Agenda. I. Related Policies to Cloud Computing. Cloud Security Certification Scheme in KOREA. Guidelines for Information Security of Cloud Computing
|
|
- Logan Carson
- 6 years ago
- Views:
Transcription
1 Agenda I. Related Polices to Cloud Computing Cloud Security Certification Scheme in KOREA April. 11, 2017 II. III. Guidelines for Information Security of Cloud Computing Cloud Security Certification Program in Korea Jungduk (JD) KIM, Ph. D. Head, Department of Industrial Security Chair, Research Institute of Security Policies 1/ Act on the Cloud Computing Promotion & the Protection of its Users I. Related Policies to Cloud Computing 3/15 1
2 1.2. Guidelines for Information Security of Cloud Computing Main contents of measure II. Guidelines for Information Security of Cloud Computing 4/ Case Study (1/3) 2.1 Case Study (2/3) Country Certification Scheme Certification Criteria Certification USA FedRAMP NIST SP R4 FedRAMP PMO JAPAN SINGAPORE UK AUSTRALIA JCISPA ASP SaaS IaaS PaaS Data Centre MTCS-SS UK-G Cloud Risk Management ASD Cloud Standards for Cloud Information Security Information Disclosure Certification Systems for Safety and Reliability of Cloud Services JASA ASPIC ITSC Audit/Assessment Certification (Total 38) JASA ASPIC Certification (Total 7) CESG - ASD IRAP Control Items USA FedRAMP Republic of Korea Certification area Cloud service for federal government Cloud service for public org. Numbers of Items Basis Features Certification Audit/Assessment 17 Domains 325 Controls based on moderate Inspect on functional requirements for information systems 14 Domains 117 Controls Reflect legal requirements and additional requirements of public org. Reference NIST SP Rev4 ISO/IEC 27001/17 Cloud First Policy FedRAMP PMO (FedRAMP Program Management Office) Certification (Total 40) ) Law of Cloud Development Article 23 (3) KISA KISA 6/15 7/15 2
3 2.1 Case Study (3/3) 2.2 Summary Information Security Management System(ISMS) Cloud Security certification Program (CSAP) Assessment subject All Information system service Cloud Service Service for public org. v Composed of total 14 domains and 117 controls Assessment method Document review, On-site inspection Document review, On-site Inspection, Technical Inspection (Penetration test, Vulnerability test) Main contents of measure Certificate Criteria Number of Items 18 Domains 104 Controls Reference ISO/IEC Domains 117 Controls ISO/IEC Specialized Controls (Security of Virtualization, Law of Cloud Development, public org. requirements) 8/15 9/ Additional protection measure for public org. (1/3) 2.3 Additional protection measure for public org. (2/3) v Legal Requirements Obligation Notification method Fine Intrusion Notify promptly to users User Information Leakage Service Interruption Notify promptly to users, Notify promptly to Minister of Science, Notify promptly to users Notifying with Phone, Cell Phone, mail, , text messaging, cloud computing services or any of the similar methods Less than 10,000 USD 10/15 11/15 3
4 2.3 Additional protection measure for public org. (3/3) III. Cloud Security Certification Program 12/ Cloud Security Certification Program Summary Purpose 3.2 Assessment Method Vulnerability Assessment Definition v On-site verification that the technical measures are appropriately implemented in accordance with the cloud security certification program guidelines for the assets negotiated in the preliminary inspection Related Law Auditor and Duration v Auditor team: About 5 people(lead Auditor, Source code, CVE, CCE Inspectors) v Duration: 10 business day (Depends on Volume of asset and Service Scope) Standard Assessment method public org. 14 domains and 117 controls Assessment Method 14/15 15/15 4
5 3.2 Assessment Method Penetration Test Purpose v Examine the possibility of penetration through external network to ensure the cloud service is properly implemented / operated in accordance with the cloud security certification program standard Auditor and Duration v Auditor team: closed v Duration: 10 business day(adjustable) Subject to assessment v Penetration into cloud service portal through external network v Penetration to the hypervisor or other VM via the user VM v VPN Communication Advanced request v Account Information (2 or more), Test allowed time Recommendation v CSP periodically training Penetration test / Response Team Internally Jungduk Kim jdkimcau@gmail.com 16/15 5
Compliance & Security in Azure. April 21, 2018
Compliance & Security in Azure April 21, 2018 Presenter Bio Jeff Gainer, CISSP Senior Information Security & Risk Management Consultant Senior Security Architect Have conducted multiple Third-Party risk
More informationModule 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan
Module 6: Network and Information Security and Privacy Session 3: Information Security Methodology Presenter: Freddy Tan Learning Objectives Understanding the administrative, physical, and technical aspects
More informationHow to Establish Security & Privacy Due Diligence in the Cloud
How to Establish Security & Privacy Due Diligence in the Cloud Presentation: Cloud Computing Expo 2015, Santa Clara, California Maria C. Horton, CISSP, ISSMP, Cloud Essentials, IAM CEO, EmeSec Incorporated
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationREAD ME for the Agency ATO Review Template
READ ME for the Agency ATO Review Template Below is the template that the FedRAMP Program Management Office (PMO) uses when reviewing an Agency ATO package. Agencies and CSPs should be cautious to not
More informationIntroduction to the Federal Risk and Authorization Management Program (FedRAMP)
Introduction to the Federal Risk and Authorization Management Program (FedRAMP) 8/2/2015 Presented by: FedRAMP PMO 1 Today s Training Welcome! This training session is part one of the FedRAMP Training
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationAmerican Association for Laboratory Accreditation
R311 - Specific Requirements: Federal Risk and Authorization Management Program Page 1 of 10 R311 - Specific Requirements: Federal Risk and Authorization Management Program 2017 by A2LA. All rights reserved.
More informationFedRAMP Security Assessment Plan (SAP) Training
FedRAMP Security Assessment Plan (SAP) Training 1. FedRAMP_Training_SAP_v6_508 1.1 FedRAMP Online Training: SAP Overview Splash Screen Transcript Title of FedRAMP logo. FedRAMP Online Training; Security
More informationNIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution
NIST Cloud Security Architecture Tool (CSAT) Leveraging Cyber Security Framework to Architect a FISMA-compliant Cloud Solution Dr. Michaela Iorga NIST October 2018 A Triple Inflection Point Marked A New
More informationAccelerate GDPR compliance with the Microsoft Cloud Agustín Corredera
Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationCSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD
More informationIncident Response Requirements and Process Clarification Comment Disposition and FAQ 11/27/2014
Incident Requirements and Process Clarification Disposition and FAQ 11/27/2014 Table of Contents 1. Incident Requirements and Process Clarification Disposition... 3 2. Incident Requirements and Process
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationThis presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas Tamosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationNIST Designation of CABs: Upcoming Changes for the US and EU Review for Japan
NIST Designation of CABs: Upcoming Changes for the US and EU Review for Japan Japan MRA Workshop March 2, 2016 Presented by Ramona Saar Program Manager, NIST Version updated 2/26/2016 Topics Introduction:
More informationInformation Security Program Audit Introduction and Survival Guide
Information Security Program Audit Introduction and Survival Guide Cyber Security Symposium 2016, Sacramento Convention Center September 28, 2016 INTRODUCTION Welcome Presenters Background Carl Salmonsen,
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationAgency Guide for FedRAMP Authorizations
How to Functionally Reuse an Existing Authorization Version 1.0 August 5, 2015 Revision History Date Version Page(s) Description Author 08/05/2015 1.0 All Initial Publication FedRAMP PMO 06/06/2017 1.0
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationAuditing the Cloud. Paul Engle CISA, CIA
Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,
More informationECSA Assessment Report
ECSA Assessment Report Company Test Cloud Company Name of the cloudservice textcloud.com Website of the cloudservice 11.textcloud.com Project number #10652 Projectname Dummyproject Print date 2015-12-01
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationGovernance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2
Making IT good for society Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2 Version 5.0 April 2018 This is a United Kingdom government regulated qualification which is administered
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationContents. Navigating your way to the cloud
Contents Navigating your way to the cloud Moving to the digital economy 4 Four essential steps to a successful cloud adoption and deployment 5 Step 1: Full, informed stakeholder involvement 6 Step 2: Targeted
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationSDL Privacy Policy Cloud Services
SDL Privacy Policy Cloud Services Software-As-A-Service Products Version 11-04-2017 v1.4 SDL plc Globe House Clivemont Road, Maidenhead SL6 7DY England www.sdl.com SDL Tridion Infrastructure Summary This
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationAbstract. 1. Introduction
보안공학연구논문지 제 권제 호 년 월 Abstract In these days, many organizations try to manage their information system in safe way(i.e., Evaluation, Assurance and Certification of Information Security) due to more rapidly
More informationOctave Method Component. CobIT Method Component. NIST Risk Management Framework. Generic Security Design Model. Design Theory: Governance
Outline Security Methodology Richard Baskerville Security Method Design Theories Security Method Adaptation Basic Design Theory in Secure Information Systems Methodology TFO Assumed in Many Security Method
More informationExecutive Order 13556
Briefing Outline Executive Order 13556 CUI Registry 32 CFR, Part 2002 Understanding the CUI Program Phased Implementation Approach to Contractor Environment 2 Executive Order 13556 Established CUI Program
More informationFedRAMP Training - Continuous Monitoring (ConMon) Overview
FedRAMP Training - Continuous Monitoring (ConMon) Overview 1. FedRAMP_Training_ConMon_v3_508 1.1 FedRAMP Continuous Monitoring Online Training Splash Screen Transcript Title of FedRAMP logo. Text
More informationVulnerability-centric assurance activities for MFP PP as a candidate for cpp
Vulnerability-centric assurance activities for MFP PP as a candidate for cpp Fumiaki Manabe JISEC / IPA, Japan September 11, 2013 1 Agenda The security surrounding the MFP PP development for Government
More informationt a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationDriving Cloud Governance and Avoiding Cloud Chaos
Driving Cloud Governance and Avoiding Cloud Chaos Key Take Aways What is Cloud Chaos? Why Do You Need Cloud Governance? Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationLearn how to explain the purpose and business benefits of an ISMS, of ISMS standards, of management system audit and of third-party certification
LAST UPDATED 03-01-2018 ISMS (ISO/IEC 27001:2013) AUDITOR / LEAD AUDITOR TRAINING COURSE (A17533) COURSE DURATION: 5 DAYS LEARNING OBJECTIVES Learn how to explain the purpose and business benefits of an
More information3/2/2012. Background on FISMA-Reheuser. NIST guidelines-cantor. IT security-huelseman. Federal Information Security Management Act
Jonathan Cantor, Department of Commerce Gery Huelseman, U.S. Air Force Michael E. Reheuser, Department of Defense Background on FISMA-Reheuser NIST guidelines-cantor IT security-huelseman Federal Information
More informationSecurity Models for Cloud
Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT December 13, 2006 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-1 RFP: TQC-JTB-05-0001 December 13, 2006 REVISION HISTORY
More informationDefining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012
Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012 Today s Presenters Lesley Berkeyheiser, SPWG co-chair, moderator Lola Jordan, President, Companion Data Services Susan
More informationDevelopments in Global Data Protection & Transfer: How They Impact Third-Party Contracts
Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Partner +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner +44 20 3130 3900] mprinsley@mayerbrown.com
More informationEmbedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
More informationCLOUD QUALITY AND CLOUD CERTIFICATION
CLOUD QUALITY AND CLOUD CERTIFICATION 8th EuroCloud Congress Cloud, Trust & Security 25th October 2017 / Brussels, Belgium Ivana Tepčević Project Manager and Lead Auditor, SGS Belgrade AGENDA SGS in brief
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationFedRAMP Penetration Test Guidance. Version 1.0.1
FedRAMP Penetration Test Guidance Version 1.0.1 July 6, 2015 Revision History Date Version Page(s) Author 06/30/2015 1.0 All First Release FedRAMP PMO 07/06/2015 1.0.1 All Minor corrections and edits FedRAMP
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More informationContinuous Monitoring Strategy & Guide
Version 1.0 June 27, 2012 Executive Summary The OMB memorandum M-10-15, issued on April 21, 2010, changed from static point in time security authorization processes to Ongoing Assessment and Authorization
More informationData Processing Clauses
Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationFederal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011
Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case
More informationSecurity and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government
Security and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government April 13, 2016 Presenter: Carlo Di Giulio Advisor: Dr. Masooda Bashir Focus of the Research Security and privacy
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationSafeguards on Personal Data Privacy.
Safeguards on Personal Data Privacy. Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Maverick Tam Associate Director, Enterprise Risk Services Deloitte Touche Tohmatsu Deloitte ERS
More informationThe Role of the American National Standards Institute (ANSI) Irwin Silverstein, Ph.D. IPEA
The Role of the American National Standards Institute (ANSI) 1 ANSI Activities American National Standard: Excipient GMP Accreditation of Product Conformity Bodies Certification to Excipient GMP 2 IPEA
More informationInformation and Communication Technology (ICT) Supply Chain Security Emerging Solutions
Information and Communication Technology (ICT) Supply Chain Security Emerging Solutions Nadya Bartol, CISSP, CGEIT UTC Senior Cybersecurity Strategist Agenda Problem Definition Existing and Emerging Practices
More informationVerasys Enterprise Security and IT Guide
Verasys Enterprise Johnson Controls Milwaukee WI, USA www.verasyscontrols.com LIT-12013026 March 2018 Contents Introduction... 3 Microsoft Azure security and privacy... 5 Security... 5 Privacy...5 Compliance...5
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationPrivacy hacking & Data Theft
Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationPAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1
PAA PKI Mutual Recognition Framework Copyright PAA, 2009. All Rights Reserved 1 Agenda Overview of the Framework Components of the Framework How It Works Other Considerations Questions and Answers Copyright
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationUnited States Government Cloud Standards Perspectives
United States Government Cloud Standards Perspectives in the context of the NIST initiative to collaboratively build a USG Cloud Computing Technology Roadmap NIST Mission: To promote U.S. innovation and
More informationNIST Cloud Computing Security Working Group
NIST Cloud Computing Security Working Group NIST Cloud Computing Security Reference Architecture NIST Enterprise-Wide Data-Centric Computing Environment February, 2013 Dr. Michaela Iorga, NIST, Computer
More informationCurrent Cloud Certification Challenges Ahead and Proposed Solutions
Current Cloud Certification Challenges Ahead and Proposed Solutions Daniele Catteddu, CTO Cloud Security Alliance AGENDA 3 Challenges 1 Framework 3 Key Requirements 3 Solutions Copyright 2011 2016 Cloud
More informationITU-ACMA Asia Pacific Regulators Roundtable July 2014
ITU-ACMA Asia Pacific Regulators Roundtable 2014 21-22 July 2014 Session 2: Evolution of the Regulator Addressing International Concerns Content Page Cyber Security Cross-border Data Flow Interoperability
More informationCloud Security. Copyright Ramesh Nagappan. All rights reserved.
Cloud Security 1 Cloud Security Week 1 Lecture 1 Ramesh Nagappan Harvard University Extension School Brandeis University GPS 2 Week 1 Lecture - 1 Course Introduction Evolution of Cloud Computing Introduction
More information: Course CDFOM : Certified Data Centre Facilities Operations Manager
Module Title Duration : Course CDFOM : Certified Data Centre Facilities Operations Manager : 3 days Course Description Managing the facilities of today s hi-end and hi-availability data centres is an extremely
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationPRODUCT CERTIFICATION SCHEME FOR MECHANICAL-CUSTOMIZED VEHICLES
Ref No: RACS/SOP/57 Page 1 of 6 1. Objective: This procedure describes the criteria implemented by RACS as Notified Body of Emirates Authority of Standardization and Metrology (ESMA) that Mechanical Customized
More informationEU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017
EU Cloud Computing Policy Luis C. Busquets Pérez 26 September 2017 The digital revolution is built on data Most economic activity will depend on data within a decade Potential of the data-driven economy
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationMedical Device Vulnerability Management
Medical Device Vulnerability Management MDISS / NH-ISAC Process Draft Dale Nordenberg, MD June 2015 Market-based public health: collaborative acceleration Objectives Define a trusted and repeatable process
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationINFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK. Ronald E. Franke, CISA, CIA, CFE, CICA. April 30, 2010
INFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK Presented by Ronald E. Franke, CISA, CIA, CFE, CICA April 30, 2010 1 Agenda General Accountability Office (GAO) and IT Auditing Federal
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationGuide to Understanding FedRAMP. Version 2.0
Guide to Understanding FedRAMP Version 2.0 June 6, 2014 Executive Summary The Federal Risk and Authorization Management Program (FedRAMP) provides a costeffective, risk-based approach for the adoption
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationDavid Missouri VP- Governance ISACA
David Missouri VP- Governance ISACA Present-Senior Agency Information Security Officer (SAISO) @GA DJJ 2012-2016 Information System Security Officer (ISSO) @ US DOL WHD 2011-2012 Network Administrator
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationWhere is the EU in cloud security certification?: Main findings
WE CAN DO SO MUCH TOGETHER Where is the EU in cloud security certification?: Main findings Certification schemes for cloud computing SMART 2016 / 0029 Leire Orue-Echevarria TECNALIA December 11 th, 2017
More information