Sessione di Studio AIEA 19 Giugno 2015

Size: px
Start display at page:

Download "Sessione di Studio AIEA 19 Giugno 2015"

Transcription

1 Sessione di Studio AIEA 19 Giugno 2015 Copyright CSA Italy

2 Copyright CSA Italy

3 Copyright CSA Italy

4 Copyright CSA Italy

5 Copyright CSA Italy

6 Copyright CSA Italy

7 Copyright CSA Italy

8 Copyright CSA Italy

9 Copyright CSA Italy

10 Copyright CSA Italy

11 Copyright CSA Italy

12 Copyright CSA Italy

13 Copyright CSA Italy

14 Copyright CSA Italy

15 Copyright CSA Italy

16 Copyright CSA Italy

17 Copyright CSA Italy 1 7

18 Copyright CSA Italy

19 Audit Assurance & Compliance Audit Planning Audit Assurance & Compliance Independent Audits Audit Assurance & Compliance Information System Regulatory Mapping AAC-01 Audit plans, activities, and operational action items focusing on data duplication, access, and data boundary limitations shall be designed to minimize the risk of business process disruption. Audit activities must be planned and agreed upon in advance by stakeholders. AAC-02 Independent reviews and assessments shall be performed at least annually, or at planned intervals, to ensure that the organization addresses any nonconformities of established policies, procedures, and known contractual, statutory, or regulatory compliance obligations. AAC-03 An inventory of the organization's external legal, statutory, and regulatory compliance obligations associated with (and mapped to) any scope and geographically-relevant presence of data or organizationally-owned or managed (physical or virtual) infrastructure network and systems components shall be maintained and regularly updated as per the business need (e.g., change in impacted-scope and/or a change in any compliance obligation). Copyright CSA Italy

20 Audit Assurance & Compliance Audit Planning Audit Assurance & Compliance Independent Audits Audit Assurance & Compliance Information System Regulatory Mapping AAC-01 Audit plans, activities, and operational action items focusing on data duplication, access, and data boundary limitations shall be designed to minimize the risk of business process disruption. Audit activities must be planned and agreed upon in advance by stakeholders. AAC-02 Independent reviews and assessments shall be performed at least annually, or at planned intervals, to ensure that the organization addresses any nonconformities of established policies, procedures, and known contractual, statutory, or regulatory compliance obligations. AAC-03 An inventory of the organization's external legal, statutory, and regulatory compliance obligations associated with (and mapped to) any scope and geographically-relevant presence of data or organizationally-owned or managed (physical or virtual) infrastructure network and systems components shall be maintained and regularly updated as per the business need (e.g., change in impacted-scope and/or a change in any compliance obligation). Copyright CSA Italy

21 Copyright CSA Italy

22 Copyright CSA Italy

23 Copyright CSA Italy

24 Copyright CSA Italy

25 Copyright CSA Italy

26 Copyright CSA Italy

27 Cloud Computing Security Auditor Consulente Architetto Copyright CSA Italy

28 Copyright CSA Italy

29 Copyright CSA Italy

30 * Candidate must have a minimum of five (5) years of cumulative paid full-time information technology experience, of which three (3) years must be in information security and one (1) year in one of the six (6) domains of the CCSP examination. Earning the Cloud Security Alliance s CCSK certificate can be substituted for one (1) year of experience in one of the six (6) domains of the CCSP examination. Earning (ISC)² s CISSP credential can be substituted for the entire CCSP experience requirement. Copyright CSA Italy

31 Copyright CSA Italy

Certificate of Cloud Security Knowledge (CCSK) v3 FAQ

Certificate of Cloud Security Knowledge (CCSK) v3 FAQ Certificate of Cloud Security Knowledge (CCSK) 3 FAQ May 2014 CLOUD SECURITY ALLIANCE CCSK 3 FAQ What is the Certificate of Cloud Security Knowledge (CCSK)? The CCSK is a web-based examination of indiidual

More information

Canadian Air Transport Security Authority

Canadian Air Transport Security Authority Canadian Air Transport Security Authority CATSA Screening Contractor Management System Standard October 2009 This Management System Standard is subject to copyright claims of the Canadian Air Transport

More information

Client information note Assessment process Management systems service outline

Client information note Assessment process Management systems service outline Client information note Assessment process Management systems service outline Overview The accreditation requirements define that there are four elements to the assessment process: assessment of the system

More information

Cloud Security Certification

Cloud Security Certification Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible

More information

Copyright 2013 wolfssl Inc. All rights reserved. 2

Copyright 2013 wolfssl Inc. All rights reserved. 2 - - Copyright 2013 wolfssl Inc. All rights reserved. 2 Copyright 2013 wolfssl Inc. All rights reserved. 2 Copyright 2013 wolfssl Inc. All rights reserved. 3 Copyright 2013 wolfssl Inc. All rights reserved.

More information

From 0 to Secure in 1 Minute APPSEC IL 2015. Moshe Ferber CCSK, CCSP

From 0 to Secure in 1 Minute APPSEC IL 2015. Moshe Ferber CCSK, CCSP From 0 to Secure in 1 Minute APPSEC IL 2015 Moshe Ferber CCSK, CCSP #About Information security professional for over 20 years Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more) Co-Contributor

More information

Incident Management & Forensics Working Group. Charter

Incident Management & Forensics Working Group. Charter Incident Management & Forensics Working Group Charter February 2013 2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print,

More information

Open Certification Framework. Vision Statement

Open Certification Framework. Vision Statement Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Contact Center Security in the Cloud: Questions to Ask & Answers to Expect

Contact Center Security in the Cloud: Questions to Ask & Answers to Expect white paper Contact Center Security in the Cloud: Questions to Ask & Answers to Expect Table of Contents Executive Summary 2 Multi-layer Security 3 Physical Security 3 Network Security 3 Systems and Appplications

More information

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart

More information

Healthcare Privacy and Security: Workforce Competency. #privacysummit. Sean Murphy CISSP, ISSMP, HCISPP March 7, 2014

Healthcare Privacy and Security: Workforce Competency. #privacysummit. Sean Murphy CISSP, ISSMP, HCISPP March 7, 2014 Healthcare Privacy and Security: Workforce Competency Sean Murphy CISSP, ISSMP, HCISPP March 7, 2014 Agenda: State of healthcare information protection Current solutions and impact Special environment

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

GRC Stack Research Sponsorship

GRC Stack Research Sponsorship GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary

More information

ISO 14001:2015 Client Transition Checklist

ISO 14001:2015 Client Transition Checklist ISO 14001:2015 Client Transition Checklist How to use this document: It is not mandatory to use this document. It is a guide to give you an indication of your readiness for audit against ISO 14001:2015.

More information

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

Cloud Data Governance Research Sponsorship

Cloud Data Governance Research Sponsorship Cloud Data Governance Research Sponsorship Overview Cloud Computing marks the decrease in emphasis on 'systems' and the increase in emphasis on 'data'. With this trend, Cloud Computing stakeholders need

More information

Cloud Channel Summit 2015 @rhipecloud #RCCS15

Cloud Channel Summit 2015 @rhipecloud #RCCS15 Cloud Channel Summit 2015 @rhipecloud #RCCS15 About the Cloud Security Alliance Global, not-for-profit organisation 300 member driven organization with over 56,000 individual members in 65 chapters worldwide

More information

Security Transcends Technology

Security Transcends Technology INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

TOTAL QUALITY MANAGEMENT II QUALITY AUDIT

TOTAL QUALITY MANAGEMENT II QUALITY AUDIT TOTAL QUALITY MANAGEMENT II Chapter 13: QUALITY AUDIT Dr. Shyamal Gomes Introduction: The term audit was defined in the 16th Century as the official examination of the accounts with verification by reference

More information

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup.

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup. Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup.com DA! (by Global knowledge & TechRepublic) Top certifications by salary:

More information

The following paragraphs, identified to coincide with the OHSAS 18001:2007 numbering system, provide a clause-by-clause summary of the standard.

The following paragraphs, identified to coincide with the OHSAS 18001:2007 numbering system, provide a clause-by-clause summary of the standard. Summary of OHSAS 18001:2007 Requirements With this article, the 18000 store provides a brief and clear summary of the OHSAS 18001:2007 requirements. First of all, OHSAS 18001 is an international standard

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

Network Rail Infrastructure Projects Joint Relationship Management Plan

Network Rail Infrastructure Projects Joint Relationship Management Plan Network Rail Infrastructure Projects Joint Relationship Management Plan Project Title Project Number [ ] [ ] Revision: Date: Description: Author [ ] Approved on behalf of Network Rail Approved on behalf

More information

CATSA Screening Contractor Management System Standard (2015)

CATSA Screening Contractor Management System Standard (2015) Public Works and Government Services Canada Canadian General Standards Board Travaux publics et Services gouvernementaux Canada Office des normes générales du Canada CATSA Screening Contractor Management

More information

Corporate Membership. For Solution Providers

Corporate Membership. For Solution Providers Corporate Membership For Solution Providers Introduction Welcome to the Cloud Security Alliance. The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing

More information

ASHP Regulatory Alert

ASHP Regulatory Alert Proposed Guidance: 340B Drug Discount Program Introduction On Friday, August 28, 2015, the Health Resources and Services Administration (HRSA) published the long awaited proposed omnibus guidance for the

More information

Close-Up on Cloud Security Audit

Close-Up on Cloud Security Audit Close-Up on Cloud Security Audit Douglas W. Barbin 2014 BrightLine CPAs & Associates, Inc. All Rights Reserved 1 About Me Partner at BrightLine 17 years experience in security, assessments, forensics,

More information

Independent Verification and Validation of SAPHIRE 8 Software Quality Assurance Plan

Independent Verification and Validation of SAPHIRE 8 Software Quality Assurance Plan INL/EXT-10-17828 Rev. 1 Independent Verification and Validation of SAPHIRE 8 Software Quality Assurance Plan March 2010 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy

More information

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path

More information

The New Normal: The Expanding Role of Technology Providers in Payment Processing. Pete S. Johnson

The New Normal: The Expanding Role of Technology Providers in Payment Processing. Pete S. Johnson The New Normal: The Expanding Role of Technology Providers in Payment Processing Pete S. Johnson Recent Market Trends Affecting Role of Technology Providers Transition Brick and Mortar ecommerce Mobile

More information

ISO 9001:2008 Audit Checklist

ISO 9001:2008 Audit Checklist g GE Power & Water ISO 9001:2008 Audit Checklist Organization Auditor Date Page 1 Std. 4.1 General s a. Are processes identified b. Sequence & interaction of processes determined? c. Criteria for operation

More information

Cloud Card Compliance Checklist

Cloud Card Compliance Checklist Cloud Card Compliance Checklist An efficient tool for securing deployment Card Solutions on the Cloud Hassan El Alloussi, Laila Fetjah, Abdelhak Chaichaa Department of Mathematics and Computer Science

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

CLOUD SECURITY CERTIFICATIONS: HOW IMPORTANT ARE THEY?

CLOUD SECURITY CERTIFICATIONS: HOW IMPORTANT ARE THEY? E-Guide CLOUD SECURITY CERTIFICATIONS: HOW IMPORTANT ARE THEY? SearchCloud Security M ore and more certifications are being created around cloud security. An expert looks at some of the more prominent

More information

ISMS Implementation Guide

ISMS Implementation Guide atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification is a unique new certification which

More information

Cloud Computing. Nahil Mahmood. CEO, Delta Tech Founder & President, CSA

Cloud Computing. Nahil Mahmood. CEO, Delta Tech Founder & President, CSA Cloud Computing Nahil Mahmood CEO, Delta Tech Founder & President, CSA Nahil Mahmood Profile CEO & Founder of Delta Tech Global Received (ISC)2 Asia-Pacific Information Security Leadership Award (2012)

More information

ISCC 103 Quality Management. Quality Management ISCC 11-03-15 V 2.3-EU

ISCC 103 Quality Management. Quality Management ISCC 11-03-15 V 2.3-EU ISCC 103 Quality Management Quality Management ISCC 11-03-15 V 2.3-EU Copyright notice ISCC 2011 This ISCC document is protected by copyright. It is freely available from the ISCC website or upon request.

More information

Ensuring Cloud Security Using Cloud Control Matrix

Ensuring Cloud Security Using Cloud Control Matrix International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 9 (2013), pp. 933-938 International Research Publications House http://www. irphouse.com /ijict.htm Ensuring

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES & GUIDELINES

CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES & GUIDELINES (ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES & GUIDELINES 2015 (ISC)² CPE Policies & Guidelines (Rev. 10, April 21, 2015) 2015 International Information Systems Security Certification Consortium,

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

BCM and DRP - RFP Template

BCM and DRP - RFP Template BCM and DRP - The Supreme Council of Information & Communication Technology ictqatar PUBLICATION DATE Document Reference This document should be used as an example of the contents of an RFP for business

More information

Application for CISM Certification

Application for CISM Certification Application for CISM Certification 4/2015 Requirements to Become a Certified Information Security Manager become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade

More information

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification differentiates you from your competition.

More information

INFORMATION SECURITY PROCEDURES

INFORMATION SECURITY PROCEDURES INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus QIAL SYLLABUS MARCH 2015 Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus The QIAL assessment comprises five sections: Case study 1*: Internal Audit Leadership (3 hours and 45 minutes)

More information

Appendix 3 (normative) High level structure, identical core text, common terms and core definitions

Appendix 3 (normative) High level structure, identical core text, common terms and core definitions Appendix 3 (normative) High level structure, identical core text, common terms and core definitions NOTE In the Identical text proposals, XXX = an MSS discipline specific qualifier (e.g. energy, road traffic

More information

ISO 9001:2015 Overview of the Revised International Standard

ISO 9001:2015 Overview of the Revised International Standard ISO 9001:2015 Overview of the Revised International Standard Introduction This document provides: a summary of the new ISO 9001:2015 structure. an overview of the new and revised ISO 9001:2015 requirements

More information

Asset Management Systems Scheme (AMS Scheme)

Asset Management Systems Scheme (AMS Scheme) Joint Accreditation System of Australia and New Zealand Scheme (AMS Scheme) Requirements for bodies providing audit and certification of 13 April 2015 Authority to Issue Dr James Galloway Chief Executive

More information

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems

CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Date(s) of Evaluation: CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Assessor(s) & Observer(s): Organization: Area/Field

More information

A Comprehensive Study on Cloud Computing Standardization

A Comprehensive Study on Cloud Computing Standardization A Comprehensive Study on Cloud Computing Standardization Dr. Mukesh Chandra Negi Project Manager, Tech Mahindra Ltd, Noida, India ABSTRACT: Standard is a trust between standardization body, buyers and

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS

CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS Copyright 2012 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits.

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor The objective of the Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses the needed expertise to audit a Quality

More information

ISO 20000 Information Technology Service Management Systems Professional

ISO 20000 Information Technology Service Management Systems Professional ISO 20000 Information Technology Service Management Systems Professional Professional Certifications Sample Questions 1. You work as an external consultant to an IT department that plans to demonstrate

More information

INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE

INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE Multi-Tiered Cloud Security Standard for Singapore (MTCS SS) Implementation Guideline Report For cross certification from MTCS SS to ISO/IEC December 2014 Revision

More information

The Cloud Security Alliance

The Cloud Security Alliance The Cloud Security Alliance Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing

More information

Road map for ISO 27001 implementation

Road map for ISO 27001 implementation ROAD MAP 1 (5) ISO 27001 adopts the "Plan-Do-Check-Act" (PDCA) model, which is applied to structure all ISMS processes: PDCA Plan (establish the ISMS) Do (implement and operate the ISMS) Descriprion Establish

More information

Cloud Computing What Auditors need to know

Cloud Computing What Auditors need to know Cloud Computing What Auditors need to know This presentation is provided solely for educational purposes and, in developing and presenting these materials, Deloitte is not providing accounting, business,

More information

Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008

Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008 Information Security and Privacy Lynn McNulty, CISSP Advisory Board November 2008 Global leaders in certifying and educating information security professionals with the CISSP and related concentrations,

More information

DNV GL Assessment Checklist ISO 9001:2015

DNV GL Assessment Checklist ISO 9001:2015 DNV GL Assessment Checklist ISO 9001:2015 Rev 0 - December 2015 4 Context of the Organization No. Question Proc. Ref. Comments 4.1 Understanding the Organization and its context 1 Has the organization

More information

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our

More information

Eligibility Requirements for Accreditation

Eligibility Requirements for Accreditation ACCREDITING COMMISSION FOR COMMUNITY AND JUNIOR COLLEGES Western Association of Schools and Colleges Eligibility Requirements for Accreditation (Adopted June 2014) Introduction Eligible institutions offering

More information

NIST HANDBOOK 150-5 CHECKLIST CONSTRUCTION MATERIALS TESTING

NIST HANDBOOK 150-5 CHECKLIST CONSTRUCTION MATERIALS TESTING NIST HANDBOOK 150-5 CHECKLIST CONSTRUCTION MATERIALS TESTING Instructions to the Assessor: This checklist addresses specific accreditation criteria prescribed in NIST Handbook 150-5, Construction Materials

More information

Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.

Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision. Application for CRMP Certification (part 1) GRCSI is now offering the Certified Risk Management Professional (CRMP) certification to support and recognize professionals who have skills and experience in

More information

Quality Management System Process/ Management Review

Quality Management System Process/ Management Review Directorate in charge: Process concerned: Process owner: Executive Directorate Quality Management System Process/ Management Review Quality Section Manager Véronique Magnier Purpose and Scope of the :

More information

Australian Transport Council. National Standard for the Administration of Marine Safety SECTION 5

Australian Transport Council. National Standard for the Administration of Marine Safety SECTION 5 Australian Transport Council National Standard for the Administration of Marine Safety SECTION 5 APPROVAL AND AUDITING OF REGISTERED TRAINING ORGANISATIONS August 2008 First Published: August 2008 Endorsed

More information

Audit Tools That Won t Break the Bank

Audit Tools That Won t Break the Bank Audit Tools That Won t Break the Bank 2011 Date or subtitle Presented by: Mark Scholl, Partner 1 Background These tools do not require a strong technical background! Do not scan or install tools without

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

The Advantages of Common Data Management Software (LLRW)

The Advantages of Common Data Management Software (LLRW) Innovative use of Cloud Computing and Hardware Platforms to Improve the Accuracy, Efficiency and Auditability of LLRW 11622 Lloyd A. Solomon*, Robert Eunice*, and Amit Gandhi* * Studsvik, Inc., Atlanta,

More information

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help

More information

Lessons Learned: Integrating EMS and Environmental Compliance Auditing

Lessons Learned: Integrating EMS and Environmental Compliance Auditing Lessons Learned: Integrating EMS and Environmental Compliance Auditing 2009 Environmental, Energy & Sustainability Symposium Pamela M. Klinger U.S. Army Environmental Command 6 May 2009 Our Mission: Lead

More information

How To Build Trust In The Cloud

How To Build Trust In The Cloud Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Certified Identity and Access Manager (CIAM) Overview & Curriculum Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management

More information

OCCUPATIONAL GROUP: Facilities Support. CLASS FAMILY: Facility Management CLASS FAMILY DESCRIPTION:

OCCUPATIONAL GROUP: Facilities Support. CLASS FAMILY: Facility Management CLASS FAMILY DESCRIPTION: OCCUPATIONAL GROUP: Facilities Support CLASS FAMILY: Facility Management CLASS FAMILY DESCRIPTION: This family of positions includes those whose purpose is to oversee the operations of or the construction

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

iso20000templates.com

iso20000templates.com iso20000templates.com Public IT Limited 2011 IT Service Policy Document Ref. ITSM01001 Version: 1.0 Draft 1 Document Author: Document Owner: V 1.0 Draft 1 Page 1 of 11 Revision History Version Date RFC

More information

EMS Example Example EMS Audit Procedure

EMS Example Example EMS Audit Procedure EMS Example Example EMS Audit Procedure EMS Audit Procedures must be developed and documented with goals which: Ensure that the procedures incorporated into the EMS are being followed; Determine if the

More information

Program Overview. CDP is a registered certification designed and administered by Identity Management Institute (IMI).

Program Overview. CDP is a registered certification designed and administered by Identity Management Institute (IMI). Overview Certified in Data Protection (CDP) is a comprehensive global training and certification program which leverages international security standards and privacy laws to teach candidates on how to

More information

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents

QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements. Documentation Requirements. General. Quality Manual. Control of Documents Chapter j 38 Self Assessment 729 QUALITY MANAGEMENT SYSTEM REQUIREMENTS General Requirements 1. Establishing and implementing a documented quality management system 2. Implementing a documented quality

More information

Information for Management of a Service Organization

Information for Management of a Service Organization Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure

More information

ITIL Asset and Configuration. Management in the Cloud

ITIL Asset and Configuration. Management in the Cloud ITIL Asset and Configuration Management in the Cloud An AWS Cloud Adoption Framework Addendum September 2015 A Joint Whitepaper with Minjar Cloud Solutions 2015, Amazon Web Services, Inc. or its affiliates.

More information

Information Security Principles and Practices

Information Security Principles and Practices Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 3: Certification Programs and the Common Body of Knowledge Certification & Information Security Industry standards,

More information

ITIL Vs. LAYER - Search Engine Marketing System

ITIL Vs. LAYER - Search Engine Marketing System Nuove tendenze : Standard e relative Certificazioni ICT AIEA - Sessione di Studio Milano 07.06.2013 Today s AGENDA Green Mill Solutions Company Facts Overview Scope Main Areas for IT & Business Alignment

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER

More information