Cloud Security Alliance Quantum-safe Security Working Group

Similar documents
Security as a Service (Implementation Guides) Research Sponsorship

CCSK Research Sponsorship

CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance

Healthcare and the Cloud:

Corporate Membership

State of Office 365 Adoption & Risk A Dive into the Data. Jim Reavis, CEO, Cloud Security Alliance Brandon Cook, VP, Marketing, Skyhigh Networks

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

SSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services

Driving Global Resilience

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

MEMBERSHIP. Learn how you can get involved with SNIA

Security Models for Cloud

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

How Secure is Blockchain? June 6 th, 2017

What is ISO/IEC 20000?

Open Group Security Forum Overview

Sage Data Security Services Directory

Position Description IT Auditor

CCISO Blueprint v1. EC-Council

SOLUTION BRIEF Virtual CISO

Current Cloud Certification Challenges Ahead and Proposed Solutions

Cybersecurity Session IIA Conference 2018

Security and Privacy Governance Program Guidelines

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

What is ISO/IEC 27001?

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

IEEE Conformity Assessment Program (ICAP) June12, 2013

The CIS Security Metrics & Benchmarking Service. Clint Kreitner The Center for Internet Security

Cloud solution consultant

Certified in the Governance of Enterprise IT Training - Brochure

POSITION DESCRIPTION

Run the business. Not the risks.

Accelerate Your Enterprise Private Cloud Initiative

NIS Standardisation ENISA view

Data Security Standards

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Solutions Technology, Inc. (STI) Corporate Capability Brief

BHConsulting. Your trusted cybersecurity partner

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

Better skilled workforce

Security Management Models And Practices Feb 5, 2008

Federal-State Connections: Opportunities for Coordination and Collaboration

HPH SCC CYBERSECURITY WORKING GROUP

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Planning and Implementing ITIL in ICT Organisations

CLOUD GOVERNANCE SPECIALIST Certification

SOC for cybersecurity

Embedding Privacy by Design

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Cloud solution consultant

Security Metrics Establishing unambiguous and logically defensible security metrics. Steven Piliero CSO The Center for Internet Security

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

OTA Strategic Update Building & Amplifying April 5, 2017

What It Takes to be a CISO in 2017

Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant

[NEC Group Internal Use Only] IoT Security. - Challenges & Standardization status. Sivabalan Arumugam.

Security and Architecture SUZANNE GRAHAM

Common Criteria Certification (ISO15408) Update

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

COURSE BROCHURE. Professional Cloud Service Manager Training & Certification

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Protecting your data. EY s approach to data privacy and information security

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Trend Micro Professional Services Partner Program

CLOUD SECURITY SPECIALIST Certification. Cloud Security Specialist

SPONSORSHIP OPPORTUNITIES JULY 25-26, 2018 SANTIAGO, CHILE #ISC2CONGRESSLATAM LATAMCONGRESS.ISC2.ORG

TEL2813/IS2820 Security Management

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Cloud Customer Architecture for Securing Workloads on Cloud Services

Professional Services Overview

BHConsulting. Your trusted cybersecurity partner

Modern Database Architectures Demand Modern Data Security Measures

Adaptive & Unified Approach to Risk Management and Compliance via CCF

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

ConCert FAQ s Last revised December 2017

Veritas Technology Ecosystem (VTE)

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

ISO Professional Services Guide to Implementation and Certification AND

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Drive Your Career Forward IIA Certifications and Qualifications

PCI DSS Compliance and the Cloud

Information Security Forum Hvad er nyt fra ISF?

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Package of initiatives on Cybersecurity

Microsoft Azure Security, Privacy, & Compliance

GIIM. Global Institute for IT Management. A unique (outside-of-the-box) approach for educating executives

SNIA Green Storage Initiative SNIA Emerald Program Overview PRESENTATION TITLE GOES HERE

Measures for implementing quality labelling and certification

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Choosing a Secure Cloud Service Provider

CLOUD RISK AND GOVERNANCE Professional services for the enterprise

Transcription:

Don Hayford 3rd ETSI/IQC Workshop on Quantum-Safe Cryptography Seoul, Korea October 5, 2015 Session 3: Joint Global Efforts Cloud Security Alliance Quantum-safe Security Working Group 1

Cloud Security Alliance Membership 300 Corporate Members, 65K Individual Members CSA operates the most popular cloud security provider certification program, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered provider assurance program of self assessment, 3rd party audit and continuous monitoring. CSA launched the industry s first cloud security user certification in 2010, the Certificate of Cloud Security Knowledge (CCSK), the benchmark for professional competency in cloud computing security. CSA s comprehensive research program works in collaboration with industry, higher education and government on a global basis. CSA research prides itself on vendor neutrality, agility and integrity of results. Website: https://cloudsecurityalliance.org/ Mission Statement To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

CSA Research Working Groups 28 member-driven working groups and research initiatives Anti-Bot Big Data Cloud Controls Matrix Cloud Data Governance Cloud Vulnerabilities CloudAudit CloudCISC CloudTrust Consensus Assessments Enterprise Architecture Incident Management and Forensics Financial Services Innovation Health Information Management Internet of Things Legal Mobile Open API Open Certification Privacy Level Agreement Quantum-safe Security Security as a Service Security Guidance Small Business Software Defined Perimeter Telecom Top Threats Virtualization

Quantum-Safe Security Working Group Established 11/2014 by ID Quantique, Battelle, QuantumCTek Now 90+ members from 40+ organizations Objective Provide objective information, education, and advice relating to QSS Provide thought leadership for the field of quantum safe encryption and key management Become a trusted advisor to policy makers, analysts, consultants, industry leaders, and internal security or risk officers on issues relating to securing data in the long term Bridge the gap between mathematicians and physicists, and bring quantum cryptography solutions into a traditional security framework Influence and/or set standards and certification procedures to promote adoption and implementation of quantum safe technologies

The Message Key distribution is a problem Quantum computers are a reality Breaking keys will become a reality and the data you are sending now will become vulnerable There are viable solutions QKD currently available from at least one company and certified to FIPS 140-2 Post-quantum algorithms currently available from at least one company and approved by Accredited Standards Committee X9 (X9.98) These solutions need to become mainstream Approved algorithms and methods Appropriate certification paths for hardware and software Interoperability of software and hardware solutions Acceptance by the user community 5

Quantum-Safe Security Working Group Includes both physics-based (i.e, QKD) and software-based (i.e., post-quantum cryptography) both in membership and in our focus Three position papers Short, easy-to-read (2-4 pages) What is Quantum-Safe Security? What is Quantum Key Distribution? What is Post-Quantum Cryptography?

At Last, Some Success I have been shouted at by people saying stop scaremongering; it s science fiction, it will never happen. Andersen Cheng, PQ Solutions 7

What s Next for QSSWG Continued educational thrust White papers, conferences, workshops Focus on conferences aligned with specific industries General industry conferences like CSA Congress, RSA, others Continued thrust for acceptance and adoption by industry Standardization, certification, and accreditation participation PQ and QKD Algorithms, interoperability of hardware and software, certification CSA is not a standards organization, but our members are strong participants in the standards process as developers, suppliers, endusers 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback