Open Certificatio. Framewor. Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director. CSO Interchange 2
|
|
- Aldous Lee
- 8 years ago
- Views:
Transcription
1 Framewor Open Certificatio CSO Interchange 2 Paris, M Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director
2 Global, not-for-profit organisation Over 40,000 individual members, more than 160 corporate members, over 60 chapters Building best practices and a trusted cloud ecosystem Agile philosophy, rapid development of applied research GRC: Balance compliance with risk management Reference models: build using existing standards Identity: a key foundation of a functioning cloud economy Champion interoperability Enable innovation Advocacy of prudent public policy To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud
3 loud computing is becoming a mature business mode any companies and governments around the globe re implementing their strategies to embrace effectively nd efficiently cloud services. rowing adoption of cloud services by large banks, anufacturers, healthcare organizations and other large orporations and small and medium businesses.
4
5 ite the simplicity of the idea of ICT services ered as utility, on demand and pay-as-you-go, cloud computing model is based on a complex ain of interactions between multiple parties whic erate in different countries and legal isdictions. The complexity and opacity that metimes characterize this cloud supply-chain ve generated some barriers to faster adoption of ud computing.
6 f clarity around the definition and bution of responsibilities and lities, lties achieving accountability ss the cloud supply chain, rent global (and even sometimes onal and national) legal framework compliance regimes ck of transparency of some ice providers or brokers, icularly around security and risk agement
7 lties in performing internal and rnal due diligence f clarity in Service Level ements f interoperability. f awareness and expertise.
8
9 sers need to understand the shift in the balance f responsibility and accountability for key unctions such as governance and control over ata and IT operations, ensuring compliance with ws and regulations. loud computing requires a new model for ssessing organisational risks related to security nd resilience.
10
11
12 nsumers do not have ple, cost effective ways to aluate and compare ir providers resilience, data otection capabilities and rvice portability.
13
14 ! Stimulating a wider use of standards! Certification of cloud services to show they meet these standards and! Endorsement of such certificates by regulatory authorities as indicating compliance with legal obligations.
15 Increase consumer trust and confidence in cloud systems the future of IT Improve overall security and transparency of the ecosystem Assist cloud providers and consume in achieving regulatory compliance
16 Already part of the cloud strategy in countries such USA, Singapore, Thailand, China, Honk Kong, Taiwan, In Europe various Member States are looking at a certification/accreditation schema for cloud service (especially in Public Procurement) The UK G-Cloud is based on a logic of companies accredited to offer service in the App Store
17 Provide a globally relevant certification to reduce duplication efforts Address localized, national-state and regional compliance needs Address industry specific requirements Address different assurance requirements Address certification staleness assure provider is still secu after point in time certification Do all of the above while recognizing the dynamic and fastchanging world that is cloud
18
19 The open certification framework is structured on 3 LEVELs of TRUST, each one of them providing an incremental level of visibility and transparency into the operations of the Cloud Service Provider and a higher level of assurance to the Cloud consumer.
20 essment egistry Certification Framework Certification : 3 rd Party Assessment- Certification Certification Continuous monitoring 011 Q Q
21 A STAR (Security, Trust and Assurance Registry) blic Registry of Cloud Provider self assessments sed on Consensus Assessments Initiative estionnaire rovider may substitute documented Cloud Controls Matrix ompliance luntary industry action promoting transparency e market competition to provide quality sessments rovider may elect to provide assessments from third parties ailable since October 2011
22
23 The concept of the scheme is to use to the ISO/IEC 27001:2 certification integrated with the CSA Cloud Control Matrix (C as additional or compensating controls as applicable and the organization s own internal requirements or specifications to assess how advanced their systems are. The scheme will be compliant with ISO and ISO Will be open to all 3rd party Certified Bodies (CB) Will be an additional scheme to the CB organizations interna ISO scheme requirements. It is not meant to be a replacement of ISO 27001, but integrates the ISO with Cloud-specific controls
24 STAR CERTIFICATION evaluates the efficiency of an organization ISMS and ensures the scope, processes and objectives are Fit for Purpose. Help organizations prioritize areas for improvement and lead the towards business excellence. Enables effective comparison across other organizations in the applicable sector. Based upon the Plan, Do, Check, Act (PDCA) approach and the controls outlined in the Cloud Controls Matrix (CCM) Enables the auditor to assess a company s performance, on long term sustainability and risks, in addition to ensuring they are SLA driven, allowing senior management to quantify and measure improvement year on year. It gives a prospective customer of the certified organisation a greater understanding of the level of control the organisation they are buying
25 CCM is specifically designed to provide fundamental security ciples to guide cloud vendors and to assist prospective cloud omers in assessing the overall security risk of a cloud provide Cloud Controls Matrix is meant to be integrated into the ssment by the auditor, referencing the applicable CCM contro e associated ISO controls (SOA) The output will be the lt of the overall performance of the organization within the e of certification.
26 ISO requires the organisation to evaluate their custom requirements and expectation, and contractual requirements requires that they have implemented a system to achieve thi ISO requires the organisation has conducted a risk analysis that identifies the risks to meeting their customer s expectations. The Cloud Controls Matrix requires the organisation to addr the specific issues that are critical to cloud security. The maturity model assesses how well managed activities in control areas are.
27 ertification can ever guarantee information is 100% secure wever STAR certification ensures an organisation has an propriate system for the type of information it is dealing with d that it is well managed and focused on cloud specific ncerns.
28 n an organisation is audited a Management Capability Score w assigned to each of the control areas in the CCM. This will dicate the capability of the management in this area to ensure e control is operating effectively. management capability of the controls will be scored on a sca These scores have been divided into 5 different tegories that describe the type of approach characteristic of ch group of scores.
29 a control area to be awarded a certain score it must at a inimum of that level across 5 management principles: mmary there are 11 control areas on the CCM v1.4. that wil be awarded a management capability score on a scale of 1-1 ecide what the score is each control area will be considered nst 5 capability factors.
30 lient will be awarded a certificate following the assessment. pending on the capability level they achieved they will either g No Award A Bronze Award A Silver Award A Gold Award e CAPABILITY MATURITY LEVEL will NOT be PUBBLIC, will be a information provider only to the candidate company. e ONLY public information available on the CSA STAR web site will be: STAR Certificate CERTIFICATE
31 Pilots finalised with ALIBABA and New TAPEI City Governm PC): Proof of concept using ISO CCM as a foundatio STAR Certification valuate and gather supporting information and data on the turity model ather feedback from actual clients on their experiences and ue of STAR Certification nalyze data and lessons learned mprove process and finalize for full launch
32 oth Pilots went as planned and both organizations had a good perience oth organizations did well, proving that good risk assessmen bits and continual improvement are key in the process he maturity model proved to be valuable in validating proper pe and level of process optimization he maturity model is key in the transparency process. he maturity model requires more detailed data gathering whi value add for the CSP and its customers NFIRMED that OCF / STAR CERTIFICATION ORKS in real life implementation
33 en LEAD AUDITOR training to certified bodies and the general blic globally in SEPTEMBER 2013 UNCHING STAR CERTIFICATION in SEPTEMBER 2013 R TARGET OBJECTIVE is to have 10 ORGANIZATIONS STAR RTIFIED by END OF 2013 OT Cloud Audit and Cloud Trust Protocol during 2014 RODUCE STAR Continuous Monitoring in 2015
34 Certification, InteRnationalisation and standardization in clou curity (CIRRUS) Consortium and Advisory Board bring together yers in the cloud landscape: users, law enforcement, cloud se viders, auditors, DPAs, policy makers, software developers, a re. It encompasses private and public partners that balance th eds of cloud consumers, providers, and law enforcement while intaining high-level objectives such as bringing research proj ults to market or improving trust in cyberspace US is an EU FP7 project with 6 partners under the Support Act ding scheme. Partners include the ATOS, the Austrian Standa titute (ASI), and the Japanese IT Promotion Agency (IPA).
35 ey objectives of the project include the following: Analyse (understand, describe, measure and monitor) the complexity of the cloud service delivery supply chain and security implications at each stage (e.g. offshoring) Coalesce differing perspectives (e.g. consumer requests for transparency and provider needs to protect confidential business) and provide consolidated opinions as an advisor to EU policy making Identify and describe proper measures and actions that increase trust and accelerate cloud adoption (e.g. link trust t trustworthiness by international certification scheme)
36 elp Us Secure Cloud Computing! LinkedIn:
37
Cloud Channel Summit 2015 @rhipecloud #RCCS15
Cloud Channel Summit 2015 @rhipecloud #RCCS15 About the Cloud Security Alliance Global, not-for-profit organisation 300 member driven organization with over 56,000 individual members in 65 chapters worldwide
More informationThe Cloud Security Alliance
The Cloud Security Alliance Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationTOOLS and BEST PRACTICES
TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within
More informationA view from the Cloud Security Alliance peephole
A view from the Cloud Security Alliance peephole Cloud One million new mobile devices - each day! Social Networking Digital Natives State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data
More informationCloud & Trust. Dr. Jesus Luna, CSA Research Director EMEA. Copyright 2014 Cloud Security Alliance. www.cloudsecurityalliance.org
Cloud & Trust Dr. Jesus Luna, CSA Research Director EMEA Copyright 2014 Cloud Security Alliance Enter the cloud The cloud can deliver a net gain of 2.5 million new European jobs, and an annual boost of
More informationGlobal Efforts to Secure Cloud Computing
April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More information! Global Efforts to Secure! Cloud Computing
ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More informationGlobal Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago
Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart
More informationGRC Stack Research Sponsorship
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
More informationPrivacy Compliance and Security SLA: CSA addressing the challenges
Privacy Compliance and Security SLA: CSA addressing the challenges Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director - Cloud Security Alliance Arthur van der Wees, Managing Director
More informationBuilding an Effective
Building an Effective Cloud Security Program Becky Swain Co-Founder/Chair, CSA CCM Board Member, CSA Silicon Valley Chapter Partner, EKKO Consulting Marlin Pohlman Co-Chair, CSA CCM Co-Chair/Founder, CSA
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationNeed to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI
Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification is a unique new certification which
More informationNeed to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI
Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification differentiates you from your competition.
More informationCorporate Membership. For Solution Providers
Corporate Membership For Solution Providers Introduction Welcome to the Cloud Security Alliance. The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationD4.1 Cloud certification guidelines and recommendations
Ref. Ares(2015)444655-04/02/2015 www.cloudwatchhub.eu D4.1 Cloud certification guidelines and recommendations Revised Version www.cloudwatchhub.eu info@cloudwatchhub.eu @CloudWatchHub Security and privacy
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationEuroCloud Deutschland_eco e.v. Cloud Computing is the future! For sure! But secure!
Cloud Computing is the future! For sure! But secure! ISO/IEC JTC1 national day 2011 The EuroCloud Network EuroCloud Europe was founded on Jan., 22 nd 2010 in Paris Today EuroCloud is present in 27 European
More informationThe role of standards in driving cloud computing adoption
The role of standards in driving cloud computing adoption The emerging era of cloud computing The world of computing is undergoing a radical shift, from a product focus to a service orientation, as companies
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationINFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE
INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE Multi-Tiered Cloud Security Standard for Singapore (MTCS SS) Audit Checklist Report For cross-certification from MTCS SS to Cloud Security Alliance (CSA) Security,
More informationEuroCloud Star Audit. A strong partnership that provides you with a competitive advantage
EuroCloud Star Audit A strong partnership that provides you with a competitive advantage Strong and advantageous? 5 topics to consider 99% of all organisations are SME, with little internal Know- how.
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationEmbrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.
Embrace the G-Cloud Ultra Secure Colocation Services for the Public Sector 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Introduction What is G-Cloud? Types of accreditation: Business Impact Levels
More informationMemorandum to the Public Administration Select Committee
Memorandum to the Public Administration Select Committee Government Response to the Public Administration Select Committee s report: Government and IT a recipe for rip-offs : time for a new approach: Further
More informationCloud Security Alliance: Industry Efforts to Secure Cloud Computing
Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon
More informationThe problem of cloud data governance
The problem of cloud data governance Vasilis Tountopoulos, Athens Technology Center S.A. (ATC) CSP EU Forum 2014 - Thursday, 22 nd May, 2014 Focus on data protection in the cloud Why data governance in
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationAccountability in Cloud Computing An Introduction to the Issues, Approaches, and Tools
Accountability in Cloud Computing An Introduction to the Issues, Approaches, and Tools Nick Papanikolaou, Cloud and Security Lab, HP Labs Europe np1@hp.com With special thanks to Nick Wainwright and Siani
More informationDaniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016
Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016 SLALOM is ready to use Cloud SLAs SLALOM will take theory to practice, providing a trusted verifiable starting point
More informationProtec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli
Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look
More informationCOMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'
EUROPEAN COMMISSION Brussels, 2.7.2014 SWD(2014) 214 final COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationCloud certification guidelines and recommendations
Cloud certification guidelines and recommendations www.cloudwatchhub.eu info@cloudwatchhub.eu Security and privacy certifications and attestations have been identified as one of most effective and efficient
More informationProcurement Innovation for Cloud Services in Europe - PICSE
Procurement Innovation for Cloud Services in Europe - PICSE Sara Garavelli, Trust-IT Services s.garavelli@trust-itservices.com ICT Proposer s Day, 9 October 2014, Florence, Italy 1 The road to PICSE Cloud
More informationGold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary
Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing
More informationThe role of certification and standards for trusted Cloud solutions
The role of certification and standards for trusted Cloud solutions A CloudWATCH webinar 2014 Cloud Security Alliance - All Rights Reserved. Agenda 15:00 Welcome and Introduction 10 15:10 The role of
More informationHow a Cloud Service Provider Can Offer Adequate Security to its Customers
royal holloway s, How a Cloud Service Provider Can Offer Adequate Security to its Customers What security assurances can cloud service providers give their customers? This article examines whether current
More informationCloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014
Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure
More informationPICSE survey. (PICSE: Procurement Innovation for Cloud services in Europe)
PICSE survey (PICSE: Procurement Innovation for Cloud services in Europe) To ensure that Europe reaps the benefits of the shift to cloud computing, there is the need to focus on new ways of procuring cloud
More informationCloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority
Cloud Security Standards Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Introduction Sign Off December 2012 Information Technology Authority
More informationEuropean Cloud Computing. Strategy. Cloud standards. Ken Ducatel DG CONNECT
European Cloud Computing Cloud standards Strategy Ken Ducatel DG CONNECT The Cloud Computing Strategy The European Commission's strategy 'Unleashing the potential of cloud computing in Europe' Adopted
More informationENVIRONMENTAL MANAGEMENT SYSTEMS AND REGULATORY COMPLIANCE
HOWES, ROWDEN, CHEESBROUGH 103 ENVIRONMENTAL MANAGEMENT SYSTEMS AND REGULATORY COMPLIANCE HOWES, CHRIS, 1 ROWDEN, SANDY, 2 and CHEESBROUGH, MARTIN 3 1 Acting Head of Modernising Regulation. Environment
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationDocument control for sensitive company information and large complex projects.
Data sheet Problem FTP-Stream solves four demanding business challenges: Global distribution of files any size. File transfer to / from China which is notoriously challenging. Document control for sensitive
More informationGlobal Data Synchronisation Network User Group Charter
Global Data Synchronisation Network User Group Charter 28 October 2008 Version 3.0 Page 1 GDSN USER GROUP CHARTER AND MEMBERSHIP CRITERIA... 3 GDSN USER GROUP CHARTER AND MEMBERSHIP CRITERIA... 3 GDSN
More informationCloud Computing Risk management @HKQAA Symposium Antony Ma Chairman, CSA-HK&M Chapter Global, not-for-profit organization Over 40,000 individual members, around 200 corporate and affiliate members, 64
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationCouncil of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union
Council of the European Union Brussels, 4 July 2014 (OR. en) 11603/14 ADD 1 COVER NOTE From: date of receipt: 2 July 2014 To: No. Cion doc.: Subject: RECH 323 TELECOM 140 MI 521 DATAPROTECT 100 COMPET
More informationMicrosoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).
Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the
More informationMicrosoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions
Microsoft Pty Ltd Australian Financial System Inquiry: Response to request for further submissions August 2014 1 Response in relation to Chapter 9 of the Interim Report Microsoft is pleased to respond
More informationIs cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary
Is cyber security now too hard for enterprises? Executive Summary Sponsors The creation and distribution of this study was supported by CGI, cybx and Fujitsu/Symantec. Premium sponsors: Gold sponsor: 2
More informationAsia Pacific the Future of Cloud Computing
Asia Pacific the Future of Cloud Computing Presented by the CSA and CEPREI 1-3 December 2015 Guangzhou, China The 1-3 December 2015 Guangzhou, China Contents Backgroud Why Join the CSA APAC Congress Why
More informationAn introduction to BSI
An introduction to BSI 8/18/2015 Who is BSI? Leading Global Standards Creation Body: British, European, ISO, Public, Private The UK National Standards Body: The source of British Standards Specialist Focus
More informationTRAINING BROCHURE 2015
CHAMBER CERTIFICATION ASSESSMENT SERVICES LIMITED TRAINING BROCHURE 2015 For the last 20 years, Chamber Certification Assessment Services Limited has been providing highly professional, quality training
More informationNational Integrated Services Framework The Foundation for Future e-health Connectivity. Peter Connolly HSE May 2013
National Integrated Framework The Foundation for Future e-health Connectivity Peter Connolly HSE May 2013 The Context Introduction A national approach to interoperability is essential for Ireland s E-Health
More informationLogically Securing a Public Cloud Service
SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only
More informationWorking Group on. First Working Group Meeting 29.5.2012
Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of
More informationNeed to protect your information? Take action with BSI s ISO/IEC 27001.
Need to protect your information? Take action with BSI s ISO/IEC 27001. Put sensitive customer and company information in the safe hands of ISO/IEC 27001. You simply can t be too careful when it comes
More informationData Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1
Data Risk Management: ISM Ground to Cloud Summit accelerate your ambition 1 John Jones Branch Practice Manager Networking, Communications & Security Solutions John.Jones@dimensiondata.com Justin Evans
More informationA Comprehensive Study on Cloud Computing Standardization
A Comprehensive Study on Cloud Computing Standardization Dr. Mukesh Chandra Negi Project Manager, Tech Mahindra Ltd, Noida, India ABSTRACT: Standard is a trust between standardization body, buyers and
More informationCloud Security: Critical Threats and Global Initiatives
Cloud Security: Critical Threats and Global Initiatives Richard Zhao, Founder and Board Member of CSA-GCC Chief Strategy Officer, NSFOCUS Sept. 2010 What is Cloud Computing? Compute as a utility: third
More informationHow To Write A Cloud Computing Plan
US Government Driven Cloud Computing Standards A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA Lee Badger: Computer Scientist, Computer Security Division, National Institute
More informationSpecialist Cloud Services. Acumin Cloud Security Resourcing
Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting
More informationCloud 28+ Cloud of Clouds- Made in Europe, secured locally
Cloud 28+ Cloud of Clouds- Made in Europe, secured locally The HP vision of Cloud in EU Building the future of Europe today 2.5M new jobs 160B a year, or +1pp GDP 2020 The opportunities with cloud computing
More informationNSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015
NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au
More informationUKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme
CIS 3 EDITION 2 February 2014 UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme CONTENTS SECTION PAGE 1 Introduction 2 2 Requirements for Certification
More informationIndustry Consultation Note Cloud Management Office. Industry Consultation Note - Cloud Management Office (CMO)
Industry Consultation Note - Cloud Management Office (CMO) MeghRaj Policy Government of India views Information and Communication Technology (ICT) as an opportunity to achieve its vision for sustainable
More informationRadio Spectrum and Technical Standards Advisory Committee
Radio Spectrum and Technical Standards Advisory Committee SSAC Paper 7/2015 for information Update on Testing and Certification of Telecommunications Equipment Office of the Communications Authority 15
More informationHelix Nebula: Secure Brokering of Cloud Resources for escience. Dr. Jesus Luna Garcia
Helix Nebula: Secure Brokering of Cloud Resources for escience Dr. Jesus Luna Garcia Outline Background The Blue-Box architecture Security Goals and Requirements Let s imagine Why a Public-Private Partnership
More informationPreparing yourself for ISO/IEC 27001 2013
Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,
More informationWelcome to online seminar on. Agile PLM Overview. Presented by: Mahender Bist Partner Rapidflow Apps Inc mbist@rapidflowapps.com.
Welcome to online seminar on Agile PLM Overview Presented by: Mahender Bist Partner Rapidflow Apps Inc mbist@rapidflowapps.com April, 2011 Rapidflow Apps - Introduction About Rapidflow Apps Oracle Gold
More informationHow To Build Trust In The Cloud
Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and
More informationBuilding an Effec.ve Cloud Security Program
Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on
More informationCloud for Europe lessons learned
Cloud for Europe lessons learned Public sector challenges (European egovernment Action Plan 2011-2015) 2 Elevator Pitch Public sector cloud use as a collaboration between public authorities and industry
More information-Blue Print- The Quality Approach towards IT Service Management
-Blue Print- The Quality Approach towards IT Service Management The Qualification and Certification Program in IT Service Management according to ISO/IEC 20000 TÜV SÜD Akademie GmbH Certification Body
More informationConsultation Paper on the Review on Administration of Internet Domain Names in Hong Kong
Consultation Paper on the Review on Administration of Internet Domain Names in Hong Kong Government Chief Information Officer Commerce, Industry and Technology Bureau The Government of the Hong Kong Special
More informationInformation security. daniel.dresner@ncc.co.uk 2005 PROVIDING PERSONAL AND PROFESSIONAL DEVLOMENT FOR IT LEADERS
Information security daniel.dresner@ncc.co.uk 2005 PROVIDING PERSONAL AND PROFESSIONAL DEVLOMENT FOR IT LEADERS The National Computing Centre 2008 You can t undisclose a disclosure 1 ISO 9001 Act Quality
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationCLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs
CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationEDISON: Coordination and cooperation to establish new profession of Data Scientist for European Research and Industry
EDISON: Coordination and cooperation to establish new profession of Data Scientist for European Research and Industry Yuri Demchenko University of Amsterdam EDISON Education for Data Intensive Science
More informationTitle: Adoption of Cloud in the UK
Title: Adoption of Cloud in the UK Subtitle: End User and IT Supplier Opinions Jonathan Bowers Member, Cloud Industry Forum Communications Director, UKFAST What is the Cloud Industry Forum CIF is a Membership
More informationIT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits
IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits Daniel D. Galorath, CEO Galorath Inc. Steven Woodward, CEO, Cloud Perspectives Portions Copyright Cloud Perspectives
More informationHIPAA and HITRUST - FAQ
A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationProduct Life Cycle Management in Life Sciences Industry
Life Cycle Management in Life Sciences Industry Evolving from siloed to cross-functional management Audit. Tax. Consulting. Corporate Finance. A need for Lifecycle Management Life Sciences companies are
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationGOVERNANCE AND THE EHR4CR INSTITUTE
GOVERNANCE AND THE EHR4CR INSTITUTE Dipak Kalra EuroRec, University College London Christian Ohmann, European Clinical Research Infrastructure Network (ECRIN) Electronic Health Records for Clinical Research
More informationW3C Web Payment IG. Payment Service Providers. Alibaba Zephyr Tuan
W3C Web Payment IG Payment Service Providers Alibaba Zephyr Tuan 01 Internet Finance Ecosystem in China 02 Payment Service Provider Requirements 03 Open Questions 01 When Internet Meet Finance Internet
More informationBerlin, 15 th November 2013. Mark Dunne SaaSAssurance
Berlin, 15 th November 2013 Mark Dunne SaaSAssurance SaaSAssurance guidance to Irish Government on Cloud Adoption Who are SaaSAssurance? Diverse multilingual European team Focus on the here and now Digital
More informationAccelerating Cloud adoption with Security Level Agreements automation, monitoring and industry standards compliance
Accelerating Cloud adoption with Security Level Agreements automation, monitoring and industry standards compliance Cirrus Workshop, Vienna, Austria, November 19, 2013 Dr. Said Tabet Senior Technologist
More informationSecurity Risk Management Strategy in a Mobile and Consumerised World
Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key
More information