CeBIT 2017 Hannover 1 Trusted Cloud reduces obstacles to the use of cloud technologies Reasons of companies in Germany for not using cloud services Source:
More informationCurrent Cloud Certification Challenges Ahead and Proposed Solutions
Current Cloud Certification Challenges Ahead and Proposed Solutions Daniele Catteddu, CTO Cloud Security Alliance AGENDA 3 Challenges 1 Framework 3 Key Requirements 3 Solutions Copyright 2011 2016 Cloud
More informationWhere is the EU in cloud security certification?: Main findings
WE CAN DO SO MUCH TOGETHER Where is the EU in cloud security certification?: Main findings Certification schemes for cloud computing SMART 2016 / 0029 Leire Orue-Echevarria TECNALIA December 11 th, 2017
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationBy 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1
By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 The question is no longer: How do I move to the cloud? Instead, it s Now that I m in the cloud, how do I make sure
More informationThe German IT Security Certification Scheme. Joachim Weber
The German IT Security Certification Scheme Joachim Weber The German IT Security Certification Scheme 1. The role of the BSI 2. The German IT Certificate Scheme 3. Certification procedures in detail 4.
More informationOptimising cloud security, trust and transparency
Optimising cloud security, trust and transparency April 2013 Jim Reavis, CSA Founder and Executive Director Daniele Catteddu, CSA Managing Director EMEA About the Cloud Security Alliance! Global, not-for-profit
More informationNIST Designation of CABs: Upcoming Changes for the US and EU Review for Japan
NIST Designation of CABs: Upcoming Changes for the US and EU Review for Japan Japan MRA Workshop March 2, 2016 Presented by Ramona Saar Program Manager, NIST Version updated 2/26/2016 Topics Introduction:
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationLegal Regulations and Vulnerability Analysis
Legal Regulations and Vulnerability Analysis Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) Germany Introduction of the BSI National Authority for Information
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationNetwork and Information Security Directive
Network and Information Security Directive Provisions + ENISA s activities Dr Evangelos Ouzounis Head of Secure Infrastructure and Services Unit, ENISA European Union Agency for Network and Information
More informationCloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA
Cloud Computing: A European Perspective Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Overview Cloud Universe Definitions Cloud Risks in Europe Governance, Risk and Compliance
More informationeidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote
eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote arvid.vermote@be.ey.com EY eidas Certification scheme Scheme EY CertifyPoint B.V. is currently
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationAT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant
Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse 25-27 68159 Mannheim E: info@it-scan.de W: www.it-scan.de Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter
More informationRules of Procedure for Certification According to the Trusted Cloud Data Protection Profile for Cloud Services (TCDP) CHAPTER 1: SCOPE 3
Rules of Procedure for Certification According to the Trusted Cloud Data Protection Profile for Cloud Services (TCDP) Prodecure for certification under the Contents CHAPTER 1: SCOPE 3 1.1 Scope 3 1.2 Subject
More informationThis presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas Tamosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide
More informationHow to Establish Security & Privacy Due Diligence in the Cloud
How to Establish Security & Privacy Due Diligence in the Cloud Presentation: Cloud Computing Expo 2015, Santa Clara, California Maria C. Horton, CISSP, ISSMP, Cloud Essentials, IAM CEO, EmeSec Incorporated
More informationBULLETPROOF365 SECURING YOUR IT. Bulletproof365.com
BULLETPROOF365 SECURING YOUR IT Bulletproof365.com INTRODUCING BULLETPROOF365 The world s leading productivity platform wrapped with industry-leading security, unmatched employee education and 24x7 IT
More informationGDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,
GDPR Impacts SEV GDPR Workshop Athens Giles Watkins, UK Country Leader Wednesday 7th February, 2018 Agenda What is the Privacy Opportunity? What is different under GDPR? Where organisations are focusing?
More informationBULLETPROOF365 SECURING YOUR IT. Bulletproof365.com
BULLETPROOF365 SECURING YOUR IT Bulletproof365.com INTRODUCING BULLETPROOF365 The world s leading productivity platform wrapped with industry-leading security, unmatched employee education and 24x7 IT
More informationHITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.
HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated
More informationISO/IEC Safeguarding Personal Information in the Cloud. Whitepaper
ISO/IEC 27018 Safeguarding Personal Information in the Cloud Whitepaper The ISO/IEC 27018 standard ISO/IEC 27001 only goes so far. To deal with the additional concerns associated with the processing of
More informationLearn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification
LAST UPDATED 03-01-2018 ISMS (ISO/IEC 27001:2013) AUDITOR / LEAD AUDITOR TRAINING COURSE (A17533) COURSE DURATION: 5 DAYS LEARNING OBJECTIVES Learn how to explain the purpose and business benefits of an
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationEU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationWorkday s Robust Privacy Program
Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield
More informationSCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationSUCCESS STORY INFORMATION SECURITY
SUCCESS STORY Landis+Gyr cares for security in Smart Metering Safety modules for Smart-Meter Gateways according to Common Criteria The fabrication of intelligent power meters, the so called Smart Meters,
More informationSmart Software Licensing tools and Smart Account Management Privacy DataSheet
Smart Software Licensing tools and Smart Account Management Privacy DataSheet This Privacy DataSheet describes the processing of personal data (or personal identifiable information) by Smart Software Licensing
More information2nd ENISA Workshop German CERT-Activities. 5 th October, 2006 Brussels
2nd ENISA Workshop German CERT-Activities 5 th October, 2006 Brussels Overview Hosting Organisation CERT-Bund Background Projects CERT Services German CERT Activities International Cooperation Lessons
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationINFORMATION SECURITY MANAGEMENT
ISMS (ISO/IEC 27001:2005 to ISO/IEC 27001:2013) Transition Training Course (A17700) Two (2) Days It is recommended for ISMS registered Provisional Auditors, Auditors, Lead Auditors, Principal Auditors
More informationHow icims Supports. Your Readiness for the European Union General Data Protection Regulation
How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection
More informationPCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationAssurance Continuity Maintenance Report
IFX_CCI_000003h, IFX_CCI_000005h, IFX_CCI_000008h, IFX_CCI_00000Ch, IFX_CCI_000013h, IFX_CCI_000014h, IFX_CCI_000015h, IFX_CCI_00001Ch and IFX_CCI_00001Dh design step H13 including optional software libraries
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 18/EN WP261 Article 29 Working Party Draft Guidelines on the accreditation of certification bodies under Regulation (EU) 2016/679 Adopted on 6 february 2018 1 THE
More informationOpen Telekom Cloud. ESA-ESPI Workshop Space Data & Cloud Computing Infrastructures: Policies and Regulations Provider View Andreas Falkner
Open Telekom Cloud ESA-ESPI Workshop Space Data & Cloud Computing Infrastructures: Policies and Regulations Provider View Andreas Falkner Source: flaticon.com cloud as the Basis for Digitization A door-opener
More informationAWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE
AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE 2018 1 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationGeneral Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant
General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More informationMEDIA KIT The Information Security Journal. Advertising Rate Card no. 31, valid from Jan. 1, 2014
MEDIA KIT 2014 Advertising Rate Card no. 31, valid from Jan. 1, 2014 Table of contents 2 The Trade Journal -specials The Information Security Journal Magazine Magazine Profile page 3 Deadlines & Topics
More informationCybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European
Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency for Network and Information Security Positioning
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationBSI-CC-PP-0088-V for
BSI-CC-PP-0088-V2-2017 for Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 developed by DBMS Working
More informationDirective on Security of Network and Information Systems
European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security
More informationDocument Title: IT Security Assessment Questionnaire
Page 1 of 5 Complete all required fields to the best of your knowledge; incomplete forms will not be reviewed. Project Summary Subject Matter Expert (SME) Information Name: Telephone Number: Email: Job
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationCyber Security. CyberSecurity. For more information: Airbus CyberSecurity
For more information: Airbus CyberSecurity CyberSecurity France Metapole 1, boulevard Jean Moulin / CS 40001 / 78996 Elancourt Cedex/ France Germany Willy-Messerschmitt-Str. 1 / 82024 Taufkirchen / Germany
More informationBuild confidence in the cloud Best practice frameworks for cloud security
Build confidence in the cloud Best practice frameworks for cloud security Cloud services are rapidly growing and becoming more of a focus for business. It s predicted that more than $1 trillion in IT spending
More informationIso Need to access completely for Ebook PDF iso 27004
ISO 27004 PDF - Are you looking for iso 27004 Books? Now, you will be happy that at this time iso 27004 PDF is available at our online library. With our complete resources, you could find iso 27004 PDF
More informationto confirm that the usability engineering process consisting of the sub-processes
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company Haier Innovation Design Center Haier Industial Park No.1 Haier Road 266101 Qingdao, P. R. China to confirm
More informationCybersecurity Policy in the EU: Security Directive - Security for the data in the cloud
Cybersecurity Policy in the EU: The Network and Information Security Directive - Security for the data in the cloud Microsoft Commitment to Cybersecurity Security at the heart of our products and services
More informationIT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu
January 30, 2017 1 Corporate Structures Shareholders Governance Level: Board of Directors External Director CFO CEO Legal Counsel External Director Responsible for: Evaluate Direct Monitor Internal Directors
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationNow on Now: How ServiceNow has transformed its own GRC processes
Now on Now: How ServiceNow has transformed its own GRC processes Increasing scalability, lowering risk, and slashing costs by $30,000 START 1 Introduction When your business is growing at 0% a year, it
More informationBlock 1: Introduction Overview, Requirements, Knowledge Profiles. FH-Prof. DI Dr. Stefan Sauermann Juliane Herzog, MSc.
Block 1: Introduction Overview, Requirements, Knowledge Profiles FH-Prof. DI Dr. Stefan Sauermann Juliane Herzog, MSc. University of Applied Sciences Technikum Wien University of Applied Sciences (UAS)
More informationBSI-PP for. Protection Profile Secure Signature-Creation Device Type 3, Version developed by
BSI-PP-0006-2002 for Protection Profile Secure Signature-Creation Device Type 3, Version 1.05 developed by CEN/ISSS Information Society Standardization System, Workshop on Electronic Signatures - Bundesamt
More informationWHO-ITU National ehealth Strategy Toolkit
WHO-ITU National ehealth Strategy Toolkit Context and need for a National Strategy A landscape of isolated islands of small scale applications unable to effectively communicate and to share information
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationGuidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) Adopted on 4 December 2018 Adopted 1 Contents 1 Introduction... 3 2
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationHCL GRC IT AUDIT & ASSURANCE SERVICES
HCL GRC IT AUDIT & ASSURANCE SERVICES Overview The immense progress made in information and communications technology offers enterprises outstanding benefits. However this also results in making the risk
More informationContinuous auditing certification
State of the Art in cloud service certification Cloud computing has emerged as the de-facto-standard when it comes to IT delivery. It comes with many benefits, such as flexibility, cost-efficiency and
More informationAdobe Sign and 21 CFR Part 11
Adobe Sign and 21 CFR Part 11 Today, organizations of all sizes are transforming manual paper-based processes into end-to-end digital experiences speeding signature processes by 500% with legal, trusted
More informationBSI-PP for. Protection Profile Waste Bin Identification Systems (WBIS-PP) Version developed by. Deutscher Städte- und Gemeindenbund
Bundesamt für Sicherheit in der Informationstechnik BSI-PP-0010-2004 for Protection Profile Waste Bin Identification Systems (WBIS-PP) Version 1.04 developed by Deutscher Städte- und Gemeindenbund - Bundesamt
More informationThe Network and Information Security Directive - ENISA's contribution
The Network and Information Security Directive - ENISA's contribution Konstantinos Moulinos Information Security Expert 3rd IMPROVER- ERNCIP Operators Workshop Lisbon 23.05.2018 European Union Agency for
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationNetworking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud
Networking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud ICT2015, 21 October 2015 Lisbon, Portugal Dr. Paolo Balboni, Partner at ICT Legal Consulting & Scientific Director
More informationEnforcing building codes for new and existing buildings. Dr. Zoran Morvaj
Enforcing building codes for new and existing buildings Dr. Zoran Morvaj New Delhi, 29 November 1 2016 AGENDA 1. Building codes enforcement for NEW commercial buildings EU practices 3. Programs for EE
More informationExam Questions IIA-CGAP
Exam Questions IIA-CGAP Certified Government Auditing Professional https://www.2passeasy.com/dumps/iia-cgap/ 1. Help define the role and responsibilities of auditors to internal and external entities.
More informationPredictive Assurance
Predictive Assurance Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) 9 ICCC Jeju, Korea September 2008 Irmela Ruhrmann Head of Division Certification,
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationCity, University of London Institutional Repository. This version of the publication may differ from the final published version.
City Research Online City, University of London Institutional Repository Citation: Collins, D. A. & Klotz, E. (2018). GDPR and E-Commerce. City, University of London. This is the published version of the
More informationReference Framework for the FERMA Certification Programme
Brussels, 23/07/2015 Dear Sir/Madam, Subject: Invitation to Tender Reference Framework for the FERMA Certification Programme Background The Federation of European Risk Management Associations (FERMA) brings
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationBusiness Assurance for the 21st Century
14/07/2011 Navigating the Information Assurance landscape AUTHORS Niall Browne NAME AFFILIATION Shared Assessments Program Michael de Crespigny (CEO) Jim Reavis Kurt Roemer Raj Samani Information Security
More informationDATA CENTER GROUP WE PROTECT IT. Without compromises. Because it is all about your IT security. We protect IT
DATA CENTER GROUP WE PROTECT IT Without compromises. Because it is all about your IT security. We protect IT WE PROTECT IT Efficiency and economy We realize efficient, highly available and secure IT infrastructures
More informationCloud Transformation and Significance of Security
Cloud Transformation and Significance of Security Mohit Sharma, Chief Architect & Cloud Evangelist @onlinesince2009 www.cloudsec.com Datacenter Management Change Management Policy Physical Network Management
More informationBSI-CC-PP for
for Protection Profile for the Security Module of a Smart Meter Mini-HSM (Mini-HSM Security Module PP) - Schutzprofil für das Sicherheitsmodul des Smart Meter Mini-HSM, V1.0 developed by Federal Office
More informationICTLC Paolo Balboni, Ph.D.
Managing personal data protection compliance: Privacy Level Agreements (PLA V3 CoC) for cloud service providers CSA NL Summit Leiden, The Netherlands, 13 April2017 Paolo Balboni, Ph.D. - @balbonipaolo
More informationIIA EXAM - IIA-CGAP. Certified Government Auditing Professional. Buy Full Product.
IIA EXAM - IIA-CGAP Certified Government Auditing Professional Buy Full Product http://www.examskey.com/iia-cgap.html Examskey IIA IIA-CGAP exam demo product is here for you to test the quality of the
More information