Cloud Computing: Technologies and Enterprise IT Strategies
|
|
- Geoffrey Little
- 6 years ago
- Views:
Transcription
1 Cloud Computing: Technologies and Enterprise IT Strategies Stephen Obioma Luis D. Morales 1 Instructor: Prof. Paul Lin January 05, 2013 Possible Transition Items IPFW IT web page enables students and staff accesses many functions. These include: Account Password Change Requests Access Hardware and Printer Lab Access Schedule Drop/Add Classes through Oasis elearning through Blackboard Web/Multimedia Software Access IRB Approval Process Any off campus registration or approval forms 2 1
2 Public Cloud Providers Provider Services Service Fees Service Level Agreement Hyperlink Amazon Web Services Cloud Computing/Content Delivery/Database/Management/Application Services/Payment/Storage Based on Usage 99% Availability Amazon Microsoft SkyDrive Storage/Microsoft Document Management/ Free N/A Microsoft Google Cloud Applications/Web Page/Database Free $500/acc/month 99.9% Availability Google 3 Private Cloud Providers Provider Services Service Fees Service Level Agreement Hyperlink SAVVIS Websites/Production Applications/Data Centers/Oracle or SQL $67/month 99.99% Availability Savvis Verizon Terremark Colocation/Hosting/Networking/Security/Data Centers $0.037/hr 100% Availability Terremark Citrix Data Centers/Networking/Remote Access Licensed Based N/A Citrix vmware IT Services/Operations Management/Disaster Recovery/Operation Services Licensed Based N/A vmware hpcloud Storage Solutions/Data Processing/Cloud Migration/Workload Management/Bursting $0.035/hr $1.12/hr 99.95% Availability hpcloud 4 2
3 Evaluation Matrix EVALUATION CRITERIA Criteria Name Criteria Description Option Public Cloud Private Cloud Option Description High Availability Approach What approach is taken to provide high availability? None There is no HA approach being used. Commodity HW 10 8 HA is achieved using redundant commodity HW. Specialized SW 5 7 HA is achieved using specialized SW to automatically fall over to different HW. Specialized HW 0 2 HA is achieved by using specialty HW with built-in redundancy. Availability Requirement Latency Requirements What is the availability requirement of this component? What is the latency requirement for this component? Low 10 8 Can be off-line for extended periods. Business Critical 8 10 Considered to be a business critical component. Regulated 3 5 Subject to specific regulation(e.g. Banking systems) Life Critical 0 1 Life critical systems(e.g. Medical, Air Traffic) None 10 8 There is no specific latency requirement. Moderate 8 10 The latency requirement is modest and is readily attainable (e.g. minutes) Low 3 5 There is low latency requirement that may be difficult to meet (e.g. seconds) Extremely Low 0 1 There is an extremely low latency requirement that is (e.g. milliseconds). 5 very difficult to meet Table3. Evaluation metrics for Cloud provider/service selection Source IBM Evaluation Matrix Integrations How are integrations to other system integrated? None 10 8 The component is stand alone requiring no integrations. Batch 6 10 Only batch integrations are necessary. Government Requirements Is this component subject to government requirement? Standards-Based 8 6 All of the integrations are based on widely used industry standards. Complex 0 2 The integrations include complex custom integrations. None 10 8 There are no applicable government regulations. Low 8 10 Potential target of discovery but not actively regulated (e.g. ) Statefulness What is the statefulness of this component? Medium 5 5 Subject to specific industry or information right regulation (e.g. HIPAA, EC 45/2001). High 1 3 Contains government classified information. None 10 8 Fully autonomous idempotent transactions with no state requirement. Low 8 8 State is encapsulated in transactions (e.g. extended URL). Medium 6 8 State is handled by an authoritative external service. High 2 4 This component acts as a state service for other components. 6 Table3. Evaluation metrics for Cloud provider/service selection Source IBM 3
4 Availability Services Zenoss Cloud Monitoring RevealCloud RevealUptime Gomez APM Rackspace Cloud Monitoring 7 Security Rules and Regulations Data classification policies should clearly define the types of information deemed sensitive and prohibited from residing outside of the organization s direct control. Mapping legal, regulatory, intellectual property, and security requirements to the various types of data. Determining the sensitivity (public, restricted, or highly sensitive) of the various types of data. Establishing requirements (such as encryption) for data transmission. Identifying data owners individuals who have the proper knowledge and authority to decide who should be granted data access and the type of data access. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules. Covered Entity (Health Care Providers, Health Plans, Health Care Clearinghouses) and Business Associate (Including Cloud Service Providers and other Sub contractors) 8 4
5 Security Rules and Regulations Box 1Data privacy standards in the EU Privacy Directive The Department of Homeland Security Continuous Asset Evaluation, Situational Awareness, and Risk Scoring (CAESARS) project, which is providing an architecture for dynamic system monitoring and reporting. The Security Content Automation Protocol (SCAP) initiative at NIST, which provides specifications for expressing security configurations and events, event management, and incident handling. The National Science Foundation Future Internet Architectures initiative which is developing Internet architectures to provide advanced security and reliability in the context of emerging Internet usage patterns. The Federal Information Security Management Act (FISMA). In accordance with the Act, Federal Information Processing Standards (FIPS) 200 and NIST Special Publication (periodically updated) provide baseline security controls and guidance for federal information systems. 9 Implications In the event of a catastrophic system failure and multiple tenants simultaneously requiring support, lower priority organizations might not receive the required service level response from the CSP. The consolidation of multiple large organizations on a CSP s infrastructure presents to hackers a larger and possibly a more well known target. Ensure that the CSP contract terms states that the CSP would take full responsibility in the case of any damage or loss that results as a result of the system being down or data being breached. Deploy encryption over data hosted on cloud solutions and have a defined failover strategy that would leverage another CSP s solution or an internal solution. As a result, cloud based solutions may need to be designed to store certain data within specific countries borders instead of storing the data in a country that is at the CSP s discretion. 10 5
6 Recommendations Applying cloud computing solutions without the proper care, due diligence, and controls is bound to cause unforeseen problems. Used appropriately with the necessary precautions and controls in place, and by applying the school s risk management system cloud computing could yield a multitude of benefits, some unheard of until now and some yet to be discovered. By being aware of the risks and other issues related to cloud computing, the school is more likely to achieve organizational objectives as it manages the risks in this dynamic and evolving environment that likely will become the most popular computing model of the future. 11 References [1] IPFW [Online]. Available: Jan. 04, 2013 [2] Purdue [Online]. Available: Jan. 04, 2013 [3] Enterprise cloud[online]. Available: us/infrastructureservices/enterprise cloud/pages/home.aspx, Jan.04, 2013 [4] Enterprise [Online]. Available: Jan. 04, 2013 [5] Citrix [Online]. Available: Jan. 04, 2013 [6] VMware [Online]. Available: Jan. 04, 2013 [7] HP Cloud [Online]. Available: Jan. 04, 2013 [8] Amazon AWS [Online]. Available: Jan. 04, 2013 [9] Microsoft [Online]. Available: US/skydrive/download, Jan. 04, [10] Google Cloud [Online]. Available: Jan. 04,
7 References [11] Enterprise Cloud [Online]. Available EnterpriseCloud SA.pdf Feb.3, 2013 [12] Cloud candidate selection tool [Online]. Available: wp cloud candidate tool r pdf Feb.3, 2013 [13] Cloud monitoring [Online]. Available Feb.3, 2013 [14] Cloud performance monitoring tools [Online]. Available: cloud performance monitoring tools/ Feb.3, 2013 [15] Cloud computing issues, impact and insight [Online]. Available: $File/Cloud%20computing%20issues%20and%20impacts_14Apr11.pdf Feb.3, 2013 [16] Hipaa regulation, The Cloud and Beyond [Online]. Available: hipaa hitech regulation, the cloud, and beyond Feb.3,
01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationSecurity and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government
Security and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government April 13, 2016 Presenter: Carlo Di Giulio Advisor: Dr. Masooda Bashir Focus of the Research Security and privacy
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationCompliance with NIST
Compliance with NIST 800-171 1 What is NIST? 2 Do I Need to Comply? Agenda 3 What Are the Requirements? 4 How Can I Determine If I Am Compliant? 5 Corserva s NIST Assessments What is NIST? NIST (National
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationExecutive Order 13556
Briefing Outline Executive Order 13556 CUI Registry 32 CFR, Part 2002 Understanding the CUI Program Phased Implementation Approach to Contractor Environment 2 Executive Order 13556 Established CUI Program
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationProtecting Your Cloud
WHITE PAPER Protecting Your Cloud Maximize security in cloud-based solutions EXECUTIVE SUMMARY With new cloud technologies introduced daily, security remains a key focus. Hackers and phishers capable of
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationCloud Computing Microsoft in the Enterprise. Anthony Murphy, Cloud Solution Specialist Microsoft
Cloud Computing Microsoft in the Enterprise Anthony Murphy, Cloud Solution Specialist Microsoft How Microsoft Defines Enterprise Cloud Hybrid Cloud Drivers How can we respond faster? How can we lower cost
More informationVillage Software. Security Assessment Report
Village Software Security Assessment Report Version 1.0 January 25, 2019 Prepared by Manuel Acevedo Helpful Village Security Assessment Report! 1 of! 11 Version 1.0 Table of Contents Executive Summary
More informationAttachment 3 (B); Security Exhibit. As of March 29, 2016
Attachment 3 (B); Security Exhibit As of March 29, 2016 UVA Medical Center (UVaMC) Security Requirements The term System shall mean computer equipment, peripheral equipment, system software, application
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy
UCOP ITS Systemwide CISO Office Systemwide IT Policy Revision History Date: By: Contact Information: Description: 08/16/17 Robert Smith robert.smith@ucop.edu Initial version, CISO approved Classification
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationSOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2
Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More informationMastering Data Privacy, Social Media, & Cyber Law
Mastering Data Privacy, Social Media, & Cyber Law Data Breach Notification and Cybersecurity Developments Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US 1 State
More informationThe Risks of Cloud Computing:
The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies KATIE WOOD LECTURE INFORMATICS DEPARTMENT UNIVERSITY OF WOLVERHAMPTON FEB 2013 Areas to consider
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationInformation Technology Security Plan (ITSP)
Information Technology Security Plan (ITSP) Table of Contents 1. Purpose... 3 2. Goal... 3 3. NIST Risk Management Framework... 3 4. Scope... 4 5. System Description... 4 6. Authorization Boundary... 5
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Conestoga College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationRUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology
RUTGERS POLICY Section: 70.2.8 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Acceptable Use Formerly Book: 95-01-09-05:00 Approval Authority:
More informationAdministration and Data Retention. Best Practices for Systems Management
Administration and Data Retention Best Practices for Systems Management Agenda Understanding the Context for IT Management Concepts for Managing Key IT Objectives Aptify and IT Management Best Practices
More informationImplementing Remote Desktop Computing Services using Amazon EC2 An IaaS Example
Implementing Remote Desktop Computing Services using Amazon EC2 An IaaS Example Hemchand Lallad, Meng-Wei Li and Gregory Scalet Indiana University Purdue University Professor Paul I.Lin June 27, 2013 1
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: St. Thomas University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 7 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationKey Customer Issues to Consider Before Entering into a Cloud Services Arrangement
Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement Law Seminars International December 9, 2014 Peter J. Kinsella 303/291-2328 The information provided in this presentation
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationGeneral Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant
General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationWHITE PAPER. Title. Managed Services for SAS Technology
WHITE PAPER Hosted Title Managed Services for SAS Technology ii Contents Performance... 1 Optimal storage and sizing...1 Secure, no-hassle access...2 Dedicated computing infrastructure...2 Early and pre-emptive
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More information[DATA SYSTEM]: Privacy and Security October 2013
Data Storage, Privacy, and Security [DATA SYSTEM]: Privacy and Security October 2013 Following is a description of the technical and physical safeguards [data system operator] uses to protect the privacy
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationDDTC IT Modernization
DDTC IT Modernization Anthony Dearth Directorate Defense Trade Controls Acting Managing Director AGENDA DECCS Release 2 Features and Industry Batch Filing/Testing DECCS Cyber Security DTAG Recommendations
More informationCSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationComputer Security Incident Response Plan. Date of Approval: 23-FEB-2014
Computer Security Incident Response Plan Name of Approver: Mary Ann Blair Date of Approval: 23-FEB-2014 Date of Review: 31-MAY-2016 Effective Date: 23-FEB-2014 Name of Reviewer: John Lerchey Table of Contents
More informationHigh Performance Computing Environment for Research on Restricted Data. Dr. Erik Deumens Rob Adams Dr. Alin Dobra
High Performance Computing Environment for Research on Restricted Data Dr. Erik Deumens Rob Adams Dr. Alin Dobra The Needs of Sponsored Research Dr. Erik Deumens Director, Research Computing University
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationEnabling Public Cloud Interconnect Services F5 Application Connector
Enabling Public Cloud Interconnect Services F5 Application Connector Crystal Bong, Product Manager Emergence of Cloud Interconnect These common services are hard to replicate, control, and do not run cheaply
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Okanagan College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCompTIA CASP (Advanced Security Practitioner)
CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More informationCompliance with CloudCheckr
DATASHEET Compliance with CloudCheckr Introduction Security in the cloud is about more than just monitoring and alerts. To be truly secure in this ephemeral landscape, organizations must take an active
More informationOracle Taleo Services Descriptions and Metrics December 21, 2017
Oracle Taleo Services Descriptions and Metrics December 21, 2017 Table of Contents Metric Definitions... 3 Hosted Named User... 3 Hosted Employee... 3 Hosted Trainee... 3 Per Posting... 3 New Customer
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationHIPAA COMPLIANCE FOR VOYANCE
HIPAA COMPLIANCE FOR VOYANCE How healthcare organizations can deploy Nyansa s Voyance analytics platform within a HIPAA-compliant network environment in order to support their mission of delivering best-in-class
More informationService Level Agreement Research Computing Environment and Managed Server Hosting
RCE SLA 2013 Service Level Agreement Research Computing Environment and Managed Server Hosting Institute for Quantitative Social Science (IQSS) and Harvard- MIT Data Center (HMDC) August 1, 2013 1. Overview
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationHIPAA Controls. Powered by Auditor Mapping.
HIPAA Controls Powered by Auditor Mapping www.tetherview.com About HIPAA The Health Insurance Portability and Accountability Act (HIPAA) is a set of standards created by Congress that aim to safeguard
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationKroll Ontrack VMware Forum. Survey and Report
Kroll Ontrack VMware Forum Survey and Report Contents I. Defining Cloud and Adoption 4 II. Risks 6 III. Challenging Recoveries with Loss 7 IV. Questions to Ask Prior to Engaging in Cloud storage Solutions
More informationUnit Compliance to the HIPAA Security Rule
HIPAA Risk Analysis Unit Compliance to the HIPAA Security Rule OIT Security Risk and Compliance PURPOSE The purpose of this document is to provide guidance for units on how to perform a Risk Analysis of
More informationCloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION
Cloud Computing January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Purpose and Methodology Survey Sample Field Work December 20, 2011 January 9, 2012 Total Respondents 554 Margin of Error +/- 4.2%
More informationService Description VMware Workspace ONE
VMware Workspace ONE Last Updated: 05 April 2018 The product described in this Service Description is protected by U.S. and international copyright and intellectual property laws. The product described
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationAvanade s Approach to Client Data Protection
White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success
More informationInformation Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC
Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_
More informationAgenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2
GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure
More informationSTUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System
Slide 1 RMF Overview RMF Module 1 RMF takes into account the organization as a whole, including strategic goals and objectives and relationships between mission/business processes, the supporting information
More informationSecurity Overview of the BGI Online Platform
WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra
More information