Het Secure Datacenter

Size: px
Start display at page:

Download "Het Secure Datacenter"

Transcription

1 Het Secure Datacenter If trust and reliability matters Michiel Steltman CTO Siennax

2 Drivers voor IT Security Financiële aansprakelijkheid Sox, Basel II Persoonlijke aansprakelijkheid van managers Operationele veiligheid Integriteit van systemen en data Bescherming van Intellectueel Eigendom Recepten, processen, kennis, patenten Borging van Productveiligheid & milieu Wetgeving Morele aansprakelijkheid Marketing waarde

3 Stap 1: Risico analyse Welke invalshoek? Kans X Impact Awareness? Impact Maatregelen Accepteren Waarschijnlijkheid

4 PCAOB over IT The nature and characteristics of a company's use of information technology in its information system affect the company's internal control over financial reporting Volgens de PCAOB zijn de volgende aspecten van belang: - Relevante Applicaties - Algemene Computing Infrastructuur

5 Relaties tussen Sox/Basel II en IT Finance Financial Statements Financial Transactions Processes Business Processes IT IT: Business Applications Integrity Completeness - Validation IT: Infrastructure Security - Change Control - IT Governance Contingency - Development

6 Overheid, Auditors, IT Overheid Board 1 Board 2 Wetten Accountancy Independent Independent Auditor Auditor Audit Audit Standards: SAS-70 Trust Services Bedrijven IT Controlsets: COBIT (ITGI) ITIL ISO 1799 ISO 900x ISO 1000x

7 Top 5 IT Controls (ITGI Cobit) Governance Policies, Procedures in place Management Awareness Security Processes to ensure segregation of duties Secure Applications and Infrastructure Change Control Processes to ensure proper Review, Approval Technology to limit developer access Disaster Recovery Recoverability of data with key impact Development Prevent flawed or compromised applications from going into production

8 Top 5 voor Applicaties: Accuracy of the processing Integrity Completenes of transactions Relates to quality of software -> testing Validity of data Entry validations, automated or peer checks Authorization The Right persons can do what? Segregation of duties E.g. can a single person change everything

9 En voor Infrastructuur Development Adequate QA, Apply OTAP principles Change Management Audit trails, Processes, Checks Computer Operations Definition, Acquisition, Installation, Configuration Availability, Continuity, Service levels Management of Third Parties Governance, Monitoring, Reporting Controlled IT Environment: COBIT, ITIL Access to Programs and Data Security ISO17799

10 De Risk en Security Aware organisatie Absoluut veilig bestaat niet. Zwakste schakel Processen, Techniek en Mensen Techniek is geen haarlemmerolie Policies -> Procedures -> Maatregelen -> Checks & Audits Alles zelf doen of uitbesteden Zoja, wat dan?

11 Siennax ASP the hype More ASP App s Segmented focus for enterprise Sourcing Services Billing Services Learning Services Utility computing platform Utility Saas SME Indirect Channel & Partners

12 Siennax Services Customer issues and requirements solutions solutions solutions solutions Application Services Billing Services Learning Services Sourcing Services Siennax Utility Platform

13 IT is een industrieel proces

14 Datacenter maturity

15 Compliance, Trust Services and SAS-70 Siennax Service Levels Security Maintenance Availability Continuity ITIL processes OTAP process Siennax Certificates Top 5 IT controls: Security Change Management Disaster Recovery Governance Development Customer with Compliance Requirement Trust Services: Security in place? Availability covered? SAS-70 II: Do these controls really exist? Are they effective Independant Audit

16 If trust and reliability matters

Information Security Governance

Information Security Governance Information Security Governance Aart Bitter Aart.Bitter@information-security-governance.com Agenda Governance & Compliance Information Security Governance Aanpak om information security governance in organisaties

More information

Informatiebeveiliging volgens ISO/IEC 27001:2013

Informatiebeveiliging volgens ISO/IEC 27001:2013 Informatiebeveiliging volgens ISO/IEC 27001:2013 Dave Hagenaars, directeur BSI Group Nederland Copyright 2012 BSI. All rights reserved. Inhoud Wie zijn wij? Waarom informatiebeveiliging? Wat is de relevantie

More information

Platform voor Informatiebeveiliging IB Governance en management dashboards

Platform voor Informatiebeveiliging IB Governance en management dashboards Platform voor Informatiebeveiliging IB Governance en management dashboards Johan Bakker MSc CISSP ISSAP Principal Policy Advisor KPN Corporate Center Information Security Governance Agenda Drivers voor

More information

Het Dynamisch Datacenter uitgelicht. Arne Peleman

Het Dynamisch Datacenter uitgelicht. Arne Peleman Het Dynamisch Datacenter uitgelicht Arne Peleman Wie ben ik? Name: Work: Arne Peleman Solution Team Lead Ferranti Computer Systems Twitter: Blog: @arnepeleman http://scug.be/blogs/arne Email: arne.peleman@ferranti.be

More information

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool IC Rating NPSP Composieten BV 9 juni 2010 Variopool AGENDA: The future of NPSP Future IC Rating TM NPSP Composieten BV 2 Bottom line 3 Bottom line 4 Definition of Intangibles The factors not shown in the

More information

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015 1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association

More information

Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services

Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services Risks are Key, Processes Follow Michiel Schuijt Chief Risk Officer, Mn Services Mn Services & Our Risk Management Philosophy 8 June 2011 ProcessWorld 2011 2 Pension Companies in the Netherlands APG Groep

More information

UvA college Governance and Portfolio Management

UvA college Governance and Portfolio Management UvA college Han Verniers Principal Consultant Han.Verniers@LogicaCMG.com Programma Governance IT Governance, wat is dat? Governance: structuren, processen, instrumenten Portfolio Management Portfolio Management,

More information

BC54: Preparing for a SAS 70 Audit

BC54: Preparing for a SAS 70 Audit BC54: Preparing for a SAS 70 Audit Kathleen Lucey Montague Risk Management kalucey@montaguetm.com tel: 1.516.676.9234 1 What is SAS 70? History and Purpose What does it include? Type 1 vs. Type 2 Grades

More information

Hoorcollege marketing 5 de uitgebreide marketingmix. Sunday, December 9, 12

Hoorcollege marketing 5 de uitgebreide marketingmix. Sunday, December 9, 12 Hoorcollege marketing 5 de uitgebreide marketingmix Sunday, December 9, 12 De traditionele marketing mix Sunday, December 9, 12 Waarom was dat niet genoeg dan? Sunday, December 9, 12 Omdat er vooruitgang

More information

NL VMUG UserCon March 19 2015

NL VMUG UserCon March 19 2015 NL VMUG UserCon March 19 2015 VMware Microsoft Let's look beyond the war on checkbox compliancy. Introductie Insight24 Technologie is een middel, geen doel 3x M (Mensen, Methoden, Middelen) & Organisatie

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

ITSM Governance In the world of cloud computing

ITSM Governance In the world of cloud computing ITSM Governance In the world of cloud computing Housekeeping Welcome to the Webinar Use the control panel to ask questions Can you see & hear us? enter your name & city to confirm Type Your Questions Here

More information

Risk-Based Monitoring

Risk-Based Monitoring Risk-Based Monitoring Evolutions in monitoring approaches Voorkomen is beter dan genezen! Roelf Zondag 1 wat is Risk-Based Monitoring? en waarom doen we het? en doen we het al? en wat is lastig hieraan?

More information

IP-NBM. Copyright Capgemini 2012. All Rights Reserved

IP-NBM. Copyright Capgemini 2012. All Rights Reserved IP-NBM 1 De bescheidenheid van een schaker 2 Maar wat betekent dat nu 3 De drie elementen richting onsterfelijkheid Genomics Artifical Intelligence (nano)robotics 4 De impact van automatisering en robotisering

More information

Benchmark of controls over IT activities. 2011 Report. ABC Ltd

Benchmark of controls over IT activities. 2011 Report. ABC Ltd www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)

More information

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker

Data Driven Strategy. BlinkLane Consul.ng Amsterdam, 10 december 2013. Ralph Hofman Arent van t Spijker Data Driven Strategy BlinkLane Consul.ng Amsterdam, 10 december 2013 Ralph Hofman Arent van t Spijker 1 Data Driven Strategy 08.00 08.05 Welkom 08:05 08.20 Data Driven Strategy 08.20 08.30 Het Business

More information

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.

More information

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Assuring the Cloud Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Need for Assurance in Cloud Computing Demand Fast go to market Support innovation Lower costs Access everywhere

More information

Information Technology Auditing for Non-IT Specialist

Information Technology Auditing for Non-IT Specialist Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating

More information

Met je hoofd in de wolken. Ard-Jan Glas

Met je hoofd in de wolken. Ard-Jan Glas Met je hoofd in de wolken Ard-Jan Glas Trend Hogere availability 24 uur per dag global customers Van mainframe naar distributed Omzet verlies door downtime Klanten stellen hogere eisen De volgende IT

More information

It s all about relevance! De financiële professional als hoeder van waarde

It s all about relevance! De financiële professional als hoeder van waarde www.pwc.nl De financiële professional als hoeder van waarde Robert van der Laan 31 oktober 2012 NBA-VRC Jaarcongres Headlines Integrated Reporting 2 Nothing in the world is so powerful as an idea whose

More information

Compliance and Governance

Compliance and Governance Compliance and Governance Compliance and Governance Governance is concerned with accountability and responsibility in terms of the standards that are used to direct and control an IS department. The wave

More information

How to manage Business Apps - Case for a Mobile Access Strategy -

How to manage Business Apps - Case for a Mobile Access Strategy - How to manage Business Apps - Case for a Mobile Access Strategy - Hans Heising, Product Manager Gábor Vida, Manager Software Development RAM Mobile Data 2011 Content Introduction 2 Bring your own device

More information

Test automation Delta Lloyd, successful IT business alignment. Eric de Graaf

Test automation Delta Lloyd, successful IT business alignment. Eric de Graaf Test automation Delta Lloyd, successful IT business alignment Eric de Graaf June 17 2014 Your presenter for today Eric de Graaf Team lead test automation Delta Lloyd Leven Test tool specialist/consultant

More information

Visie op Hosted Services: Cloud Computing. Michel N guettia Business Lead Server

Visie op Hosted Services: Cloud Computing. Michel N guettia Business Lead Server Visie op Hosted Services: Cloud Computing Michel N guettia Business Lead Server Agenda De Strategie Microsoft Cloud Partner Opportunity Ondertussen, de 5e Generatie Computing Cloud SOA Web Client-Server

More information

The Information Systems Audit

The Information Systems Audit November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated

More information

Emerging Technologies De Top Drie Trends

Emerging Technologies De Top Drie Trends Emerging Technologies De Top Drie Trends Paul Lebouille Gartner Nederland Paul.Lebouille@Gartner.com +31 (0) 6 120 444 07 Technologie is. 2007 Gartner, Inc. and/or its affiliates. All rights reserved.

More information

Navigating the Standards for Information Technology Controls

Navigating the Standards for Information Technology Controls Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley

More information

IT-waardeketen management op basis van eeuwenoude supply chain kennis

IT-waardeketen management op basis van eeuwenoude supply chain kennis IT-waardeketen management op basis van eeuwenoude supply chain kennis Hans van Aken / November 28, 2012 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

Bedrijfszekerheid in ketens

Bedrijfszekerheid in ketens Datum 27-11-2011 1 Bedrijfszekerheid in ketens Risk Towards Trustworthy ICT Service Chains Control Assurance Integrated Assurance framework for ICT enabled service chains Drs Y.W. (Ype) van Wijk RE RA

More information

Telematica in het weggoederenvervoer

Telematica in het weggoederenvervoer Telematica in het weggoederenvervoer Sven Claessens qualcomm.eu ANNUAL RESULTS (FY2011 GAAP) Best chipset REVENUES OPERATING INCOME DILUTED EPS OPERATING CASH FLOWS 2 Innovation is our Game Driving the

More information

10 best practices voor een groen IT systeem

10 best practices voor een groen IT systeem 10 best practices voor een groen IT systeem Symposium Groene ICT en Duurzaamheid, mei 2015 Niels van der Zwan, Michiel Cuijpers Software Improvement Group Kennis Netwerk Groene Software +31 20 314 0950

More information

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition 1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...

More information

Duurzaam Supply Management

Duurzaam Supply Management Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

Cloud. Gebruik. Cases.

Cloud. Gebruik. Cases. Cloud. Gebruik. Cases. Dé cloud bestaat niet. maakt cloud concreet 2 Overview Cloud Gebruik. Christiaan Hoos Alliance Manager Microsoft 3 Why Cloud? Cloud? 4 Cloud Promises... increase QoS improve Agility

More information

Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden

Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden Logging en Monitoring - privacy, beveiliging en compliance Enkele praktijkvoorbeelden Pascal Oetiker Security Management Solutions Novell EMEA poetiker@novell.com Privacy- en compliance-druk PCI-DSS NEN

More information

Presentation on COBIT Education

Presentation on COBIT Education http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission

More information

Hoe bestuurt u de cloud?

Hoe bestuurt u de cloud? Hoe bestuurt u de cloud? Over SDDC en cloud management met VMware Viktor van den Berg Senior Consultant 1 oktober 2013 Even voorstellen 2 Viktor van den Berg Senior Consultant @ PQR Focus op Server Virtualisatie

More information

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.

This article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners. Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international

More information

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies

More information

PROFIBUS & PROFINET Nederland PROFIBUS, PROFINET en IO-Link. Ede, 12 november 2009

PROFIBUS & PROFINET Nederland PROFIBUS, PROFINET en IO-Link. Ede, 12 november 2009 Ede, 12 november 2009 Remote Maintenance voor PROFINET en Ethernet netwerken Ede, 12 november 2009 Voorstellen Cliff van Gellekom Raster Products BV cliff.van.gellekom@raster.com 3 Remote Connectivity

More information

KAURI Mission (Articles of Association)

KAURI Mission (Articles of Association) KAURI Mission (Articles of Association) De vereniging heeft tot doel een platform, kenniscentrum en lerend netwerk te zijn van mensen uit het bedrijfsleven, maatschappelijke organisaties en instellingen,

More information

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related

More information

Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012

Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012 Architectuur hulpmiddelen TechnoVision & CORA Maarten Engels Nieuwegein, 9 februari 2012 AGENDA Hulpmiddel 1: TechnoVision Hulpmiddel 2: Common Reference Architecture Q&A Hulpmiddel 1: TechnoVision 4

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

ISO 31000 de internationale richtlijn voor risicomanagement

ISO 31000 de internationale richtlijn voor risicomanagement ISO 31000 de internationale richtlijn voor risicomanagement Dick Hortensius NEN-Managementsystemen Agenda Achtergrond en ontwikkeling ISO Guide 73 en ISO 31000 De betekenis voor risicomanagers 1 overheid

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

Hoe kies je de juiste Microsoft Hosted Exchange Service Provider?

Hoe kies je de juiste Microsoft Hosted Exchange Service Provider? White Paper Cloud diensten zijn populairder dan ooit. Veel bedrijven zien nu dan ook de voordelen van het uitbesteden van bepaalde ICT onderdelen. Voordelen als: Beschikbaarheid van data, Snelle Implementatietijd

More information

Dé cloud bestaat niet. maakt cloud concreet

Dé cloud bestaat niet. maakt cloud concreet Dé cloud bestaat niet. maakt cloud concreet 1 Cloud. Ja, en dan... How to eat an elephant? 3 Sogeti Cloud Kickstart 4 The journey to the Cloud, Een reis is als een mens; geen twee zijn dezelfde. John Steinbeck,

More information

Streaming Smackdown 2009. Ruben Spruijt

Streaming Smackdown 2009. Ruben Spruijt Streaming Smackdown 2009 Ruben Spruijt Opbouw Advanced ICT Infrastructuur: Eenvoud in ICT Application and Desktop delivery solutions overview Application Virtualization Smackdown: Citrix, Microsoft en

More information

Is het nodig risico s te beheersen op basis van een aanname..

Is het nodig risico s te beheersen op basis van een aanname.. Is het nodig risico s te beheersen op basis van een aanname.. De mens en IT in de Zorg Ngi 19 april 2011 René van Koppen Agenda Er zijn geen feiten, slechts interpretaties. Nietzsche Geen enkele interpretatie

More information

Managed Security Services Als je het doet moet je het goed doen.

Managed Security Services Als je het doet moet je het goed doen. Managed Security Services Als je het doet moet je het goed doen. Peter Mesker CTO IT SECURITY IS TOPSPORT! SecurePROTECT Managed Security Services security is een proces, geen product De uitdaging Don

More information

Hoe onze wereld aan het veranderen is

Hoe onze wereld aan het veranderen is Hoe onze wereld aan het veranderen is Michiel Schaalje CTO Cisco Nederland Sinds 1996 actief binnen Cisco Vanaf 2006 verantwoordelijk voor o.a. de gehele Nederlandse presales organisatie Richt zich vanuit

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

Cloud. Transformatie. Cases.

Cloud. Transformatie. Cases. Cloud. Transformatie. Cases. Dé cloud bestaat niet. maakt cloud concreet 2 IT Transformatie. Cloud? De vraag is niet of we gaan, maar wanneer en hoe #sogetidoethet Matthias Radder Cloud Consultant 3 In

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

IT Service Continuity Management PinkVERIFY

IT Service Continuity Management PinkVERIFY -11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO

More information

The Role of Internal Audit In Business Continuity Planning

The Role of Internal Audit In Business Continuity Planning The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information

More information

State-of-the-art infrastructure

State-of-the-art infrastructure State-of-the-art infrastructure Igor van Haren ICT Architect igor.van.haren@vecozo.nl Agenda A B C D E Application Infrastructure VECOZO Process of infrastructure creation Cloud computing svices Why change?

More information

Gepersonaliseerd leren op de ipad Kees Versteeg

Gepersonaliseerd leren op de ipad Kees Versteeg Gepersonaliseerd leren op de ipad Kees Versteeg Keynote: http://content.hondsrugcollege.nl/kees/learntoo-3-2015.key Een museum bezocht met fototoestel en video tas om de schouder? Een reis boekte bij een

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 CLOUD COMPUTING LESSONS LEARNED Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 WHEN WAS THE TERM USED FOR THE FIRST TIME? 26 th of October 1997 WHO HYPED ALL THIS? What's

More information

How to deliver Self Service IT Automation

How to deliver Self Service IT Automation How to deliver Self IT Automation Roeland Verhoeven, Manager Cloud Supply Chain Simac ICT Rien du Pre, HP Cloud Solution Architect Datum: 17-06-2014 Hoe te komen tot een Self Customer Centric Portal Er

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Agenda Overview of Information Security Management Information

More information

Relationele Databases 2002/2003

Relationele Databases 2002/2003 1 Relationele Databases 2002/2003 Hoorcollege 5 22 mei 2003 Jaap Kamps & Maarten de Rijke April Juli 2003 Plan voor Vandaag Praktische dingen 3.8, 3.9, 3.10, 4.1, 4.4 en 4.5 SQL Aantekeningen 3 Meer Queries.

More information

#BusinessMeetsIT. Welcome. Seminar Cloud & Sales/Marketing Automation

#BusinessMeetsIT. Welcome. Seminar Cloud & Sales/Marketing Automation #BusinessMeetsIT Welcome Seminar Cloud & Sales/Marketing Automation Nice to meet you. I m William ( @wvisterin ) Nice to meet you. I m William ( @wvisterin ) Editor in Chief Smart Business Strategies B2B

More information

Welkom in de wereld van EDI en de zakelijke kansen op langer termijn

Welkom in de wereld van EDI en de zakelijke kansen op langer termijn Welkom in de wereld van EDI en de zakelijke kansen op langer termijn Sectorsessie mode 23 maart 2016 ISRID VAN GEUNS IS WORKS IS BOUTIQUES Let s get connected! Triumph Without EDI Triumph Let s get connected

More information

Internal Control Deliverables. For. System Development Projects

Internal Control Deliverables. For. System Development Projects DIVISION OF AUDIT SERVICES Internal Control Deliverables For System Development Projects Table of Contents Introduction... 3 Process Flow... 3 Controls Objectives... 4 Environmental and General IT Controls...

More information

Do we need the ISO 55000? The added value of the ISO 55000 standard series for road infrastructure asset management

Do we need the ISO 55000? The added value of the ISO 55000 standard series for road infrastructure asset management Do we need the ISO 55000? The added value of the ISO 55000 standard series for road infrastructure asset management MSc Thesis Robert Ruiter 13/04/2015 Master Thesis 13-April-2015 R.J. Ruiter University

More information

HIPPO STUDY DG Education And Culture Study On The Cooperation Between HEIs And Public And Private Organisations In Europe. Valorisatie 9/26/2013

HIPPO STUDY DG Education And Culture Study On The Cooperation Between HEIs And Public And Private Organisations In Europe. Valorisatie 9/26/2013 Valorisatie Hoe goed doen we het in Nederland en doet het HBO het anders dan universiteiten? Peter van der Sijde Todd Davey HIPPO STUDY DG Education And Culture Study On The Cooperation Between HEIs And

More information

Windows Azure Push Notifications

Windows Azure Push Notifications Windows Azure Push Notifications Edwin van Wijk Marco Kuiper #WAZUGPUSH Push Notifications Uitdagingen Oplossingen Windows Azure Demo Windows Azure Push Notifications 2 Introductie Edwin van Wijk edwinw@infosupport.com

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Prepare an IT security policy... 4. How are users accessing the system?... 5. How many powerful users are on the system?... 6

Prepare an IT security policy... 4. How are users accessing the system?... 5. How many powerful users are on the system?... 6 ROADMAP TO COMPLIANCE ON THE IBM SYSTEM i WHITE PAPER APRIL 2009 Table of Contents Prepare an IT security policy... 4 How are users accessing the system?... 5 How many powerful users are on the system?...

More information

Executive's Guide to

Executive's Guide to Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS

More information

Software-as-a-Service (SaaS) Solutions from CA Technologies Frequently asked questions

Software-as-a-Service (SaaS) Solutions from CA Technologies Frequently asked questions FAQ Edition / April 30, 2014 Software-as-a-Service (SaaS) Solutions from CA Technologies Frequently asked questions FAQ Edition April 2014 Informational Guidelines Table of Contents EXECUTIVE SUMMARY...

More information

Sarbanes-Oxley Control Transformation Through Automation

Sarbanes-Oxley Control Transformation Through Automation Sarbanes-Oxley Control Transformation Through Automation An Executive White Paper By BLUE LANCE, Inc. Where have we been? Where are we going? BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com

More information

SaaS the new normal. Service-now.com, Terry Brown

SaaS the new normal. Service-now.com, Terry Brown SaaS the new normal Service-now.com, Terry Brown Discussion Points Undeniable evolution What is SaaS? How can you benefit from SaaS Creating an ITSM solution at John Maneely Company Business drivers affecting

More information

Improving the Benefits of IT Compliance Using Enterprise Management Information Systems

Improving the Benefits of IT Compliance Using Enterprise Management Information Systems Improving the Benefits of IT Compliance Using Enterprise Management Information Systems Renata Paola Dameri University of Genova, Italy dameri@economia.unige.it Abstract: During the latest years, IT governance

More information

White Paper. Regulatory Compliance and Database Management

White Paper. Regulatory Compliance and Database Management White Paper Regulatory Compliance and Database Management March 2006 Introduction Top of mind in business executives today is how to meet new regulatory compliance and corporate governance. New laws are

More information

CyberDEW Een Distributed Early Warning Systeem ten behoeve van Cyber Security

CyberDEW Een Distributed Early Warning Systeem ten behoeve van Cyber Security THALES NEDERLAND B.V. AND/OR ITS SUPPLIERS. THIS INFORMATION CARRIER CONTAINS PROPRIETARY INFORMATION WHICH SHALL NOT BE USED, REPRODUCED OR DISCLOSED TO THIRD PARTIES WITHOUT PRIOR WRITTEN AUTHORIZATION

More information

Martine de Bruijne, Cordula Wagner Safety 4 Patients www.onderzoekpatientveiligheid.nl

Martine de Bruijne, Cordula Wagner Safety 4 Patients www.onderzoekpatientveiligheid.nl Patient safety and patient outcomes Martine de Bruijne, Cordula Wagner Safety 4 Patients www.onderzoekpatientveiligheid.nl TRIP symposium, 19 maart 2013 Safety 4 patients www.onderzoekpatientveiligheid.nl

More information

Hoe ontwerp en realiseer je een digitale wasstraat?

Hoe ontwerp en realiseer je een digitale wasstraat? Hoe ontwerp en realiseer je een digitale wasstraat? Introductie Context Basis Browsing Hosting Conclusie & Contact Wie zijn wij Jeroen van der Meer In IT sinds 1984 CTO Systems programming Datacenter design

More information

C24 - Inside the Data Center Andrew J. Luca

C24 - Inside the Data Center Andrew J. Luca C24 - Inside the Data Center Andrew J. Luca Inside the Data Center What an auditor needs to know Course Objectives Understand the looks and feel of a data center Know what to look for and what questions

More information

Corporate Security Awareness. The Common Sense of Compliance

Corporate Security Awareness. The Common Sense of Compliance Corporate Security Awareness The Common Sense of Compliance 1 Information Theft Physical Vendor/Client Fraudulent Activities Stolen Assets (i.e. backup tapes) Compromised Assets (vengeful employees) Other

More information

PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT

PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT RESOURCES PROVIDED THROUGH APRIL 2001 Slides Narration In the last presentation, you learned about some of the general responsibilities

More information

Sarbanes-Oxley Compliance and Identity and Access Management

Sarbanes-Oxley Compliance and Identity and Access Management A Bull Evidian White Paper Summary of Contents Introduction Sarbanes-Oxley Reference Framework IAM and Internal Controls over Financial Reporting Features Improve Efficiency with IAM Deploying IAM to Enforce

More information

Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters

Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters Storage in Microsoft Azure Wat moet ik daarmee? Bert Wolters @bertwolters Welk deel van het platform hebben we nu behandeld? Agenda Recap: Storage Account Nieuw! Premium Storage Nieuw! Native backup voor

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Attestation of Identity Information. An Oracle White Paper May 2006

Attestation of Identity Information. An Oracle White Paper May 2006 Attestation of Identity Information An Oracle White Paper May 2006 Attestation of Identity Information INTRODUCTION... 3 CHALLENGES AND THE NEED FOR AUTOMATED ATTESTATION... 3 KEY FACTORS, BENEFITS AND

More information

hi Information Technologies Change Management Standard

hi Information Technologies Change Management Standard hi Information Technologies Change Management Standard Classification Service Delivery Standard # SVD-002 Approval Authority Chief Information Officer Implementation Authority Director, Service Delivery

More information

Self-assessment for Reliable Cash Register Quality Mark

Self-assessment for Reliable Cash Register Quality Mark Secretariaat: ECP Postbus 262 2260 AG Leidschendam 070-4190309 jelle.attema@ecp.nl http://www.keurmerkafrekensystemen.nl/ Self-assessment for Reliable Cash Register Quality Mark Version 0.3, 10 May 2012

More information

Payroll Systems and Technology. CPP Study Class 2014 - Chapter 12

Payroll Systems and Technology. CPP Study Class 2014 - Chapter 12 Payroll Systems and Technology CPP Study Class 2014 - Chapter 12 Objectives of a Computerized Payroll System Customers: EE s we pay Other dept s Upper mgmt Government agencies System Provides: Paychecks

More information

Requirements Lifecycle Management succes in de breedte. Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop

Requirements Lifecycle Management succes in de breedte. Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop Requirements Lifecycle Management succes in de breedte Plenaire sessie SPIder 25 april 2006 Tinus Vellekoop Focus op de breedte Samenwerking business en IT Deelnemers development RLcM en het voortbrengingsproces

More information