More information about this series at
|
|
- Rhoda Lamb
- 5 years ago
- Views:
Transcription
1 Edition <kes>
2 With modern computer technology everywhere, the importance of data integrity and the security of IT systems has increased immensely. Given the complexityand rapid progress of information technology, IT professionals need in-depth knowledge in this field. The series Edition <kes> provides the required know-how, promoting risk awareness and helping in the development and implementation of security solutions of IT systems and their environment. <kes> Journal of Information Security (see bimonthly published by DATAKONTEXT GmbH, covers all subjects from audits and security policies to encryption and access control. It also provides information about new security hard- and software as well as the relevant legislation for multimedia and data security. Furthermore, authors of the journal and the book series Edition <kes> help users in basic and expert seminars to implement information security in a practice-oriented manner (see More information about this series at
3 Eberhard von Faber Wolfgang Behnsen Secure ICT Service Provisioning for Cloud, Mobile and Beyond ESARIS: The Answer to the Demands of Industrialized IT Production Balancing Between Buyers and Providers 2nd updated and extended Edition
4 Eberhard von Faber T-Systems Bonn, Germany Wolfgang Behnsen Erlangen, Germany Edition <kes> ISBN DOI / ISBN (ebook) Library of Congress Control Number: Springer Vieweg Springer Fachmedien Wiesbaden GmbH 2012, 2017 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Printed on acid-free paper This Springer Vieweg imprint is published by Springer Nature The registered company is Springer Fachmedien Wiesbaden GmbH The registered company address is: Abraham-Lincoln-Strasse 46, Wiesbaden, Germany
5 Foreword Companies can gain a decisive market advantage through information and communication technology (ICT). Clouds providing central computing services, mobile access, networking, and machine-to-machine communication are the basis for processing high volumes of business-relevant data, and are at the core of new business concepts and greater performance in existing ones. ICT is used in almost all businesses to automate business processes and increase speed and quality. This "digitalization" has two major consequences. Firstly, enterprises, authorities and even consumers are much more dependent on ICT. The value of the data being processed is going up and up, while adversaries, including hostile hackers, organized crime and industrial spies, are unfortunately highly motivated and active as well. Secondly, ICT is now a ubiquitous part of everyday life. This increases the attack surfaces that adversaries can, and do, exploit. ICT infrastructures and applications are attacked effectively and both enterprises and consumers suffer considerable losses. Though managers and officials know that they have to invest in protecting their ICT, many stakeholders still consider appropriate security to be inconvenient and expensive. At the end of the day, it is about "which party must do what." Technology, business models and trends in the economy lead to an immense centralization of computing power mastered by large-scale IT production. Cost pressure and other customer demands in turn reinforce the need to deliver ICT services in an industrialized manner. User organizations are increasingly using ICT services from ICT service providers instead of producing these services in-house themselves. They demand reliability and seek trustworthy, dependable suppliers offering secure ICT services: A sufficient level of security is an essential and intrinsic element for the successful digitalization of industries, administration, and our society as a whole. The word "intrinsic" is important here. Users demand reliable ICT services and want to concentrate on making the most of them in their business, requiring the security to be integrated "almost invisibly" and "with ease." Nonetheless, it is up to the user to demand and reimburse the appropriate protection of ICT. In fact, every party in the supply chain must make their contribution to security, since the chain is only as strong as its weakest link. However, this cannot be taken as a given but must be arranged systematically. This 2nd, updated and extended edition of the book presents methods and measures for dealing with information security in today's IT industry that were developed and proven in our corporation, with our customers, and with suppliers and partners. This book is intended to help the reader to implement security measures throughout a complex ICT delivery infrastructure in organizations, pro-
6 vi Foreword cesses and technology, from design to service management, while taking into consideration effectiveness as regards customer requirements, and efficiency relating to costs. The book should also help user organizations to understand the security aspects of ICT provision and to select the correct provider and the correct services in terms of information security. In this way, the workable architecture presented here aims to find a balance between buyers and providers: requirements and deliverables must correspond. Secure ICT Service Provisioning for Cloud, Mobile and Beyond is of utmost concern to both parties. Reinhard Clemens Member of the Board of Management at Deutsche Telekom CEO of T-Systems
7 Preface The task of making ICT services secure is important and mission critical for any ICT service provider paid to deliver secure ICT services for cloud, mobile and beyond. Such providers are challenged to turn requirements into real material security in a way that is verifiable for customers. This puts leading ICT service providers in a very specific and (does it come as a surprise?) very complicated and truly complex situation. The reasons are easy to see. The provider is facing an almost unmanageable multitude of different sets of requirements that are all to be met by its single ICT service delivery infrastructure. Moreover, the provider must produce the ICT services efficiently, which in turn requires as much standardizing and harmonizing as possible. In the past, security was managed in "customer silos." However, security requirements have increased dramatically in number, coverage and depth in recent years. At the same time, the customers of the ICT service provider demand a significant cost reduction while retaining or even enhancing performance and flexibility, and at the same time being provided with more security transparency and assurance. This situation was the starting point some years ago when a number of security managers from T-Systems sat down together with the authors of this book to discuss precisely the issues described above. We decided to take a big step forward. We invented the idea of "industrializing security" or adapting ICT security to an industrialized ICT provision method. That was the birth of ESARIS, the subject of this book. That approach, and its realization, have proven to be very successful. We decided to publish large parts of the work in order to contribute to Secure ICT Service Provisioning for Cloud, Mobile and Beyond. At the same time, we wanted to encourage customers and a wider audience to discuss the concepts and to adopt useful ideas. In this way, the industry should be able to progress in balancing the requirements of user organizations and the measures that are provided by ICT service providers. With the 1st edition of this book, major concepts of ESARIS were published at the beginning of Since then, our corporation has gained more experience in applying the new methods and measures in practice, and has also developed new ones. Four years later, this 2nd, updated and extended edition presents an even more complete set of concepts, methods and measures. It provides deeper insight, improved rationales and more background information. T-Systems Board of Management decided to implement ESARIS in our corporation and initiated a longerlasting program for introducing it in all subsidiaries around the world. This book reports on real-world experience from this Transformation program. Moreover, it considers feedback from our customers as well as experience gained from using
8 viii Preface ESARIS while managing numerous big and complex deals throughout their IT outsourcing phases, including Sales, Manage the Deal, Transition and Transformation, and Operations. Recently, T-Systems initiated the foundation of the Zero Outage Industry Standard association in which technology leaders are aiming to provide the highest quality and security against outages of IT infrastructure. The work in this association and other examples show that ESARIS closed a substantial gap in the literature about information security. ESARIS "takes operational requirements into account and focuses on user requirements, thus facing the reality in the market economy." It addresses efficiency, standardization and quality in the realm of security; and it helps to manage security in large-scale IT production characterized by a high degree of division of labor and specialization. I consider this book an essential contribution to the successful industrialization of ICT: Users require ICT services that are secure, at an affordable cost. Heike Bayerl Vice President of international Security, Compliance & Quality Management T-Systems, IT Division
9 About this book Managing a large-scale IT production is a challenge. Providing information and communication services ( ICT services ) in a secure manner while meeting the security requirements of the user organizations adds further difficulty. The technical solutions including firewall & Co. are, however, not the issue! Large IT organizations must be able to define, communicate and correctly apply thousands of single measures in a large-scale, industrial environment with thousands of employees located in many countries. This is a real problem and this book will provide solutions to this. Moreover, large IT organizations usually have many customers which are supplied with a complex of different ICT services. Hence, the interaction with those customers is a critical success factor for both sides. This book describes concepts, methods and measures which enable ICT service providers to provide secure ICT services in the beginning second half of the information age, characterized by large-scale IT production with rigorous specialization and division of labor along the complete supply chain. This book is for suppliers playing their role in this environment. Even more important, user organizations are given deep insight in secure IT production which allows them to make the best out of cloud, mobile and beyond. The subject of this book is rather new! The architectural approach in this book is one of the first comprehensive ventures providing mainly IT producers with a security toolset to tackle the challenges of upcoming business and production models. The authors abstain from repeating known security practices. The content of this book is rather new, but already tested and proven. The concepts, models and underlying security measures have been developed and deployed by a large ICT company so that this book can also report on practical experiences. The following slide controls may provide further information. Scope Depth Maturity Time-line Sustainability Security features Secure IT Reliable business Society, regulation, privacy Policies, principles, rules Protection, detection, reaction Research (technology, crypto) Products, technologies Directly workable approach Mid-term perspective (strategic) Management (tactical) Immediate effect (nuts & bolts) Low Medium High
10 Trademark notice: All brand names are trademarks or registered trademarks of their respective companies. Product and other names such as Windows, COBIT and ITIL are also trademarks or registered trademarks and the property of their respective owners. All names are only used for identification and explanation in this book without intent to infringe. The use of such descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Pictures: All diagrams are owned and copyright by T-Systems.
11 Table of Contents Part 1: Foundation Subject (from pain to pleasure) Challenges Areas of activity beyond Protection, Detection, Reaction Transparency Interfaces and interaction Standardization Solutions Environment Frameworks for ESARIS Perspectives: corporate versus product security Main building blocks and general set-up ESARIS Dimensions ESARIS Work Areas ESARIS Collaboration Model Hierarchy of Security Standards Overview Level 1: Corporate Security Policy Level 2: Corporate Security Rules Level 3: ICT Security Principles Level 4: ICT Security Standards Level 5: ICT Security Baselines ESARIS Concept of Double Direction Standards ESARIS Security Taxonomy Design criteria for the ESARIS Security Taxonomy Structure of the ESARIS Security Taxonomy Areas and the ICT Security Standards at a glance Networks Data center Customer and users Evidence and Customer Relation Service Management Risk Management and Certification Summary of standards and taxonomy Provider Scope of Control... 74
12 xii Table of contents 5 Secured by definition integration with core business (ITSM) ITSM processes and why security must be integrated into them Division of labor between IT and IT security How the integration looks like and actually works Part 2: Core activities Standardization ensuring quality and efficiency Understanding standardization, its necessity and benefits ESARIS Industrialization Concept Dealing with requirements Composition of services ESARIS Security Specification Concept Obstacles towards standardization and solutions Attainment achieving compliance with ESARIS standards Foundation Requirements engineering and elaboration and application of ESARIS standards ESARIS Attainment Levels and verification of compliance Service offering portfolio integration Fulfillment meeting customer demands Foundation IT outsourcing Assurance for customers Contractual evidence Operational evidence Contractual and other changes Flexibility managing the supplier network Roles and types of suppliers Third party integration model Part 3: Implementation Maintenance requirements, documents, improvements Document IDs and more Virtual organization, roles and processes Library, versions and consistency Protecting intellectual property Transformation implementing ESARIS sustainably Mission: induce a massive change Approach: ESARIS Maturity Level and master plan Enablement: training and communication Voyage of ICT services
13 Table of contents xiii 12 Implementation IT production and its protection in practice Evidence and Customer Relation Match (Im)Prove Correct Accomplishing security Service Management Plan Build Change Accomplishing security Stocktake Assemble Preserve Accomplishing security ICT Service Access Transportation Customer side and endpoints Connectivity Securing transportation Securing workplaces Securing connectivity IT Service Production The lower IT stack IT management and data center premises Applications Securing the lower IT stack Securing IT management and data center premises Securing applications Risk Management and Certification Routine day-to-day security management using ESARIS Fourteen tasks for managing security using ESARIS Three ways of verifying compliance with security standards A number of tips to deal with trouble and confusion Buyers and providers: joint security management Conclusion Annexes A Authors and acknowledgement B Glossary (terms and definitions) B.1 Fundamental terms B.2 Terms relating to security organization B.3 Terms relating to difficulties and restoration B.4 Major concepts and models at a glance C Literature D Abbreviations E Index
14 xiv Table of contents Overview: Fig. 1 below provides a quick point of reference. Front matter Part 1: Foundation 1. Introduction: from pain to pleasure Challenges Beyond Protection, Detection, Reaction Solutions Part 2: Core activities Part 3: Implementation 10. Maintenance: documents and more Naming conventions and assignments Document management Library, versions, consistency etc. Protecting intellectual property Annexes Foreword Preface About this book Contents 6. Standardization: quality and efficiency Necessity and benefits ESARIS Industrialization Concept ESARIS Specification Concept Obstacles and solutions Authors and acknowledgement 2. Scope and environment Perspectives; governance, frameworks Enforcement Framework for ESARIS Endorsement Framework for ESARIS 11. Transformation: sustainable roll-out Subject: induce massive changes Approach: levels, master plans etc. Enablement: Training and communication Voyage of ICT services 7. Attainment: comply with standards Foundation and overview From requirements all the way to ESARIS Attainment Levels Service catalog integration Literature 3. Building blocks and general set-up ESARIS Dimensions and Work Areas ESARIS Collaboration Model Hierarchy of Security Standards Concept of Double Direction Standards 12. Implementation: secure ICT in practice Evidence and customer relation Service Management ICT Service Access ICT Service Production Certification and Risk Management 8. Fulfillment: meet customer demands IT-outsourcing: phases and actions Assurance: contractual evidence Assurance: operational evidence Contractual and other changes Glossary Fig. 1: Structure of this book 4. ESARIS Security Taxonomy Design criteria Structure Areas and ICT Security Standards Provider Scope of Control 13. Routine: security management Central activities due to the use of ESARIS Three ways of verifying compliance Dealing with trouble and confusion Joint security management 9. Flexibility: manage supplier networks IT industry: roles and deliverables ESARIS Third Party Integration Model Summary Index 5. Integration with core business (ITSM) Secure by definition IT business units versus IT security Hands-on integrations 14. Conclusion Development of IT, IT security and ESARIS
Mobile Phone Security and Forensics
Mobile Phone Security and Forensics Iosif I. Androulidakis Mobile Phone Security and Forensics A Practical Approach Second Edition Iosif I. Androulidakis Pedini Ioannina Greece ISBN 978-3-319-29741-5
More informationLow Level X Window Programming
Low Level X Window Programming Ross J. Maloney Low Level X Window Programming An Introduction by Examples 123 Dr. Ross J. Maloney Yenolam Corporation Booragoon, WA Australia ISBN 978-3-319-74249-6 ISBN
More informationFailure-Modes-Based Software Reading
SPRINGER BRIEFS IN COMPUTER SCIENCE Yang-Ming Zhu Failure-Modes-Based Software Reading SpringerBriefs in Computer Science More information about this series at http://www.springer.com/series/10028 Yang-Ming
More informationITIL 2011 At a Glance. John O. Long
ITIL 2011 At a Glance John O. Long SpringerBriefs in Computer Science Series Editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin Shen Borko Furht VS
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationContents. viii. List of figures. List of tables. OGC s foreword. 3 The ITIL Service Management Lifecycle core of practice 17
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface vi viii ix x xi 2.7 ITIL conformance or compliance practice adaptation 13 2.8 Getting started Service Lifecycle
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationResearch on Industrial Security Theory
Research on Industrial Security Theory Menggang Li Research on Industrial Security Theory Menggang Li China Centre for Industrial Security Research Beijing, People s Republic of China ISBN 978-3-642-36951-3
More informationPhilip Andrew Simpson. FPGA Design. Best Practices for Team-based Reuse. Second Edition
FPGA Design Philip Andrew Simpson FPGA Design Best Practices for Team-based Reuse Second Edition Philip Andrew Simpson San Jose, CA, USA ISBN 978-3-319-17923-0 DOI 10.1007/978-3-319-17924-7 ISBN 978-3-319-17924-7
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationBig data and data centers
Big data and data centers Contents Page 1 Big data and data centers... 3 1.1 Big data, big IT... 3 1.2 The IT organization between day-to-day business and innovation... 4 2 Modern data centers... 5 2.1
More informationSan Francisco Chapter. Cassius Downs Network Edge LLC
Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 Version 1 31 books developed in the 1980 s Focus: Technology
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationWireless Networks. Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada
Wireless Networks Series Editor Xuemin Sherman Shen University of Waterloo Waterloo, Ontario, Canada More information about this series at http://www.springer.com/series/14180 Sachin Shetty Xuebiao Yuchi
More informationEXIN Expert in IT Service Management based on ISO/IEC Preparation Guide
EXIN Expert in IT Service Management based on ISO/IEC 20000 Preparation Guide Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationThree Key Challenges Facing ISPs and Their Enterprise Clients
Three Key Challenges Facing ISPs and Their Enterprise Clients GRC, enterprise services, and ever-evolving hybrid infrastructures are all dynamic and significant challenges to the ISP s enterprise clients.
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationThe Programmable Network
Emerging software-defined data center solutions focus on the need for programmability in the network to reduce costs and realize the benefits of automation. Whether the goal is cloud computing or an SDN,
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationWhat is ISO/IEC 20000?
An Introduction to the International Service Management Standard By President INTERPROM July 2015 Copyright 2015 by InterProm USA. All Rights Reserved www.interpromusa.com Contents INTRODUCTION... 3 SERVICE
More informationProfessional Services for Cloud Management Solutions
Professional Services for Cloud Management Solutions Accelerating Your Cloud Management Capabilities CEOs need people both internal staff and thirdparty providers who can help them think through their
More informationVMware Cloud Operations Management Technology Consulting Services
VMware Cloud Operations Management Technology Consulting Services VMware Technology Consulting Services for Cloud Operations Management The biggest hurdle [that CIOs face as they move infrastructure and
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationIntroduction to Computer Networking
Introduction to Computer Networking Thomas G. Robertazzi Introduction to Computer Networking 123 Thomas G. Robertazzi Department of Electrical and Computer Engineering Stony Brook University Stony Brook,
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationContents. List of figures. List of tables. 5 Managing people through service transitions 197. Preface. Acknowledgements.
Contents List of figures List of tables Foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 3 1.2 Context 6 1.3 ITIL in relation to other publications in the Best Management Practice
More information"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary
Course Summary Description ITIL is a set of best practices guidance that has become a worldwide-adopted framework for IT Service Management by many Public & Private Organizations. Since early 1990, ITIL
More informationWhat is ITIL. Contents
What is ITIL Contents What is ITIL and what are its origins?... 1 Services and Service Management... 2 Service Providers... 3 Stakeholders in Service Management... 3 Utility and Warranty... 4 Best Practices
More informationBRINGING CLARITY TO THE CLOUD
BRINGING CLARITY TO THE CLOUD OpenSky Networks discusses the complexities of the cloud market by distinguishing the difference between true cloud solutions and rebranded services; and how knowing that
More informationGuide to OSI and TCP/IP Models
SPRINGER BRIEFS IN COMPUTER SCIENCE Mohammed M. Alani Guide to OSI and TCP/IP Models SpringerBriefs in Computer Science Series editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationINTERMEDIATE QUALIFICATION
PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE LIFECYCLE SERVICE STRATEGY CERTIFICATE SYLLABUS The Swirl logo is a Trade Mark of the Office of Government Commerce ITIL is a Registered
More informationFunctional Programming in R
Functional Programming in R Advanced Statistical Programming for Data Science, Analysis and Finance Thomas Mailund Functional Programming in R: Advanced Statistical Programming for Data Science, Analysis
More informationAngela McKay Director, Government Security Policy and Strategy Microsoft
Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au
More informationIntelligent Systems Reference Library
Intelligent Systems Reference Library Volume 145 Series editors Janusz Kacprzyk, Polish Academy of Sciences, Warsaw, Poland e-mail: kacprzyk@ibspan.waw.pl Lakhmi C. Jain, University of Canberra, Canberra,
More informationModule B1 An Introduction to TOGAF 9.1 for those familiar with TOGAF 8
Informs the capability Ensures Realization of Business Vision Business needs feed into method Refines Understanding Informs the Business of the current state Sets targets, KPIs, budgets for architecture
More informationU.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan
U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders
More informationTable of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3
Table of Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS Chapter 1: Importance of IT Governance for All Enterprises 3 Chapter 2: Fundamental Governance Concepts and Sarbanes Oxley Rules 9 Sarbanes
More informationThe Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services
The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services This document was developed by the Smart Card Alliance Health and Human Services Council in response to the GAO
More informationMODERNIZE INFRASTRUCTURE
SOLUTION OVERVIEW MODERNIZE INFRASTRUCTURE Support Digital Evolution in the Multi-Cloud Era Agility and Innovation Are Top of Mind for IT As digital transformation gains momentum, it s making every business
More informationEnhancing Security With SQL Server How to balance the risks and rewards of using big data
Enhancing Security With SQL Server 2016 How to balance the risks and rewards of using big data Data s security demands and business opportunities With big data comes both great reward and risk. Every company
More informationSolving the Enterprise Data Dilemma
Solving the Enterprise Data Dilemma Harmonizing Data Management and Data Governance to Accelerate Actionable Insights Learn More at erwin.com Is Our Company Realizing Value from Our Data? If your business
More informationDefining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline
Resiliency Model A Holistic Approach to Risk Management Discussion Outline Defining the Challenges and Solutions The Underlying Concepts of Our Approach Outlining the Resiliency Model (RM) Next Steps The
More informationBUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY
SOLUTION OVERVIEW BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY Every organization is exploring how technology can help it disrupt current operating models, enabling it to better serve
More informationSpringerBriefs in Computer Science
SpringerBriefs in Computer Science Series editors Stan Zdonik, Brown University, Providence, Rhode Island, USA Shashi Shekhar, University of Minnesota, Minneapolis, Minnesota, USA Xindong Wu, University
More informationSecurity and Architecture SUZANNE GRAHAM
Security and Architecture SUZANNE GRAHAM Why What How When Why Information Security Information Assurance has been more involved with assessing the overall risk of an organisation's technology and working
More informationThe McAfee MOVE Platform and Virtual Desktop Infrastructure
The McAfee MOVE Platform and Virtual Desktop Infrastructure Simplifying and accelerating security management for virtualized environments Table of Contents Wish List of Security Elements for Virtualized
More informationstrategy IT Str a 2020 tegy
strategy IT Strategy 2017-2020 Great things happen when the world agrees ISOʼs mission is to bring together experts through its Members to share knowledge and to develop voluntary, consensus-based, market-relevant
More informationBusiness Assurance for the 21st Century
14/07/2011 Navigating the Information Assurance landscape AUTHORS Niall Browne NAME AFFILIATION Shared Assessments Program Michael de Crespigny (CEO) Jim Reavis Kurt Roemer Raj Samani Information Security
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationWide Area 2D/3D Imaging
Wide Area 2D/3D Imaging Benjamin Langmann Wide Area 2D/3D Imaging Development, Analysis and Applications Benjamin Langmann Hannover, Germany Also PhD Thesis, University of Siegen, 2013 ISBN 978-3-658-06456-3
More informationIBM Z servers running Oracle Database 12c on Linux
IBM Z servers running Oracle Database 12c on Linux Put Z to work for you Scale and grow Oracle Database 12c applications and data with confidence Benefit from mission-critical reliability for Oracle Database
More informationISSA Guidelines on Information and Communication Technology: Overview
ISSA Guidelines on Information and Communication Technology: Overview Raul Ruggia-Frick ISSA Secretariat ISSA Guidelines Information and Communication Technology 2 Outline Context The Guidelines on Information
More informationClarity on Cyber Security. Media conference 29 May 2018
Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26
More informationITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure
ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure Get a Management-level overview of Service Design to advance in your Career Course Name : ITIL SD Version : INVL_ITILSD_BR_02_033_1.2
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More informationNISTCSF Enterprise Training Solutions. By David Nichols & Rick Lemieux December 2018
DxCERTS NISTCSF Enterprise Training Solutions By David Nichols & Rick Lemieux December 2018 Copyright and Trademark Notice Copyright 2018 itsm Publishing. itsm Solutions is a Registered Trademark of itsm
More informationEXIN BCS SIAM Foundation. Sample Exam. Edition
EXIN BCS SIAM Foundation Sample Exam Edition 201704 Copyright EXIN Holding B.V. and BCS, 2017. All rights reserved. EXIN is a registered trademark. SIAM is a registered trademark. ITIL is a registered
More informationPlanning and Implementing ITIL in ICT Organisations
CCPM Solutions Experts in ICT Performance Supporting Your Business Planning and Implementing ITIL in ICT Organisations June 2012, Addis Ababa Content 1. Quick ITIL (Overview) 2. Case study (How not to
More informationMicrosoft Computer Vision APIs Distilled
Microsoft Computer Vision APIs Distilled Getting Started with Cognitive Services Alessandro Del Sole Microsoft Computer Vision APIs Distilled Alessandro Del Sole Cremona, Italy ISBN-13 (pbk): 978-1-4842-3341-2
More informationWHITE PAPER. F5 and Cisco. Supercharging IT Operations with Full-Stack SDN
+ WHITE PAPER F5 and Cisco Supercharging IT Operations with Full-Stack SDN Contents Introduction 3 Confronting the bottleneck 3 Evolving SDN technologies 4 An integrated solution 5 Application policies,
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSpotlight Report. Information Security. Presented by. Group Partner
Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in
More informationITIL Managing Across the Lifecycle Course
ITIL Managing Across the Lifecycle Course Duration: 5 Days Course Delivery: Classroom Language: English Course Overview ITIL 2011 edition is comprised of five core publications: Service Strategy, Service
More informationQuality Management System (QMS)
Chapter 12: Introduction: TOTAL QUALITY MANAGEMENT - II Quality Management System (QMS) Dr. Shyamal Gomes American National Standard Institute (ANSI) and American Society for Quality Control (ASQC) define
More informationGDPR: The Day After. Pierre-Luc REFALO
GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal
More informationCA ERwin Data Profiler
PRODUCT BRIEF: CA ERWIN DATA PROFILER CA ERwin Data Profiler CA ERWIN DATA PROFILER HELPS ORGANIZATIONS LOWER THE COSTS AND RISK ASSOCIATED WITH DATA INTEGRATION BY PROVIDING REUSABLE, AUTOMATED, CROSS-DATA-SOURCE
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationEISAS Enhanced Roadmap 2012
[Deliverable November 2012] I About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 24762 First edition 2008-02-01 Information technology Security techniques Guidelines for information and communications technology disaster recovery services Technologies
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationAUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationData Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement
Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationOverview. Business value
PRODUCT SHEET CA Top Secret for z/vse CA Top Secret for z/vse CA Top Secret for z/vse provides innovative and comprehensive security for business transaction environments which enable your business to
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationMobilizing Your Workforce for Success
Mobilizing Your Workforce for Success Want to know what a mobile workforce (MW) looks like? Here s one example: 500 employees spread out over eight countries. They work where they want and when they want
More informationCollaborative Remote Management Services for Unified Communications Customer-Facing Collateral Boilerplates
Collaborative Remote Management Services for Unified Communications Customer-Facing How to Use This Document This document contains boilerplate blocks of copy to assist qualified partners in building customerfacing
More informationNEXT-GENERATION DATACENTER MANAGEMENT
NEXT-GENERATION DATACENTER MANAGEMENT From DCIM to DCSO Sometimes described as the operating or ERP system for the datacenter, datacenter infrastructure management (DCIM) is a technology that helps operators
More informationOut-of-the-box EAM and BPM integration
Out-of-the-box EAM and BPM integration May 2015 Contents 1. How business departments and IT can collaborate more effectively using the two professional tools Signavio and leanix... 3 2. Process modeling
More informationENCRYPTION IN USE FACT AND FICTION. White Paper
White Paper Table of Contents The Case for Encryption... Encryption in Use Not Some Kind of Magic... Evaluating Encryption in Use Claims... 3 4 4 The Vaultive Approach... 5 2 Risk-conscious enterprises
More informationTechValidate Survey Report: SaaS Application Trends and Challenges
TechValidate Survey Report: SaaS Application Trends and Challenges TechValidate Survey Report: SaaS Application Trends and Challenges 2 The current growth rates and investments in SaaS are astounding.
More informationHOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018
HOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018 Table of Contents A short technology overview 3 How micro-segmentation
More informationThe case for cloud-based data backup
IBM Global Technology Services IBM SmartCloud IBM Managed Backupi The case for cloud-based data backup IBM SmartCloud Managed Backup offers significant improvement over traditional data backup methods
More informationCybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration
Statement Comments by the electrical industry on the EU Cybersecurity Act manufacturer s declaration industrial security Cybersecurity Quality basis security LED-Modul Statement P January 2018 German Electrical
More informationData Protection for Virtualized Environments
Technology Insight Paper Data Protection for Virtualized Environments IBM Spectrum Protect Plus Delivers a Modern Approach By Steve Scully, Sr. Analyst February 2018 Modern Data Protection for Virtualized
More informationHybrid IT for SMBs. HPE addressing SMB and channel partner Hybrid IT demands ANALYST ANURAG AGRAWAL REPORT : HPE. October 2018
V REPORT : HPE Hybrid IT for SMBs HPE addressing SMB and channel partner Hybrid IT demands October 2018 ANALYST ANURAG AGRAWAL Data You Can Rely On Analysis You Can Act Upon HPE addressing SMB and partner
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationJava Quick Syntax Reference. Second Edition. Mikael Olsson
Java Quick Syntax Reference Second Edition Mikael Olsson Java Quick Syntax Reference Second Edition Mikael Olsson Java Quick Syntax Reference Mikael Olsson Hammarland, Länsi-Suomi, Finland ISBN-13 (pbk):
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More information