Security Architecture Principles A Brief Introduction. Mark Battersby , Oslo

Size: px
Start display at page:

Download "Security Architecture Principles A Brief Introduction. Mark Battersby 2013-05-22, Oslo"

Transcription

1 Security Architecture Principles A Brief Introduction Mark Battersby , Oslo

2 Agenda About Me Enterprise Architecture Architecture Principles Our Philosophy Security Architecture Principles Security Architecture Principles, Cloud & SOA 2

3 Mark Battersby Security Architect The evolution of knowledge/architecture is toward simplicity, not complexity. Profile Significant experience of analysis and verification of business and technical requirements including security audit, compliance, analysis and test of tools. Significant experience in many roles including, security architect, security adviser and security analyst. Architected and developed business critical solutions for demanding bluechip clients Specialized within information security (identity and access management, information assurance, security standards and policies) Familiarity with information security standards, ISO 27000, COBIT, ISF Security Guidelines and Benchmarking, Security Audit, Governance, Risk and Compliance Exceptional communication and presentation skills based on a strong desire to learn and share knowledge, experience and skills with project members Qualifications MSc. Information Security, RHUL (Royal Holloway, University of London) TOGAF 9 Certified Architect Member RHUL information security group Member British Computer Society Recent Professional Experience Ericsson , Stockholm, Sweden Information Security and Operational Risk Manager. Security Advisor to management team Development of information security and operational risk policies, directives and controls. Implementation of information security and operational risk policies, directive and controls Delivery of risk and information security awareness programs within Ericsson Regular review and audit of information security and risk management procedures Axfood, Stockholm, Sweden Analyst, Identity and Access Management Pre-study for identity and access management in a major SAP implementation Dalkia, Stockholm, Sweden Security Architect, Identity and Access Management Hands-on support to the Oracle partner implementing an identity and access management system. TeliaSonera, Stockholm, Sweden Lead Architect, Identity and Access Management, Corporate Security Business analysis, architecture and design of an identity and access management system for corporate security

4 Enterprise Architecture Definition Enterprise architecture (EA) is the process of translating business vision and strategy into effective enterprise change by creating, communicating and improving the key requirements, principles and models that describe the enterprise's future state and enable its evolution 4

5 Architecture Principles Architecture Principles are essentially guidelines which Influence the architecture (in some way) Address long term goals and strategies Describe the agenda or priority of the business May be conflicting Change infrequently if at all Architecture Principles do not Define what needs to be done Solve a specific problem Guiding Principles are rules which Allow governance of architecture Are a way to determine and define which mechanisms shall be used when there are several conflicting requirements 5

6 Security Architecture Principles Mark Battersby

7 Our philosophy The easy way of doing things should also be the secure way of doing things Security mechanisms should be appropriate, minimal and invisible to the users Security is an aspect of everything Security choices should be based on business need, risk and Return On Security Investment Information should only be present where it is necessary. Know your asset and know your needs to minimize exposure, risk and security scope

8 Security Principles Security Principles define key design features of information security that should be applied when architecting a secure architecture (or framework, or infrastructure). These features must: Be defined in plain language Use terms that have clear meaning within the context being used Be technology-neutral; i.e., independent of any technologies or design implementation

9 Guiding Principles identify correct security mechanisms Principles shall: Provide guidelines toward the long term goals of the business Describe priorities of the business Define the rules for architecture Be stable Principles shall not: Describe the problem or topic Solve the problem 9

10 Security Principles in Context General Security Principles SOA Security Principles Cloud Security Principles

11 Information Centric Security (Jerico Forum). Stored Secure the business Secure the information carrier Secure the information In transit Used Asset assessment Information centric security A reference model for securing information in the enterprise Risk analysis Policies Jericho style security A reference model for implementing information centric security Is built upon the mobile workforce concept and an interconnected world

12 General Security Principles Categories include Fundamentals Trust Data Protection Management Interoperability

13 Security Principles - Fundamentals Policy Driven Security must be driven by policy People, Process and Technology All people, processes and technology must have declared and transparrent levels of trust for any transaction to occur Openness Information security solutions should depend on open systems mechanisms.

14 Security Principles - Fundamentals Security by Design Security should be designed as an integral part of the system architecture Sharing Security solutions should include management controls to accommodate sharing Defense in Depth Multiple levels of protection, especially if they use different mechanisms, should be used to provide effective defense in depth

15 Security Principles - Fundamentals Security is Model-driven Models are reflective of the operating environment, common models, and consistent formats for identity and trust, data, policy, applications, security information and events, and cryptographic keys. Simplicity Security mechanisms should be pervasive, simple, scalable, and easy to manage. Protection against Insider and Outsider Attacks Security measures should maintain their intended effectiveness irrespective of the source credentials of a principal claiming access to a resource.

16 Security Principles - Trust Trust Assurance Mutual trust levels must be determinable Weakest Link Overall security can only be as effective as the weakest link in the chain from end-to-end

17 Security Principles Data Protection Security Context Validate the security context for which the solution is designed Data Access Control Access to data should be controlled by security attributes of the data itself Data Protection By default, data must be appropriately secured when stored, in transit and in use

18 Security Principles - Management Accountability Security solutions should include collection of audit information on system operations. (See also the Accountability in Service-based Architectures principle.) Regulation/Compliance Security solutions should include mechanisms to configure and monitor systems for regulatory compliance. Privacy Security solutions should include mechanisms to implement policy on privacy.

19 Security Principles - Management Compartmentalization (Security Domains) Resources should be protected at separated levels appropriate to their value, confidentiality, integrity, and accountability classification. Separation of Management Services Security services for management, enforcement, and accountability should be delivered as separate functions through separate authorities. Separation of Duties Security operations should enforce separation of duties.

20 Security Principles - Interoperability Least Privilege A principal should have only the privileges required to carry out its specified task. Agility and Extensibility Security solutions should include agility and management mechanisms to accommodate extensibility. Consumability Security solutions should include management mechanisms to accommodate consumability.

21 Security Architecture Principles Other Sources ISO/IEC ISO/IEC 27001:2005: Information Technology Security Techniques Information Security Management Systems Requirements. NIST NIST Special Publication : Generally Accepted Principles & Practices for Securing Information Technology Systems; Reference Joint ISF, (ISC)2, ISACA Principles for Information Security Practitioners, 2010; Jerico Forum Jerico Forum Commandments, 2006 Design principles that must be observed when architecting systems for secure operation in deperimeterized environments Jerico Forum Identity, Entitlement and Access Management (IdEA) Commandments, 2011 Security principles for federated identity management

22 Security Architecture Principles Cloud, SOA Mark Battersby , Oslo

23 Security Architecture Principles Cloud and SOA Weakest Link Off-line backup Policy based access to Services Data Protection Privacy Multi-tenancy Data Evacuation Intellectual Property Accountability in SOA

24 Security Architecture Principles - Cloud and SOA Weakest Link Adding to the Weakest Link principle, this principle has particular application to Cloud and SOA. Off-line Backup It must be possible for Cloud tenants to make a back-up of their data on another environment of their choice. Policy based access to Services Service consumption will be controlled by policy. Policies must be held externally from applications.

25 Security Architecture Principles - Cloud and SOA Data Protection Data protection should allow compliance with corporate or regulatory compliance standards and practices, implemented in a manner that supports the other principles for Cloud and SOA, such as policy-based access, federation, multi-tenancy, etc. Privacy Extending the Privacy principle, protection of private information must demonstrate compliance with the enterprise's requirements for such protection across all points providing each service. Multi-tenancy A Cloud Computing model must support tenant and solution isolation among multiple tenants of the Cloud.

26 Security Architecture Principles - Cloud and SOA Data Evacuation A user of Cloud Computing must be able to request its data be removed in its entirety from the Cloud on terminating use of the service and be assured that no data is left behind in an accessible state. Intellectual Property A Cloud Computing model must support the notion that a user s intellectual assets (capital/property) and individuals or organizations innovations are protected contractually and where possible also technically, and respected by its Cloud hosting providers and/or their associated supply chain, including residual knowledge and experience-based knowledge.

27 Security Architecture Principles - Cloud and SOA Accountability in SOA Security design in SOA/Cloud architectures should include collection and provision of audit information on system operations.

28 Questions? 28

29 More Information Please contact: Mark Battersby 29

30 More Information About Capgemini With around 140,000 people in 40 countries, Capgemini is one of the world s foremost providers of consulting, technology and outsourcing services. The Group reported 2010 global revenues of EUR 8.7 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore, its worldwide delivery model. More information is available at Rightshore is a trademark belonging to Capgemini 30

31 The information contained in this presentation is proprietary Capgemini. All rights reserved

Security Principles for Cloud and SOA

Security Principles for Cloud and SOA Security Principles for Cloud and SOA A White Paper by: The Security for the Cloud & SOA Project of The Open Group Cloud Computing Work Group December 2011 Copyright 2011, The Open Group The Open Group

More information

MDM is an operational problem. Customers are individuals too. A spade is a spade. Campaigning in a social world. What it takes to deliver

MDM is an operational problem. Customers are individuals too. A spade is a spade. Campaigning in a social world. What it takes to deliver Better Intelligence, Smarter Decisions MDM is an operational problem Customers are individuals too A spade is a spade Campaigning in a social world What it takes to deliver 2 1 MDM provides the translation

More information

Using SOA to Enhance Email Notifications. Rajas Kirtane 8/11/2014

Using SOA to Enhance Email Notifications. Rajas Kirtane 8/11/2014 Using SOA to Enhance Email Notifications Rajas Kirtane 8/11/2014 Agenda Introduction Business Challenge Solution Overview Key Learning's Q & A In collaboration with The information contained in this document

More information

G-Cloud Enterprise Applications for a Mobile Workforce. October 2015. G-Cloud. service definitions

G-Cloud Enterprise Applications for a Mobile Workforce. October 2015. G-Cloud. service definitions G-Cloud Enterprise Applications for a Mobile Workforce October 2015 G-Cloud service definitions TABLE OF CONTENTS Service Overview... 3 Business Need... 3 Why Capgemini... 4 Our Approach... 4 Benefits...

More information

Core Banking Transformation using Oracle FLEXCUBE

Core Banking Transformation using Oracle FLEXCUBE in collaboration with Core Banking Transformation using Oracle FLEXCUBE Unlocking the power of FLEXCUBE with Capgemini Moving towards a packaged system transformation program Capgemini is an Oracle Diamond

More information

The New Role of the Architect

The New Role of the Architect Infrastructure Services the way we see it The New Role of the Architect Central to growing your business in today s digital world Foreword In my 25 years of working in the IT industry, technology is not

More information

Website (Digital) & Mobile Optimisation. 10 April 2014. G-Cloud. service definitions

Website (Digital) & Mobile Optimisation. 10 April 2014. G-Cloud. service definitions Website (Digital) & Mobile Optimisation 10 April 2014 G-Cloud service definitions TABLE OF CONTENTS Service Overview... 3 Business Need... 3 Our Approach... 4 Service Management... 5 Pricing... 5 Ordering

More information

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

A Comprehensive FATCA Solution

A Comprehensive FATCA Solution in collaboration with A Comprehensive FATCA Solution End-to-end automated legal, technology and software solution facilitates global compliance with U.S. Foreign Account Tax Compliance Act requirements

More information

HP PPM - RallyDev Integrator

HP PPM - RallyDev Integrator HP PPM - RallyDev Integrator Background / Ground Reality Many organizations have implemented HP PPM for managing their end-to-end Portfolio Management process areas and Rally Dev for managing Agile projects.

More information

Position Paper. Collaboration Oriented Architectures

Position Paper. Collaboration Oriented Architectures Position Paper Collaboration Oriented Architectures Introduction Collaboration Oriented Architectures (COAs) are information architectures that comply with the COA framework, outlined below. They enable

More information

CA Clarity PPM - RallyDev Integrator

CA Clarity PPM - RallyDev Integrator CA Clarity PPM - RallyDev Integrator A Capgemini Accelerator May 2014 Background / Ground Reality Many organizations have implemented CA Clarity PPM for managing their end-to-end Portfolio Management process

More information

The Aerospace & Defence industry of tomorrow

The Aerospace & Defence industry of tomorrow The Aerospace & Defence industry of tomorrow Aerospace and Defence are often treated as part of the same industry but they face very different business challenges. Defence companies need to adapt to shrinking

More information

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Building Secure Cloud Applications. On the Microsoft Windows Azure platform Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside

More information

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009 Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in

More information

The 2013 Supply Chain Agenda

The 2013 Supply Chain Agenda The 2013 Supply Chain Agenda Time to go beyond the traditional supply chain optimization projects 5 th Edition Prepared and edited by: Erik Koperdraat Kris Dieteren Capgemini Consulting The Netherlands

More information

Master Data Management (MDM)

Master Data Management (MDM) the way we do it Master Data Management (MDM) Mastering the Information Ocean Mastery of information gives business control In the modern business, the volume of information is increasing and the value

More information

Integrated Multi-Client Platform for Smart Meters

Integrated Multi-Client Platform for Smart Meters Smart Energy Services Platform Integrated Multi-Client Platform for Smart Meters End-to-End Smart Energy Services Platform Helping you efficiently deliver your smart device programs using our proven system

More information

Capgemini Big Data Analytics Sandbox for Financial Services

Capgemini Big Data Analytics Sandbox for Financial Services Capgemini Big Data Analytics Sandbox for Financial Services Put your data to use quickly without spending a fortune 2 Capgemini Big Data Analytics Sandbox for Financial Services Table of Contents 1. A

More information

Capgemini s Guidewire Services. Leading services and solutions to support your Guidewire initiatives

Capgemini s Guidewire Services. Leading services and solutions to support your Guidewire initiatives Capgemini s Guidewire Services Leading services and solutions to support your Guidewire initiatives Capgemini was named Guidewire s Partner of the Year for 2011 Post financial crisis, insurance companies

More information

Infrastructure As A Service (IaaS) G-Cloud VI Pricing

Infrastructure As A Service (IaaS) G-Cloud VI Pricing Infrastructure As A Service (IaaS) G-Cloud VI Pricing Virtual s and Storage Virtual Pricing Operating System Workload size vcpu (GHz) Virtual Memory Initial Virtual storage (Gold) G-Cloud Price (Per Month)

More information

Prosodie and Salesforce: Front End solution. Nicolas Aidoud and Ronan Souberbielle

Prosodie and Salesforce: Front End solution. Nicolas Aidoud and Ronan Souberbielle Prosodie and Salesforce: Front End solution Nicolas Aidoud and Ronan Souberbielle Prosodie ID-Card Solutions Platforms Full IP solutions Innovation Pay-as-you-go 80% of recurring business 1000 FTE 8 datacenters

More information

Transforming Your Core Banking and Lending Platform

Transforming Your Core Banking and Lending Platform Transforming Your Core Banking and Lending Platform Dramatically improve your bank s core systems to increase operating agility, lower time to market, reduce costs and better manage risk and regulatory

More information

Enterprise Mobility Orchestrator. Your Business. Always On.

Enterprise Mobility Orchestrator. Your Business. Always On. Enterprise Mobility Orchestrator Your Business. Always On. Introduction Capgemini and Sogeti offer end-to-end Mobile Solutions for mobile strategy and services as your Enterprise Mobility Orchestrator.

More information

Master Data Management (MDM)

Master Data Management (MDM) Business Information Management the way we see it Master Data Management (MDM) Mastering the Information Ocean Business Information Management the way we see it Mastery of information gives business control

More information

Capgemini and Pegasystems: Delivering Business Value through Partnership

Capgemini and Pegasystems: Delivering Business Value through Partnership Capgemini and Pegasystems: Delivering Business Value through Partnership Continuous process improvement to drive sustainable results Our partnership combines Capgemini s consulting and industry strengths

More information

Secure Business Collaboration Do It Now!

Secure Business Collaboration Do It Now! Secure Business Collaboration Do It Now! Collaboration Oriented Architecture as it pertains to FIPNet Adrian Seccombe CISO, Eli Lilly Why Worry: Security Environment 2005 > 2008 Changing Threats Changing

More information

Beat the Beast - Java Performance Problem Tracking. with you. Java One - San Francisco, 29.09.2014, Miroslaw Bartecki

Beat the Beast - Java Performance Problem Tracking. with you. Java One - San Francisco, 29.09.2014, Miroslaw Bartecki Beat the Beast - Java Performance Problem Tracking with you Java One - San Francisco, 29.09.2014, Miroslaw Bartecki Agenda What performance problem usually is? 5 steps to track performance problems 5 things

More information

Service Measurement Index Framework Version 2.1

Service Measurement Index Framework Version 2.1 Service Measurement Index Framework Version 2.1 July 2014 CSMIC Carnegie Mellon University Silicon Valley Moffett Field, CA USA Introducing the Service Measurement Index (SMI) The Service Measurement Index

More information

Cybersecurity Strategic Consulting

Cybersecurity Strategic Consulting Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with

More information

Digital Transformation and the future of QA & Testing. March 3 rd, 2016 Jérôme Cadiou

Digital Transformation and the future of QA & Testing. March 3 rd, 2016 Jérôme Cadiou Digital Transformation and the future of QA & Testing March 3 rd, 2016 Jérôme Cadiou Digital Transformation is Everywhere 2 Introduction how do we define the Digital Transformation paradigm? Business Process

More information

Identity and Access Management. the way we do it

Identity and Access Management. the way we do it Identity and Access Management the way we do it Contents Business Rationale 2 Services 3 Benefits of Identity and Access Management 4 Our Solution 5 Our Approach 6 The Capgemini Advantage 7 Near-future

More information

Capgemini BPO Your Partner in Delivering Value-Adding Solutions

Capgemini BPO Your Partner in Delivering Value-Adding Solutions Capgemini BPO Your Partner in Delivering Value-Adding Solutions Expect more... Commitment We are dedicated to transforming your business operations. Today, more than ever, gaining a competitive advantage

More information

Proof-of-Concept Done Right: Mitigating the Risk of Policy Administration System Migrations

Proof-of-Concept Done Right: Mitigating the Risk of Policy Administration System Migrations A Joint Strategy Brief from Oracle and Capgemini September 2010 Proof-of-Concept Done Right: Mitigating the Risk of Policy Administration System Migrations EXECUTIVE OVERVIEW... 1 POC DONE RIGHT: A CASE

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Security and Cloud Computing

Security and Cloud Computing Security and Cloud Computing Martin Borrett, Lead Security Architect NE Europe, WW Service Management Tiger Team IBM Software Optimising the World s Infrastructure 27th May - London Agenda Brief Introduction

More information

Credit Management through Order-to-Cash BPO

Credit Management through Order-to-Cash BPO Business Process Outsourcing the way we do it Credit Management through Order-to-Cash BPO Capgemini Order-to-Cash Service helps reduce days sales outstanding, improve cash flow, and enhance finance efficiency.

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

Cloud Computing Security Audit

Cloud Computing Security Audit Cloud Computing Security Audit Teddy Sukardi tedsuka@indo.net.id Indonesia IT Consultant Association IKTII Chairman Agenda The data center and the cloud Concerns with cloud implementation The role of cloud

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

SkySight: New Capabilities to Accelerate Your Journey to the Cloud

SkySight: New Capabilities to Accelerate Your Journey to the Cloud SkySight: New Capabilities to Accelerate Your Journey to the Cloud There is no longer any question about the business value of the cloud model. The new question is how to expedite the transition from strategy

More information

Project, Program & Portfolio Management Help Leading Firms Deliver Value

Project, Program & Portfolio Management Help Leading Firms Deliver Value in collaboration with Project, Program & Portfolio Help Leading Firms Deliver Value Managing Effectively & Efficiently Through an Enterprise PMO Program & Portfolio : Aligning IT Capabilities with Business

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

Business Level Agreements

Business Level Agreements Application Outsourcing the way we see it Business Level Agreements Committing IT to business success Transforming applications into business advantage Contents 1 Overview 3 2 Business Level Agreements

More information

VWA Capgemini Improves B2C (Bill to Cash) Cycle

VWA Capgemini Improves B2C (Bill to Cash) Cycle Business Process Outsourcing the way we see it VWA Capgemini Improves B2C (Bill to Cash) Cycle VWA Capgemini Solutions for the Pharmaceutical Industry has helped clients improve recoveries through the

More information

INFORMATION SYSTEMS. Revised: August 2013

INFORMATION SYSTEMS. Revised: August 2013 Revised: August 2013 INFORMATION SYSTEMS In November 2011, The University of North Carolina Information Technology Security Council [ITSC] recommended the adoption of ISO/IEC 27002 Information technology

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

Meeting the challenge of software quality and maximizing return on investment Performance driven. Quality assured.

Meeting the challenge of software quality and maximizing return on investment Performance driven. Quality assured. Testing Services Meeting the challenge of software quality and maximizing return on investment Performance driven. Quality assured. Introduction Today, insightful IT departments understand that software

More information

Streamlining the Order-to-Cash process

Streamlining the Order-to-Cash process Streamlining the Order-to-Cash process Realizing the potential of the Demand Driven Supply Chain through Order-to-Cash Optimization Introduction Consumer products companies face increasing challenges around

More information

SwA Forum March 12, 2010

SwA Forum March 12, 2010 SwA Forum March 12, 2010 Open Group and OMG Update & Discussion on Standards Harmonization Andras Szakal IBM Distinguished Engineer Director Software Architecture IBM Federal Software Group 2009 IBM Corporation

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

G-Cloud Big Data Suite Powered by Pivotal. December 2014. G-Cloud. service definitions

G-Cloud Big Data Suite Powered by Pivotal. December 2014. G-Cloud. service definitions G-Cloud Big Data Suite Powered by Pivotal December 2014 G-Cloud service definitions TABLE OF CONTENTS Service Overview... 3 Business Need... 6 Our Approach... 7 Service Management... 7 Vendor Accreditations/Awards...

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013 Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of

More information

A Close-up View of Microsoft Azure Adoption

A Close-up View of Microsoft Azure Adoption Cloud A Close-up View of Microsoft Azure Adoption Business Decision-Makers are Driving Cloud Trends Contents Introduction 3 Key Trends 4 Rates of evaluation and adoption of Azure are high 5 The business

More information

My Experience. Serve Users in a Way that Serves the Business.

My Experience. Serve Users in a Way that Serves the Business. Infrastructure Services the way we do it My Experience Serve Users in a Way that Serves the Business. A Smarter Strategy for Empowering Users IT has entered a new era, and CIOs need to perform a delicate

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

maximum 2 lines Ultimate flexibility and control for enterprise cloud users plus infrastructure savings of up to 40%

maximum 2 lines Ultimate flexibility and control for enterprise cloud users plus infrastructure savings of up to 40% Infrastructure Services the way we do it Cover Capgemini title Helvetica Cloud Services thin, 30-33 Brokerage maximum 2 lines Ultimate flexibility and control for enterprise cloud users plus infrastructure

More information

Wealth management offerings for sustainable profitability and enhanced client centricity

Wealth management offerings for sustainable profitability and enhanced client centricity Wealth the way we do it Wealth management offerings for sustainable profitability and enhanced client centricity The wealth management business is transforming. To delight their clients, firms must adopt

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

ISO 27002:2013 Version Change Summary

ISO 27002:2013 Version Change Summary Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

Leasing, Lending and Diversified Financial Solutions

Leasing, Lending and Diversified Financial Solutions Banking the way we do it Leasing, Lending and Diversified Financial Solutions The future belongs to those who prepare for it Following recent economic trends, the leasing, lending and diversified financial

More information

our enterprise security Empowering business

our enterprise security Empowering business our enterprise security Empowering business Introduction Communication is changing the way we live and work. Ericsson plays a key role in this evolution, using innovation to empower people, business and

More information

ERP CLOUD: Assessing Readiness and Building the Roadmap. San Francisco, October 2015, Michael Reddy

ERP CLOUD: Assessing Readiness and Building the Roadmap. San Francisco, October 2015, Michael Reddy ERP CLOUD: Assessing Readiness and Building the Roadmap San Francisco, October 2015, Michael Reddy This Talk will Balance Strategy, Tactics and Approach 2 We are and We are not Addressing Migrating Workloads

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

The Capgemini Schools Programme. Committed to nurturing talent, skills and creativity

The Capgemini Schools Programme. Committed to nurturing talent, skills and creativity The Capgemini Schools Programme the way we do it The Capgemini Schools Programme Committed to nurturing talent, skills and creativity Supporting schools Our work with schools is about two things: giving

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

How small and medium-sized enterprises can formulate an information security management system

How small and medium-sized enterprises can formulate an information security management system How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and

More information

Somewhere Today, A Project is Failing

Somewhere Today, A Project is Failing Aligning CobiT and ITIL - The Business Benefit 2007 ISACA All rights reserved www.isaca.org Page - 1 Somewhere Today, A Project is Failing Chapter 1, Peopleware 2nd edition Tom DeMarco 2007 ISACA All rights

More information

ISO 20000: What s an Organization to Do?

ISO 20000: What s an Organization to Do? ISO 20000: What s an Organization to Do? best practices WHITE PAPER Table of Contents Abstract 1 a Natural Next Step 2 ITIL 3 COBIT 3 BS 15000 3 A Closer Look at ISO 20000 3 the Impact of ISO 20000 4 Should

More information

Certification for Information System Security Professional (CISSP)

Certification for Information System Security Professional (CISSP) Certification for Information System Security Professional (CISSP) The Art of Service Copyright Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Automotive Suppliers and Cybersecurity

Automotive Suppliers and Cybersecurity Automotive Suppliers and Cybersecurity OEMs sometimes specify their security requirements in an incomplete or vague way, but that certainly doesn t mean that Tier 1 automotive suppliers (Tier 1s) should

More information

Business Process Management in Manufacturing: From Process to Value

Business Process Management in Manufacturing: From Process to Value Manufacturing the way we see it Business Process Management in Manufacturing: From Process to Value New Capgemini research shows how organizations can move to the next level of BPM maturity BPM can help

More information

Cloud Computing & Sustainability. Virtualization, Cloud Computing & Green IT Summit. October 26, 2010

Cloud Computing & Sustainability. Virtualization, Cloud Computing & Green IT Summit. October 26, 2010 Cloud Computing & Sustainability Doug Bourgeois, Vice President, Federal Chief Cloud Executive Virtualization, Cloud Computing & Green IT Summit Proprietary October 26, 2010 2009 VMware Inc. All rights

More information

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation

More information

Security Transcends Technology

Security Transcends Technology INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com

More information

Getting a 360 customer view with SAP Business Communications Management (BCM)

Getting a 360 customer view with SAP Business Communications Management (BCM) SAP Digital Services the way we do it o Getting a 360 customer view with SAP Business Communications Management (BCM) Capgemini can help you deploy BCM to achieve multi-channel integration across all your

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Mobile Testing. April 2013

Mobile Testing. April 2013 Mobile Testing April 2013 Mattias Bergströmner Mattias has 12 years of experience within the QA and test domain. Mattias helps and support leading companies in various questions and challenges related

More information

Professional Cloud Solutions and Service Practices

Professional Cloud Solutions and Service Practices Emerging Technologies Professional Cloud Solutions and Service Practices The Shift to a Service-on-Demand Business Operating Model and Working Practices By Mark Skilton, CEO, Digital Ecosystem practices,

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

G-Cloud Healthcare Analytics Service. October 2015. G-Cloud. service definitions

G-Cloud Healthcare Analytics Service. October 2015. G-Cloud. service definitions G-Cloud Healthcare Analytics Service October 2015 G-Cloud service definitions TABLE OF CONTENTS Service Overview... 3 Business Need... 5 Our Approach... 6 Service Management... 6 Sub-contractors... 7 Pricing...

More information

Capgemini Business Process Outsourcing

Capgemini Business Process Outsourcing Business Process Outsourcing the way we do it Capgemini Business Process Outsourcing Supply Chain Management Services The State of the Supply Chain A perfect storm of external forces is changing the way

More information

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Practitioner Certificate in Information Assurance Architecture (PCiIAA) Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Partnering for Business Value

Partnering for Business Value Partnering for Business Value Explore how Capgemini and Pegasystems have helped our clients transform customer relationships, reach new levels of agility, dramatically improve productivity, and generate

More information

Making our Cyber Space Safe

Making our Cyber Space Safe Making our Cyber Space Safe Ghana s Emerging Cyber Security Policy & Strategy William Tevie Director General 5/28/2014 1 Agenda Cyber Security Issues Background to Policy Target Audience for Framework

More information

maximum Control through 2 lines Cloud Service Brokering

maximum Control through 2 lines Cloud Service Brokering Infrastructure Services the way we see it Cover Next-Gen title Cloud: Helvetica Choice thin, and 30-33 maximum Control through 2 lines Cloud Service Brokering Cloud 2.0 is about more than cost savings.

More information

A new beginning for outsourcing closed book insurance policy administration

A new beginning for outsourcing closed book insurance policy administration in collaboration with A new beginning for outsourcing closed book insurance policy administration The drive to compete in an increasingly pressured marketplace and the imminent arrival of new regulations

More information

BIM. the way we see it. Mastering Big Data. Why taking control of the little things matters when looking at the big picture

BIM. the way we see it. Mastering Big Data. Why taking control of the little things matters when looking at the big picture Mastering Big Data Why taking control of the little things matters when looking at the big picture 2 Big Data represents a big opportunity and a big reality Many industry analysts and advisors are looking

More information

Digital Service Centre. Automate support and empower users.

Digital Service Centre. Automate support and empower users. Digital Service Centre the way we do it Digital Service Centre Automate support and empower users. Higher-quality support at a lower total cost. The automated, self-help service desk has been on the IT

More information

Secure a Sustainable Competitive Advantage in Wholesale Distribution. Redefining Business Strategies to Differentiate in the Omni-channel World

Secure a Sustainable Competitive Advantage in Wholesale Distribution. Redefining Business Strategies to Differentiate in the Omni-channel World Distribution the way we see it Secure a Sustainable Competitive Advantage in Wholesale Distribution Redefining Business Strategies to Differentiate in the Omni-channel World Introduction The wholesale

More information