Het Secure Datacenter

Size: px
Start display at page:

Download "Het Secure Datacenter"

Transcription

1 Het Secure Datacenter If trust and reliability matters Michiel Steltman CTO Siennax

2 Drivers voor IT Security Financiële aansprakelijkheid Sox, Basel II Persoonlijke aansprakelijkheid van managers Operationele veiligheid Integriteit van systemen en data Bescherming van Intellectueel Eigendom Recepten, processen, kennis, patenten Borging van Productveiligheid & milieu Wetgeving Morele aansprakelijkheid Marketing waarde

3 Stap 1: Risico analyse Welke invalshoek? Kans X Impact Awareness? Impact Maatregelen Accepteren Waarschijnlijkheid

4 PCAOB over IT The nature and characteristics of a company's use of information technology in its information system affect the company's internal control over financial reporting Volgens de PCAOB zijn de volgende aspecten van belang: - Relevante Applicaties - Algemene Computing Infrastructuur

5 Relaties tussen Sox/Basel II en IT Finance Financial Statements Financial Transactions Processes Business Processes IT IT: Business Applications Integrity Completeness - Validation IT: Infrastructure Security - Change Control - IT Governance Contingency - Development

6 Overheid, Auditors, IT Overheid Board 1 Board 2 Wetten Accountancy Independent Independent Auditor Auditor Audit Audit Standards: SAS-70 Trust Services Bedrijven IT Controlsets: COBIT (ITGI) ITIL ISO 1799 ISO 900x ISO 1000x

7 Top 5 IT Controls (ITGI Cobit) Governance Policies, Procedures in place Management Awareness Security Processes to ensure segregation of duties Secure Applications and Infrastructure Change Control Processes to ensure proper Review, Approval Technology to limit developer access Disaster Recovery Recoverability of data with key impact Development Prevent flawed or compromised applications from going into production

8 Top 5 voor Applicaties: Accuracy of the processing Integrity Completenes of transactions Relates to quality of software -> testing Validity of data Entry validations, automated or peer checks Authorization The Right persons can do what? Segregation of duties E.g. can a single person change everything

9 En voor Infrastructuur Development Adequate QA, Apply OTAP principles Change Management Audit trails, Processes, Checks Computer Operations Definition, Acquisition, Installation, Configuration Availability, Continuity, Service levels Management of Third Parties Governance, Monitoring, Reporting Controlled IT Environment: COBIT, ITIL Access to Programs and Data Security ISO17799

10 De Risk en Security Aware organisatie Absoluut veilig bestaat niet. Zwakste schakel Processen, Techniek en Mensen Techniek is geen haarlemmerolie Policies -> Procedures -> Maatregelen -> Checks & Audits Alles zelf doen of uitbesteden Zoja, wat dan?

11 Siennax ASP the hype More ASP App s Segmented focus for enterprise Sourcing Services Billing Services Learning Services Utility computing platform Utility Saas SME Indirect Channel & Partners

12 Siennax Services Customer issues and requirements solutions solutions solutions solutions Application Services Billing Services Learning Services Sourcing Services Siennax Utility Platform

13 IT is een industrieel proces

14 Datacenter maturity

15 Compliance, Trust Services and SAS-70 Siennax Service Levels Security Maintenance Availability Continuity ITIL processes OTAP process Siennax Certificates Top 5 IT controls: Security Change Management Disaster Recovery Governance Development Customer with Compliance Requirement Trust Services: Security in place? Availability covered? SAS-70 II: Do these controls really exist? Are they effective Independant Audit

16 If trust and reliability matters

Information Security Governance

Information Security Governance Information Security Governance Aart Bitter Aart.Bitter@information-security-governance.com Agenda Governance & Compliance Information Security Governance Aanpak om information security governance in organisaties

More information

Informatiebeveiliging volgens ISO/IEC 27001:2013

Informatiebeveiliging volgens ISO/IEC 27001:2013 Informatiebeveiliging volgens ISO/IEC 27001:2013 Dave Hagenaars, directeur BSI Group Nederland Copyright 2012 BSI. All rights reserved. Inhoud Wie zijn wij? Waarom informatiebeveiliging? Wat is de relevantie

More information

Platform voor Informatiebeveiliging IB Governance en management dashboards

Platform voor Informatiebeveiliging IB Governance en management dashboards Platform voor Informatiebeveiliging IB Governance en management dashboards Johan Bakker MSc CISSP ISSAP Principal Policy Advisor KPN Corporate Center Information Security Governance Agenda Drivers voor

More information

Het Dynamisch Datacenter uitgelicht. Arne Peleman

Het Dynamisch Datacenter uitgelicht. Arne Peleman Het Dynamisch Datacenter uitgelicht Arne Peleman Wie ben ik? Name: Work: Arne Peleman Solution Team Lead Ferranti Computer Systems Twitter: Blog: @arnepeleman http://scug.be/blogs/arne Email: arne.peleman@ferranti.be

More information

Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services

Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services Risks are Key, Processes Follow Michiel Schuijt Chief Risk Officer, Mn Services Mn Services & Our Risk Management Philosophy 8 June 2011 ProcessWorld 2011 2 Pension Companies in the Netherlands APG Groep

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015 1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association

More information

NL VMUG UserCon March 19 2015

NL VMUG UserCon March 19 2015 NL VMUG UserCon March 19 2015 VMware Microsoft Let's look beyond the war on checkbox compliancy. Introductie Insight24 Technologie is een middel, geen doel 3x M (Mensen, Methoden, Middelen) & Organisatie

More information

UvA college Governance and Portfolio Management

UvA college Governance and Portfolio Management UvA college Han Verniers Principal Consultant Han.Verniers@LogicaCMG.com Programma Governance IT Governance, wat is dat? Governance: structuren, processen, instrumenten Portfolio Management Portfolio Management,

More information

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool IC Rating NPSP Composieten BV 9 juni 2010 Variopool AGENDA: The future of NPSP Future IC Rating TM NPSP Composieten BV 2 Bottom line 3 Bottom line 4 Definition of Intangibles The factors not shown in the

More information

Compliance and Governance

Compliance and Governance Compliance and Governance Compliance and Governance Governance is concerned with accountability and responsibility in terms of the standards that are used to direct and control an IS department. The wave

More information

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.

More information

ITSM Governance In the world of cloud computing

ITSM Governance In the world of cloud computing ITSM Governance In the world of cloud computing Housekeeping Welcome to the Webinar Use the control panel to ask questions Can you see & hear us? enter your name & city to confirm Type Your Questions Here

More information

The Information Systems Audit

The Information Systems Audit November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated

More information

Information Technology Auditing for Non-IT Specialist

Information Technology Auditing for Non-IT Specialist Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating

More information

How to manage Business Apps - Case for a Mobile Access Strategy -

How to manage Business Apps - Case for a Mobile Access Strategy - How to manage Business Apps - Case for a Mobile Access Strategy - Hans Heising, Product Manager Gábor Vida, Manager Software Development RAM Mobile Data 2011 Content Introduction 2 Bring your own device

More information

BC54: Preparing for a SAS 70 Audit

BC54: Preparing for a SAS 70 Audit BC54: Preparing for a SAS 70 Audit Kathleen Lucey Montague Risk Management kalucey@montaguetm.com tel: 1.516.676.9234 1 What is SAS 70? History and Purpose What does it include? Type 1 vs. Type 2 Grades

More information

Visie op Hosted Services: Cloud Computing. Michel N guettia Business Lead Server

Visie op Hosted Services: Cloud Computing. Michel N guettia Business Lead Server Visie op Hosted Services: Cloud Computing Michel N guettia Business Lead Server Agenda De Strategie Microsoft Cloud Partner Opportunity Ondertussen, de 5e Generatie Computing Cloud SOA Web Client-Server

More information

Hoorcollege marketing 5 de uitgebreide marketingmix. Sunday, December 9, 12

Hoorcollege marketing 5 de uitgebreide marketingmix. Sunday, December 9, 12 Hoorcollege marketing 5 de uitgebreide marketingmix Sunday, December 9, 12 De traditionele marketing mix Sunday, December 9, 12 Waarom was dat niet genoeg dan? Sunday, December 9, 12 Omdat er vooruitgang

More information

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Assuring the Cloud Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Need for Assurance in Cloud Computing Demand Fast go to market Support innovation Lower costs Access everywhere

More information

Met je hoofd in de wolken. Ard-Jan Glas

Met je hoofd in de wolken. Ard-Jan Glas Met je hoofd in de wolken Ard-Jan Glas Trend Hogere availability 24 uur per dag global customers Van mainframe naar distributed Omzet verlies door downtime Klanten stellen hogere eisen De volgende IT

More information

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition 1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...

More information

Risk-Based Monitoring

Risk-Based Monitoring Risk-Based Monitoring Evolutions in monitoring approaches Voorkomen is beter dan genezen! Roelf Zondag 1 wat is Risk-Based Monitoring? en waarom doen we het? en doen we het al? en wat is lastig hieraan?

More information

Benchmark of controls over IT activities. 2011 Report. ABC Ltd

Benchmark of controls over IT activities. 2011 Report. ABC Ltd www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)

More information

10 best practices voor een groen IT systeem

10 best practices voor een groen IT systeem 10 best practices voor een groen IT systeem Symposium Groene ICT en Duurzaamheid, mei 2015 Niels van der Zwan, Michiel Cuijpers Software Improvement Group Kennis Netwerk Groene Software +31 20 314 0950

More information

IP-NBM. Copyright Capgemini 2012. All Rights Reserved

IP-NBM. Copyright Capgemini 2012. All Rights Reserved IP-NBM 1 De bescheidenheid van een schaker 2 Maar wat betekent dat nu 3 De drie elementen richting onsterfelijkheid Genomics Artifical Intelligence (nano)robotics 4 De impact van automatisering en robotisering

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

Navigating the Standards for Information Technology Controls

Navigating the Standards for Information Technology Controls Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley

More information

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker Data Driven Strategy BlinkLane Consul.ng Amsterdam, 10 december 2013 Ralph Hofman Arent van t Spijker 1 Data Driven Strategy 08.00 08.05 Welkom 08:05 08.20 Data Driven Strategy 08.20 08.30 Het Business

More information

IT-waardeketen management op basis van eeuwenoude supply chain kennis

IT-waardeketen management op basis van eeuwenoude supply chain kennis IT-waardeketen management op basis van eeuwenoude supply chain kennis Hans van Aken / November 28, 2012 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

DEKRA Certification ISO 27000:2013 SHAPING THE FUTURE

DEKRA Certification ISO 27000:2013 SHAPING THE FUTURE DEKRA Certification ISO 27000:2013 SHAPING THE FUTURE Henk Keijzer, 24 september 2013 Over DEKRA DEKRA HQ based in Stuttgart, Germany Active in more than 50 countries worldwide Organised in 3 Business

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

Hoe onze wereld aan het veranderen is

Hoe onze wereld aan het veranderen is Hoe onze wereld aan het veranderen is Michiel Schaalje CTO Cisco Nederland Sinds 1996 actief binnen Cisco Vanaf 2006 verantwoordelijk voor o.a. de gehele Nederlandse presales organisatie Richt zich vanuit

More information

Presentation on COBIT Education

Presentation on COBIT Education http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission

More information

It s all about relevance! De financiële professional als hoeder van waarde

It s all about relevance! De financiële professional als hoeder van waarde www.pwc.nl De financiële professional als hoeder van waarde Robert van der Laan 31 oktober 2012 NBA-VRC Jaarcongres Headlines Integrated Reporting 2 Nothing in the world is so powerful as an idea whose

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012

Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012 Architectuur hulpmiddelen TechnoVision & CORA Maarten Engels Nieuwegein, 9 februari 2012 AGENDA Hulpmiddel 1: TechnoVision Hulpmiddel 2: Common Reference Architecture Q&A Hulpmiddel 1: TechnoVision 4

More information

Test automation Delta Lloyd, successful IT business alignment. Eric de Graaf

Test automation Delta Lloyd, successful IT business alignment. Eric de Graaf Test automation Delta Lloyd, successful IT business alignment Eric de Graaf June 17 2014 Your presenter for today Eric de Graaf Team lead test automation Delta Lloyd Leven Test tool specialist/consultant

More information

Telematica in het weggoederenvervoer

Telematica in het weggoederenvervoer Telematica in het weggoederenvervoer Sven Claessens qualcomm.eu ANNUAL RESULTS (FY2011 GAAP) Best chipset REVENUES OPERATING INCOME DILUTED EPS OPERATING CASH FLOWS 2 Innovation is our Game Driving the

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

Enterprise Architecture

Enterprise Architecture Enterprise Architecture Dr. Adnan Albar Faculty of Computing & Information Technology King AbdulAziz University - Jeddah 1 Overview Enterprise Architecture and Other Governance Instruments Methods and

More information

Emerging Technologies De Top Drie Trends

Emerging Technologies De Top Drie Trends Emerging Technologies De Top Drie Trends Paul Lebouille Gartner Nederland Paul.Lebouille@Gartner.com +31 (0) 6 120 444 07 Technologie is. 2007 Gartner, Inc. and/or its affiliates. All rights reserved.

More information

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners. Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international

More information

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies

More information

Hoe bestuurt u de cloud?

Hoe bestuurt u de cloud? Hoe bestuurt u de cloud? Over SDDC en cloud management met VMware Viktor van den Berg Senior Consultant 1 oktober 2013 Even voorstellen 2 Viktor van den Berg Senior Consultant @ PQR Focus op Server Virtualisatie

More information

KAURI Mission (Articles of Association)

KAURI Mission (Articles of Association) KAURI Mission (Articles of Association) De vereniging heeft tot doel een platform, kenniscentrum en lerend netwerk te zijn van mensen uit het bedrijfsleven, maatschappelijke organisaties en instellingen,

More information

White Paper. Regulatory Compliance and Database Management

White Paper. Regulatory Compliance and Database Management White Paper Regulatory Compliance and Database Management March 2006 Introduction Top of mind in business executives today is how to meet new regulatory compliance and corporate governance. New laws are

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

IT s Role in Sarbanes-Oxley Act

IT s Role in Sarbanes-Oxley Act IT s Role in Sarbanes-Oxley Act SunView Software Whitepaper September 2006 Table of Contents Executive Summary............................ 2 Requirements for Successful SOX Compliance.......... 3 What

More information

Bedrijfszekerheid in ketens

Bedrijfszekerheid in ketens Datum 27-11-2011 1 Bedrijfszekerheid in ketens Risk Towards Trustworthy ICT Service Chains Control Assurance Integrated Assurance framework for ICT enabled service chains Drs Y.W. (Ype) van Wijk RE RA

More information

Dé cloud bestaat niet. maakt cloud concreet

Dé cloud bestaat niet. maakt cloud concreet Dé cloud bestaat niet. maakt cloud concreet 1 Cloud. Ja, en dan... How to eat an elephant? 3 Sogeti Cloud Kickstart 4 The journey to the Cloud, Een reis is als een mens; geen twee zijn dezelfde. John Steinbeck,

More information

#BusinessMeetsIT. Welcome. Seminar Cloud & Sales/Marketing Automation

#BusinessMeetsIT. Welcome. Seminar Cloud & Sales/Marketing Automation #BusinessMeetsIT Welcome Seminar Cloud & Sales/Marketing Automation Nice to meet you. I m William ( @wvisterin ) Nice to meet you. I m William ( @wvisterin ) Editor in Chief Smart Business Strategies B2B

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

Cloud. Transformatie. Cases.

Cloud. Transformatie. Cases. Cloud. Transformatie. Cases. Dé cloud bestaat niet. maakt cloud concreet 2 IT Transformatie. Cloud? De vraag is niet of we gaan, maar wanneer en hoe #sogetidoethet Matthias Radder Cloud Consultant 3 In

More information

COBIT & ITIL usage for SOX current and future

COBIT & ITIL usage for SOX current and future COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Payroll Systems and Technology. CPP Study Class 2014 - Chapter 12

Payroll Systems and Technology. CPP Study Class 2014 - Chapter 12 Payroll Systems and Technology CPP Study Class 2014 - Chapter 12 Objectives of a Computerized Payroll System Customers: EE s we pay Other dept s Upper mgmt Government agencies System Provides: Paychecks

More information

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO

More information

Streaming Smackdown 2009. Ruben Spruijt

Streaming Smackdown 2009. Ruben Spruijt Streaming Smackdown 2009 Ruben Spruijt Opbouw Advanced ICT Infrastructuur: Eenvoud in ICT Application and Desktop delivery solutions overview Application Virtualization Smackdown: Citrix, Microsoft en

More information

SAS 70 Type II Audits

SAS 70 Type II Audits Thinking from IntraLinks SAS 70 Type II Audits SAS 70 Type II Audits Ensuring Data Security, Reliability and Integrity If your organization shares sensitive data over the Internet, you need rigorous controls

More information

Key Issues for Identity and Access Management, 2008

Key Issues for Identity and Access Management, 2008 Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research

More information

Cloud. Gebruik. Cases.

Cloud. Gebruik. Cases. Cloud. Gebruik. Cases. Dé cloud bestaat niet. maakt cloud concreet 2 Overview Cloud Gebruik. Christiaan Hoos Alliance Manager Microsoft 3 Why Cloud? Cloud? 4 Cloud Promises... increase QoS improve Agility

More information

ISO 20000: What s an Organization to Do?

ISO 20000: What s an Organization to Do? ISO 20000: What s an Organization to Do? best practices WHITE PAPER Table of Contents Abstract 1 a Natural Next Step 2 ITIL 3 COBIT 3 BS 15000 3 A Closer Look at ISO 20000 3 the Impact of ISO 20000 4 Should

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

GLOBAL STANDARD FOR INFORMATION MANAGEMENT GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of

More information

Hoe kies je de juiste Microsoft Hosted Exchange Service Provider?

Hoe kies je de juiste Microsoft Hosted Exchange Service Provider? White Paper Cloud diensten zijn populairder dan ooit. Veel bedrijven zien nu dan ook de voordelen van het uitbesteden van bepaalde ICT onderdelen. Voordelen als: Beschikbaarheid van data, Snelle Implementatietijd

More information

OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

The Role of Internal Audit In Business Continuity Planning

The Role of Internal Audit In Business Continuity Planning The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information

More information

Making Compliance Work for You

Making Compliance Work for You white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

Chapter 7. IM/IT Service Management

Chapter 7. IM/IT Service Management Chapter 7 IM/IT Service Management Learning Objectives Articulate the impact that unplanned work has on an IM/IT department. Identify a number of different process improvement frameworks that could be

More information

Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden

Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden Pascal Oetiker Security Management Solutions Novell EMEA poetiker@novell.com Privacy- en compliance-druk PCI-DSS NEN

More information

Information Security Compliance for Sarbanes- Oxley and Basel II

Information Security Compliance for Sarbanes- Oxley and Basel II Information Security Compliance for Sarbanes- Oxley and Basel II Computer Security Week 30 th November 2006 Dr. David Brewer Gamma Secure Systems Limited www.gammassl.co.uk Agenda Laws and regulations

More information

PROFIBUS & PROFINET Nederland PROFIBUS, PROFINET en IO-Link. Ede, 12 november 2009

PROFIBUS & PROFINET Nederland PROFIBUS, PROFINET en IO-Link. Ede, 12 november 2009 Ede, 12 november 2009 Remote Maintenance voor PROFINET en Ethernet netwerken Ede, 12 november 2009 Voorstellen Cliff van Gellekom Raster Products BV cliff.van.gellekom@raster.com 3 Remote Connectivity

More information

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance Table of Contents 3 10 Essential Steps 3 Understand the Requirements 4 Implement IT Controls that Affect your

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Executive's Guide to

Executive's Guide to Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS

More information

Internal Control Deliverables. For. System Development Projects

Internal Control Deliverables. For. System Development Projects DIVISION OF AUDIT SERVICES Internal Control Deliverables For System Development Projects Table of Contents Introduction... 3 Process Flow... 3 Controls Objectives... 4 Environmental and General IT Controls...

More information

Governance, Risk & Compliance for Public Sector

Governance, Risk & Compliance for Public Sector Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment

More information

Effectively Assessing IT General Controls

Effectively Assessing IT General Controls Effectively Assessing IT General Controls Tommie Singleton UAB AGENDA Introduction Five Categories of ITGC Control Environment/ELC Change Management Logical Access Controls Backup/Recovery Third-Party

More information

Attestation of Identity Information. An Oracle White Paper May 2006

Attestation of Identity Information. An Oracle White Paper May 2006 Attestation of Identity Information An Oracle White Paper May 2006 Attestation of Identity Information INTRODUCTION... 3 CHALLENGES AND THE NEED FOR AUTOMATED ATTESTATION... 3 KEY FACTORS, BENEFITS AND

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Sarbanes-Oxley Compliance and Identity and Access Management

Sarbanes-Oxley Compliance and Identity and Access Management A Bull Evidian White Paper Summary of Contents Introduction Sarbanes-Oxley Reference Framework IAM and Internal Controls over Financial Reporting Features Improve Efficiency with IAM Deploying IAM to Enforce

More information

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 CLOUD COMPUTING LESSONS LEARNED Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 WHEN WAS THE TERM USED FOR THE FIRST TIME? 26 th of October 1997 WHO HYPED ALL THIS? What's

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters

Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters Welk deel van het platform hebben we nu behandeld? Agenda Recap: Storage Account Nieuw! Premium Storage Nieuw! Native backup voor

More information

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related

More information

ISO 31000 de internationale richtlijn voor risicomanagement

ISO 31000 de internationale richtlijn voor risicomanagement ISO 31000 de internationale richtlijn voor risicomanagement Dick Hortensius NEN-Managementsystemen Agenda Achtergrond en ontwikkeling ISO Guide 73 en ISO 31000 De betekenis voor risicomanagers 1 overheid

More information

Algemene introductie over Cloud

Algemene introductie over Cloud IBM Cloud: Think it. Build it. Tap into it. Algemene introductie over Cloud Jan Jaap Snijder IBM Cloud Services Offering leader 2013 IBM Corporation What is driving IT demand in today s organizations?

More information

Is het nodig risico s te beheersen op basis van een aanname..

Is het nodig risico s te beheersen op basis van een aanname.. Is het nodig risico s te beheersen op basis van een aanname.. De mens en IT in de Zorg Ngi 19 april 2011 René van Koppen Agenda Er zijn geen feiten, slechts interpretaties. Nietzsche Geen enkele interpretatie

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information

SaaS the new normal. Service-now.com, Terry Brown

SaaS the new normal. Service-now.com, Terry Brown SaaS the new normal Service-now.com, Terry Brown Discussion Points Undeniable evolution What is SaaS? How can you benefit from SaaS Creating an ITSM solution at John Maneely Company Business drivers affecting

More information

OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia, CISA, CRISC Senior

More information

REALIZING MAXIMUM BENEFITS FROM GOVERNANCE, RISKS AND COMPLIANCE (GRC) TOOLS

REALIZING MAXIMUM BENEFITS FROM GOVERNANCE, RISKS AND COMPLIANCE (GRC) TOOLS IT GOVERNANCE SUMMIT OCTOBER, 2015 REALIZING MAXIMUM BENEFITS FROM GOVERNANCE, RISKS AND COMPLIANCE (GRC) TOOLS Presented by Ralph Ugbodu CGEIT, CISA, CRISC, CISSP, CFE, EDRP, ISO 27001 Lead Auditor, COBIT5.

More information

Windows Azure Push Notifications

Windows Azure Push Notifications Windows Azure Push Notifications Edwin van Wijk Marco Kuiper #WAZUGPUSH Push Notifications Uitdagingen Oplossingen Windows Azure Demo Windows Azure Push Notifications 2 Introductie Edwin van Wijk edwinw@infosupport.com

More information

XBRL & GRC Future opportunities?

XBRL & GRC Future opportunities? XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul

More information

What Should IS Majors Know About Regulatory Compliance?

What Should IS Majors Know About Regulatory Compliance? What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.

More information

Managed Security Services Als je het doet moet je het goed doen.

Managed Security Services Als je het doet moet je het goed doen. Managed Security Services Als je het doet moet je het goed doen. Peter Mesker CTO IT SECURITY IS TOPSPORT! SecurePROTECT Managed Security Services security is een proces, geen product De uitdaging Don

More information