CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
|
|
- Bernard Porter
- 5 years ago
- Views:
Transcription
1 CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
2 ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD SECURITY ALLIANCE GLOBAL, NOT-FOR-PROFIT ORGANIZATION RESEARCH AND EDUCATIONAL PROGRAMS CLOUD PROVIDER CERTIFICATION CSA STAR To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. USER CERTIFICATION CCSK THE GLOBALLY AUTHORITATIVE SOURCE FOR TRUST IN THE CLOUD
3 88,000+ INDIVIDUAL MEMBERS 80+ CHAPTERS 2009 CSA FOUNDED OUR COMMUNITY 400+ CORPORATE MEMBERS 35+ ACTIVE WORKING GROUPS SEATTLE/BELLINGHAM, WA // US HEADQUARTERS EDINBURGH // UK HEADQUARTERS Strategic partnerships with governments, research institutions, professional associations and industry CSA research is FREE! SINGAPORE // ASIA PACIFIC HEADQUARTERS
4 SECURITYGUIDANCE V.4 AT A GLANCE
5 About Security Guidance V4 Fundamental cloud security research that started CSA 4 th version, released July 2017 Architecture Governing in the Cloud Governance and Enterprise Risk Management Legal Compliance & Audit Management Information Governance Operating in the Cloud Management Plane & Business Continuity Infrastructure Security Virtualization & Containers Incident Response Application Security Data Security & Encryption Identity Management Security as a Service Related Technologies
6 DOMAIN 1: CLOUD COMPUTING CONCEPTS & ARCHITECTURE Definitions
7 Definitions DOMAIN 1: CLOUD COMPUTING CONCEPTS & ARCHITECTURE
8 DOMAIN 1: CLOUD COMPUTING CONCEPTS & ARCHITECTURE Logical Models & Architectures Shared Responsibility Sample SaaS Architecture Logical Model
9 DOMAIN 1: CLOUD COMPUTING CONCEPTS & ARCHITECTURE Key Takeaways Understand Cloud Definitions Shared Responsibility of Security Leverage key CSA assurance tools Cloud Controls Matrix Consensus Assessments Initiative Questionnaire CSA Security, Trust & Assurance Registry (STAR) CSA Enterprise Architecture
10 DOMAIN 2: GOVERNANCE AND ENTERPRISE RISK MANAGEMENT Risk & Governance Hierarchy
11 DOMAIN 2: GOVERNANCE AND ENTERPRISE RISK MANAGEMENT Key Takeaways Adapting Risk Management program to cloud s unique characteristics Understanding tradeoffs and tools Understanding a virtual approach to security risk management Assessment process Cloud Assessment Process
12 DOMAIN 3: LEGAL
13 DOMAIN 3: LEGAL Key Takeaways Regional regulatory examples affecting cloud Contract criteria, due diligence focus and negotiations Electronic discovery Data collection and retention issues High level discussion of critical legal issues for both providers and customers NOTE: for GDPR tools, check out our GDPR Resource Center and the CSA Code of Conduct for GDPR Compliance: gdpr.cloudsecurityalliance.org/
14 DOMAIN 4: COMPLIANCE AND AUDIT MANAGEMENT Key Takeaways Have a continuous approach Leverage high quality certifications & attestation as opposed to bespoke audits Scoping of audits/assessments is critical CSA tools essential
15 DOMAIN 5: INFORMATION GOVERNANCE Key Takeaways Understand cloud information governance domains, e.g. privacy, location, classification, controls, etc. Know your governance requirements before selecting cloud application Take a data security lifecycle approach Data Security Lifecycle
16 DOMAIN 6: MANAGEMENT PLANE AND BUSINESS CONTINUITY Key Takeaways Critical new domain reflecting practical knowledge in cloud security management High availability and business continuity intra-cloud vs inter-cloud Protection of privileged accounts
17 DOMAIN 7: INFRASTRUCTUR E SECURITY Key Takeaways Fundamentals of IaaS platform security Apply least privilege on a granular level, e.g. workloads Apply Software-Defined Networking (SDN) & Software-Defined Perimeter (SDP) Understand vulnerability assessment and penetration testing changes Immutable VM/Container Deployment
18 DOMAIN 8: VIRTUALIZATION AND CONTAINERS Key Takeaways Tenant isolation Secure by default images Cloud-native patch management Orchestration tools
19 DOMAIN 9: INCIDENT RESPONSE Key Takeaways Understand the IR lifecycle process Cloud providers have varying options supporting IR SLAs are an important area to understand ahead of time Cloud tools provide superior capabilities to orchestrate and automate IR
20 DOMAIN 10: APPLICATION SECURITY Key Takeaways Leverage a recognized secure software development lifecycle, e.g.: MS-SDLC, NIST800-64, ISO/IEC Understand new cloud app design trends Make sure you are addressing DevOps and Continuous Deployment Understand multi-tenant vulnerability assessment & pen testing considerations Continuous Deployment Pipeline
21 DOMAIN 11: DATA SECURITY AND ENCRYPTION Key Takeaways Understand provider data security controls, risk based approach to encryption (can t encrypt everything) Customer-managed keys preferable where feasible CASB may help with encryption prioritization/decision support Granular access control & entitlements
22 DOMAIN 12: IDENTITY MANAGEMENT Key Takeaways Extend strong internal identity federation Federation standards critical Multi-factor authentication needed (mandatory for privileged identities) Attribute-based preferred to role-based access control
23 DOMAIN 13: SECURITY AS A SERVICE Key Takeaways Numerous benefits Flexible deployment Shared intelligence Staffing expertise Vetting as you would any important cloud provider: certifications, portability, regulatory support Visibility into your data & logs critical
24 DOMAIN 14: RELATED TECHNOLOGIES Key Takeaways Big Data Internet of Things Mobile computing Serverless cloud Discuss synergy and cloud leverage
25 CSA Code of Conduct for GDPR Compliance Released November 2017 Provide CSPs a tool to achieve EU Data Protection Provide cloud customer with a tool to evaluate CSP Data Protection compliance Code of Conduct Self-Assessment and Certification added to CSA STAR in early 2018 Working closely with supervisory authorities for approval
26 CSA Code of Conduct Structure of components Part 1: CSA CoC objectives & scope Part 2: Privacy Level Agreement Code of Practice Part 3: CSA CoC Governance mechanisms Detailed list of GDPR requirements Strongly based on WP29 Opinions, ENISA Guidelines and ISO standards Considers differences between CSPcontroller and CSP-processor
27 L E G A L C O M P L I A N C E CODE OF CONDUCT FOR GDPR COMPLIANCE CSA Code of Conduct and CSA STAR CSA STAR: world s largest registry of cloud security assertions Adding GDPR self-assessment January 2018 Adding GDPR 3 rd party certification H View specifications in Part 3 of Code of Conduct T E C H N I C A L C O M P L I A N C E
28 THANK YOU Contact CSA Site: Learn: Download: GDPR Resource center:
Jim Reavis CEO and Founder Cloud Security Alliance December 2017
CLOUD THREAT HUNTING Jim Reavis CEO and Founder Cloud Security Alliance December 2017 A B O U T T H E BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT C L O U D S E C U R I T Y A L L I A N C E GLOBAL,
More informationCurrent Cloud Certification Challenges Ahead and Proposed Solutions
Current Cloud Certification Challenges Ahead and Proposed Solutions Daniele Catteddu, CTO Cloud Security Alliance AGENDA 3 Challenges 1 Framework 3 Key Requirements 3 Solutions Copyright 2011 2016 Cloud
More informationHealthcare and the Cloud:
Healthcare and the Cloud: Pros & Cons of Security and Privacy Information Systems Security Association (ISSA) Healthcare SIG and Cloud Security Alliance (CSA) March 16, 2017 1 Vince Campitelli Enterprise
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationCloud Security Alliance Quantum-safe Security Working Group
Don Hayford 3rd ETSI/IQC Workshop on Quantum-Safe Cryptography Seoul, Korea October 5, 2015 Session 3: Joint Global Efforts Cloud Security Alliance Quantum-safe Security Working Group 1 Cloud Security
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationSecuring Data in the Cloud: Point of View
Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements
More informationSTANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?
ETSI SUMMIT Releasing the Flow Data Protection and Privacy in a Data-Driven Economy 19 April 2018 STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL? Presented by
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationHow to Establish Security & Privacy Due Diligence in the Cloud
How to Establish Security & Privacy Due Diligence in the Cloud Presentation: Cloud Computing Expo 2015, Santa Clara, California Maria C. Horton, CISSP, ISSMP, Cloud Essentials, IAM CEO, EmeSec Incorporated
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationOverview of International Standards for Cloud Computing
ITU Regional Forum on New Technologies for Development, Cairo-Egypt, 23-24 November 2016 Overview of International Standards for Cloud Computing Dr. Jamil Chawki, Orange SG 13 Vice Chairman & SG 13 WP2
More informationThe Next Generation of Cloud Security. Joe Chan Vice Chairman Programs & Research Cloud Security Alliance Hong Kong & Macau Chapter
The Next Generation of Cloud Security Joe Chan Vice Chairman Programs & Research Cloud Security Alliance Hong Kong & Macau Chapter www.cloudsec.com About the Cloud Security Alliance Global, not-for-profit
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationState of Office 365 Adoption & Risk A Dive into the Data. Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks
State of Office 365 Adoption & Risk A Dive into the Data Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks Q4 2016 Office 365 Usage and Risk Report Brandon Cook, Skyhigh
More informationSecurity Models for Cloud
Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationOptimising cloud security, trust and transparency
Optimising cloud security, trust and transparency April 2013 Jim Reavis, CSA Founder and Executive Director Daniele Catteddu, CSA Managing Director EMEA About the Cloud Security Alliance! Global, not-for-profit
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationEmbedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More informationProtecting Sensitive Data in the Cloud. Presented by: Eric Wolff Thales e-security
Protecting Sensitive Data in the Cloud Presented by: Eric Wolff Thales e-security Topics IT Perspectives on Cloud Security Tools for Security in the Cloud XaaS Encryption/Key Management Strategies Tweet
More informationAccelerate GDPR compliance with the Microsoft Cloud Agustín Corredera
Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are
More informationThe Business of Security in the Cloud
The Business of Security in the Cloud Dr. Pamela Fusco Vice President Industry Solutions Solutionary Inc. CISSP, CISM, CHSIII, IAM, NSA/CSS Adjunct Faculty Promises Promises The promise of cloud computing
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationChoosing a Secure Cloud Service Provider
Choosing a Secure Cloud Service Provider Dr. Ricci IEONG, CISSP, CISA, CISM, CCSK, CCSP, CEH,GPEN, GIAC Advisory Board, ISSAP, ISSMP, F.ISFS Vice President Professional Development Cloud Security Alliance
More informationCompliance & Security in Azure. April 21, 2018
Compliance & Security in Azure April 21, 2018 Presenter Bio Jeff Gainer, CISSP Senior Information Security & Risk Management Consultant Senior Security Architect Have conducted multiple Third-Party risk
More informationCertification Exam Outline Effective Date: April 2015
Certification Exam Outline Effective Date: April 2015 About CCSP (ISC)² and the Cloud Security Alliance (CSA) developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud
More informationBSI C5 Status Quo. Dr. Clemens Doubrava, BSI,
BSI C5 Status Quo Dr. Clemens Doubrava, BSI, 11.12.2017 Expectations Cloud Service Provider Customers, more customers, An Everything-is-secure -Certification Preferably including data protection (GDPR)
More informationSmart Software Licensing tools and Smart Account Management Privacy DataSheet
Smart Software Licensing tools and Smart Account Management Privacy DataSheet This Privacy DataSheet describes the processing of personal data (or personal identifiable information) by Smart Software Licensing
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationDELIVERING SECURE, SCALABLE, AND COMPLIANT CLOUD SERVICES
DELIVERING SECURE, SCALABLE, AND COMPLIANT CLOUD SERVICES Trust Built Upon a Secure, Scalable, and Compliant Cloud OVERVIEW Instilling the utmost confidence in our ability to prevent and mitigate security
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationNE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
NE HIMSS Vendor Risk October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Does Vendor Management Feel Like This? 2 Vendor Risk Management Lifecycle
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationBuilding a More Secure Cloud Architecture
Building a More Secure Cloud Architecture Jerry Archer SVP and CSO Let s Make College Happen Security Guiding Principles in the Cloud Secure Perimeter Micro-segmentation -- isolating applications and data
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationTop Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk
Top Reasons To Audit An IAM Program Bryan Cook Focal Point Data Risk Focal Point Data Risk A New Type of Risk Management Firm THE FACTS Born from the merger of three leading security & risk management
More informationThis presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas Tamosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide
More informationAuditing the Cloud. Paul Engle CISA, CIA
Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationBuilding Trust in the Era of Cloud Computing
Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.
More informationCertification Exam Outline Effective Date: August 1, 2019
Certification Exam Outline Effective Date: August 1, 2019 About CCSP (ISC)² and the Cloud Security Alliance (CSA) developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud
More informationMicrosoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz Installation von 2000 Servern in 3 Stunden Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationThe Challenge of Cloud Security
The Challenge of Cloud Security Dr. Ray Klump Chair, Mathematics & Computer Science Director, MS in Information Security Lewis University Poll Question #1: What type of cloud service are you
More informationData Protection in the AWS Cloud: Implementing GDPR and Overview of C5
Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5 Gerald Boyne, Christian Hesse Security Assurance Germany 25.11.2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights
More informationPractical Guide to Cloud Computing Version 2. Read whitepaper at
Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables
More informationRobert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014
Robert Brammer Senior Advisor to the Internet2 CEO rfbtech@internet2.edu Internet2 NET+ Security Assessment Forum 8 April 2014 INTERNET2 NET+ Security Initiative Primary objective -- develop guidance to
More informationDavid Jenkins (QSA CISA) Director of PCI and Payment Services
David Jenkins (QSA CISA) Director of PCI and Payment Services PCI and the Cloud, where is my Atlas Agenda About Cognosec PCI DSS 3.0 and CSPs SLA Considerations Technical considerations Auditing About
More informationRMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS
RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS RMS REPORT PAGE 1 Confidentiality Notice Recipients of this documentation and materials contained herein are subject to the restrictions
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationECSA Assessment Report
ECSA Assessment Report Company Test Cloud Company Name of the cloudservice textcloud.com Website of the cloudservice 11.textcloud.com Project number #10652 Projectname Dummyproject Print date 2015-12-01
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationAgenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2
GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure
More informationEnhanced Privacy ID (EPID), 156
Index A Accountability, 148 ActiveDirectory, 153 Amazon AWS EC2, 168 Anonymity, 148 Asset tagging, 96 Attestation definition, 65 dynamic remote attestation techniques, 66 IMA, 67 Intel Trust Attestation
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationNo Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017
No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated
More informationCloud Security. Copyright Ramesh Nagappan. All rights reserved.
Cloud Security 1 Cloud Security Week 1 Lecture 1 Ramesh Nagappan Harvard University Extension School Brandeis University GPS 2 Week 1 Lecture - 1 Course Introduction Evolution of Cloud Computing Introduction
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationMaintaining Security Parity in the Shift to Cloud and Mobile Applications. Jamie Yu, Clark Sessions Cisco Systems October 2016
Maintaining Security Parity in the Shift to Cloud and Mobile Applications Jamie Yu, Clark Sessions Cisco Systems October 2016 Speakers Background Application Security Team Cloud and Mobile Application
More informationManaging Microsoft 365 Identity and Access
Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential
More informationCAN MICROSOFT HELP MEET THE GDPR
CAN MICROSOFT HELP MEET THE GDPR REQUIREMENTS? Danny Uytgeerts Microsoft 365 TSP / P-Seller Privacy Consultant (certified DPO) Member of DPO-Pro (Professional association of Belgian DPOs) danny.uytgeerts@realdolmen.com
More informationWebtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security
Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2016 through June 30, 2016 SOC 3 SM SOC 3 is a service
More informationSOARING THROUGH THE CLOUDS IT S A BREEZE
Securing your data from here to the Cloud SOARING THROUGH THE CLOUDS IT S A BREEZE Mary Siero, CISSP, CISM, CRISC msiero@innovativeitlv.com Terry A. Tobias, CRISC, CCP ttobias@innovativeitlv.com Security
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationSecurity and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government
Security and Privacy Mechanisms: An Analysis of Cloud Service Providers for the US Government April 13, 2016 Presenter: Carlo Di Giulio Advisor: Dr. Masooda Bashir Focus of the Research Security and privacy
More informationLTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security
LTI Security Intelligent & integrated Approach to Cyber & Digital Security Overview As businesses are expanding globally into new territories, propelled and steered by digital disruption and technological
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationCLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information
CLOUD COMPUTING The Old Ways Are New Again Jeff Rowland, Vice President, USAA IT/Security Audit Services Public Information Who We Are Our Mission The mission of the association is to facilitate the financial
More informationDigital Renewable Ecosystem on Predix Platform from GE Renewable Energy
Digital Renewable Ecosystem on Predix Platform from GE Renewable Energy Business Challenges Investment in the Industrial Internet of Things (IIoT) is expected to top $60 trillion during the next 15 years.
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More information