Cognitive Injection Reprogramming the Situation-Oriented Human OS. Andy

Size: px
Start display at page:

Download "Cognitive Injection Reprogramming the Situation-Oriented Human OS. Andy Ellis @csoandy"

Transcription

1 Cognitive Injection Reprogramming the Situation-Oriented Human OS Andy

2 Why do people make bad decisions?

3 Flashback: Risk Compensation P E R C E I V E D R I S K R I S K R E D U C T I O N

4 Historical paranoia Monkey on rope ladder CC-BY-SA 2010 Rachel Coleman Finch

5 Dilemma of the Prisoner s Dilemma

6 Dilemma of the Prisoner s Dilemma Cooperate Cheat Cooperate Cheat /3 of the time!

7 Why do people make bad decisions?

8 System 1: The Fast, Lizard Brain

9 System 1 thrives on stereotypes 2013 AKAMAI FASTER FORWARDTM

10 Dilemma of the Prisoner s Dilemma Cooperate Cheat Cooperate Cheat /3 of the time!

11 Dilemma of the Prisoner s Dilemma 2/3 of the time! Cooperate Cooperate Cheat Cheat -1-5

12 System 2: Active processing LEFT LEFT LEFT LEFT RIGHT RIGHT RIGHT RIGHT

13 System 2: Active processing LEFT LEFT RIGHT RIGHT LEFT RIGHT LEFT RIGHT

14 Why do people make bad decisions?

15 The Schemata of System 1 Annual Security Awareness Training is required by all employees to ensure your compliance with the security policies of the company while conducting your daily tasks in furtherance of our goals to protect company data, systems, and information against malfeasance, adversarial action, and other systemic failures that might be introduced by an inattention to appropriate risk management activities or non-compliance with industry standard best practices as laid out in various control frameworks such as ISO 27002, PCI, HIPAA, SOX, SSAE-16, NIST , FedRAMP

16 New rules to the attention-starved

17 Why do people make bad decisions? 2013 AKAMAI FASTER FORWARDTM

18 Thank you Questions, Comments,

Cognitive Injection: Herding Lizards for Fun, Profit, and Safety. Andy Ellis Chief Security

Cognitive Injection: Herding Lizards for Fun, Profit, and Safety. Andy Ellis Chief Security Cognitive Injection: Herding Lizards for Fun, Profit, and Safety Andy Ellis Chief Security Officer Stupid Why Do People Make Bad Decisions? Incomprehensible Business Owner Security Modal bias! A typical

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Balancing Compliance and Operational Security Demands

Balancing Compliance and Operational Security Demands SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following

More information

COTS/SaaS Acquisition Information Form

COTS/SaaS Acquisition Information Form State of California Department of Technology COTS/SaaS Acquisition Information Form Preparation Instructions Statewide Information Management Manual Section 22A June 2015 Table of Contents 1.0 Overview...

More information

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR)

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR) kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR) June 2015 Table of Contents CASPR... 2 FIPS 140-2: Security Requirements For Cryptographic Modules... 2 Federal

More information

A patch management discussion

A patch management discussion A patch management discussion Reduce IT Risks with For Members of NetHope3 rd Party Patch Management William Hamilton Melby (Secunia) wmelby@secunia.com Nicholas Willson (Secunia) nwillson@secunia.com

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Building A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.

Building A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts. Building A Framework-based Compliance Program Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.com Agenda The compliance process Assembling requirements Useful frameworks

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

Cloud Technology: Do you Compute? Presented by Pete Eichorn, Director of Technology, Texas.gov

Cloud Technology: Do you Compute? Presented by Pete Eichorn, Director of Technology, Texas.gov Cloud Technology: Do you Compute? Presented by Pete Eichorn, Director of Technology, Texas.gov Award-winning, official website for Texas Self-funded, public/ private partnership Subsidiary of NIC, the

More information

IIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc.

IIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc. IIA Conference September 18, 2015 Paige Needling Director, Global Information Security Recall, Inc. IT SECURITY UMBRELLA Compliance for IT Data Privacy Protection Privacy Risk Assessment Vulnerability

More information

Cyber Security Symposium 2015 September 29,2015

Cyber Security Symposium 2015 September 29,2015 Cyber Security Symposium 2015 September 29,2015 Introducing David Langston Branch Manager Security Management Department of Technology 2 About CalCloud Mission Offer cost-effective cloud solutions that

More information

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology Harmonizing Your Compliance and Security Objectives Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology Make sure efforts serve multiple purposes Use standards to guide effort Repeatable

More information

CASPR Commonly Accepted Security Practices and Recommendations

CASPR Commonly Accepted Security Practices and Recommendations hhhhhhhhhhhhhh CASPR Commonly Accepted Security Practices and Recommendations CASPR is an open-source project aimed at documenting the information security common body of knowledge through commonly accepted

More information

70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready?

70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready? SESSION ID: GRC-W04 70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready? Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle Greg Witte Senior Security Engineer G2, Inc.

More information

Colocation Dedicated Servers Private Clouds. Copyright 2011 Online Tech. All rights reserved www.onlinetech.com 734.213.2020

Colocation Dedicated Servers Private Clouds. Copyright 2011 Online Tech. All rights reserved www.onlinetech.com 734.213.2020 Agenda Platform Dell EqualLogic iscsi SAN DR and the Cloud Location Disasters, RTO, RPO SAN Technology Solutions Replication Methods Summary 2 Award Winning Storage Why we chose EqualLogic? Best of class

More information

PaaS for SaaS. Guy Waterman Senior Director Application Development. Copyright 2016, Oracle and/or its affiliates. All rights reserved.

PaaS for SaaS. Guy Waterman Senior Director Application Development. Copyright 2016, Oracle and/or its affiliates. All rights reserved. PaaS for SaaS Guy Waterman Senior Director Application Development Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Prime Therapeutics Security Awareness Essentials*

Prime Therapeutics Security Awareness Essentials* Prime Therapeutics Security Awareness Essentials* Click Next to begin. Why Information Security? Click Next to continue. Prime Security Awareness Essentials Module 1: Protecting Our Clients, Protecting

More information

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve HIPAA, SOX, PCI, GLBA...In today's corporate environment, businesses are facing increasing regulation affecting the corporation

More information

Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions

Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions Peter Reynolds Senior Consultant ARC Advisory Group PReynolds@ARCweb.com Twitter @PeterDReynolds The Hardware Layer

More information

WHITEPAPER. Compliance: what it means for databases

WHITEPAPER. Compliance: what it means for databases WHITEPAPER Compliance: what it means for databases Introduction Compliance is the general term used to describe the efforts made by many (typically larger) organizations to meet regulatory standards. In

More information

Report Book: Retina Network Security Scanner Unlimited

Report Book: Retina Network Security Scanner Unlimited REPORT BOOK Report Book: Retina Network Security Scanner Unlimited Version 5.20 January 2015 1 Table of Contents Retina Network Security Scanner Unlimited... 3 Report Title: Remediation Report... 3 Report

More information

Digital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg

Digital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg : A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider Author Alex Ginzburg VP of Technology, Intervention Insights, Inc. Kanda Software 200 Wells Ave, Newton, MA 02459 617-340-3850 Over

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse.

IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse. IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse. Presented by Richard Marko, Manager of Technical Services Sponsored by Midland Information Systems,

More information

Five steps to Cloud Adoption. Laurent De Grauwe Sales Manager Datacenter

Five steps to Cloud Adoption. Laurent De Grauwe Sales Manager Datacenter Five steps to Cloud Adoption Laurent De Grauwe Sales Manager Datacenter 1 How Microsoft defines cloud Microsoft You One consistent experience Service provider Why Microsoft and the cloud? Cloud services

More information

Think like an MBA not a CISSP

Think like an MBA not a CISSP Think like an MBA not a CISSP Embracing University Culture to Achieve Security Initiatives' Matt Malone Security Services Director 512-650-0179 Matt.Malone@SLAITconsulting.com Goals Security is a business

More information

Dr. Anton Chuvakin @ Security Warrior Consulting

Dr. Anton Chuvakin @ Security Warrior Consulting Dr. Anton Chuvakin @ Consulting Services Summary Updated: February 2010 Introduction provides strategic consulting services focused on Security Information and Event Management (SIEM) and log management

More information

Click to edit Master title style. How To Choose The Right MSSP

Click to edit Master title style. How To Choose The Right MSSP How To Choose The Right MSSP Meet Eric Eric Devansky Director of Global Security Services 15 Years of experience in the Cyber Security industry CISSP Palo Alto CNSE VMWare VCP Connect with me: @TruShield

More information

VMware s)approach)to)compliance))

VMware s)approach)to)compliance)) VMware sapproachtocompliance UpdatedJuly2015 V2.1 VMware sapproachtocompliance TableofContents 1. INTRODUCTION...3 2. SECURITY,COMPLIANCE,ANDGUIDELINES...5 3. AVIEWOFVMWARE SCOMPLIANCESOLUTIONS...7 4.

More information

SOC2 s role in assurance on outsourcers

SOC2 s role in assurance on outsourcers SOC2 s role in assurance on outsourcers Mark Russell, EY 5 September 2014 Agenda What is SOC2? What does SOC2 give users? Why SOC2? Current market trends How does SOC2 fit with other assurance tools? Experiences

More information

Overview MOVING FORWARD WITH CONFIDENCE EMC-POWERED CLOUD SERVICES. Kevin Dohrmann CTO & Vice President Cosentry, LLC.

Overview MOVING FORWARD WITH CONFIDENCE EMC-POWERED CLOUD SERVICES. Kevin Dohrmann CTO & Vice President Cosentry, LLC. Overview MOVING FORWARD WITH CONFIDENCE EMC-POWERED CLOUD SERVICES Kevin Dohrmann CTO & Vice President Cosentry, LLC. Facts at a Glance Company Background Headquarters in Omaha, NE 180 Employees Nationwide

More information

Vendor Management Panel Discussion. Managing 3 rd Party Risk

Vendor Management Panel Discussion. Managing 3 rd Party Risk Vendor Management Panel Discussion Managing 3 rd Party Risk Vendor Risk at its Finest Vendor Risk at its Finest CVS Care Mark Corporation announced that it had mistakenly sent letters to approximately

More information

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud

More information

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014 Robert Brammer Senior Advisor to the Internet2 CEO rfbtech@internet2.edu Internet2 NET+ Security Assessment Forum 8 April 2014 INTERNET2 NET+ Security Initiative Primary objective -- develop guidance to

More information

Logically Securing a Public Cloud Service

Logically Securing a Public Cloud Service SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only

More information

Logging the Pillar of Compliance

Logging the Pillar of Compliance WHITEPAPER Logging the Pillar of Compliance Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 Open-eyed management 4 ISO 27001 5 PCI DSS 5 Sarbanes

More information

Dell Cloud Services. Services

Dell Cloud Services. Services Dell Cloud Services Services The Cloud is Key Foundation of ITaaS Traditional Virtualized Private Cloud Distribution Today Public Cloud Distribution in 3 5 Years A mix of architectures can be employed

More information

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1 Data Risk Management: ISM Ground to Cloud Summit accelerate your ambition 1 John Jones Branch Practice Manager Networking, Communications & Security Solutions John.Jones@dimensiondata.com Justin Evans

More information

Data voice network cloud. On the most critical Of missions. Yours

Data voice network cloud. On the most critical Of missions. Yours Data voice network cloud On the most critical Of missions. Yours When failure is not an option. Let s face it IT is the lifeblood of your business. Big or small, global or local your Business relies on

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Study concluded that success rate for penetration from outside threats higher in corporate data centers

Study concluded that success rate for penetration from outside threats higher in corporate data centers Auditing in the cloud Ownership of data Historically, with the company Company responsible to secure data Firewall, infrastructure hardening, database security Auditing Performed on site by inspecting

More information

IAM and GRC: A Practical Perspective. Panel Discussion

IAM and GRC: A Practical Perspective. Panel Discussion IAM and GRC: A Practical Perspective Panel Discussion The Panel Sumukh Tendulkar Director of Product Marketing RSA Archer Alicia Herring Director of Risk & Compliance TSYS Paul Bedi Managing Director IDMWORKS

More information

Enabling Compliance Requirements using ISMS Framework (ISO27001)

Enabling Compliance Requirements using ISMS Framework (ISO27001) Enabling Compliance Requirements using ISMS Framework (ISO27001) Shankar Subramaniyan Manager (GRC) Wipro Consulting Services Shankar.subramaniyan@wipro.com 10/21/09 1 Key Objectives Overview on ISO27001

More information

Preventing Downtime from Data Loss and Server Failure

Preventing Downtime from Data Loss and Server Failure Preventing Downtime from Data Loss and Server Failure Risk Cost Recovery: RTO and RPO Solution: Entre Vault Live demo 2013 Entre Computer Services www.entrecs.com All rights reserved. The Perfect Data

More information

SQuAD: Application Security Testing

SQuAD: Application Security Testing SQuAD: Application Security Testing Terry Morreale Ben Whaley June 8, 2010 Why talk about security? There has been exponential growth of networked digital systems in the past 15 years The great things

More information

Digi Device Cloud: Security You Can Trust

Digi Device Cloud: Security You Can Trust Digi Device Cloud: Security You Can Trust Abstract Historically, security has oftentimes been an afterthought or a bolt-on to any engineering product. In today s markets, however, security is taking a

More information

Cost Management Controls in IT operations using COBIT Framework

Cost Management Controls in IT operations using COBIT Framework Cost Management Controls in IT operations using COBIT Framework Sanjiv Arora, CISA, CISM, CGEIT Principal Consultant, CEO TECHNOLOGICS & CONTROLS Protecting the ABCs of your business. 24-Oct-2009 Agenda

More information

TOP 10 BEST REASONS FOR COLOCATION

TOP 10 BEST REASONS FOR COLOCATION TOP 10 BEST REASONS FOR COLOCATION INTRO IT infrastructure colocation is one of those few things in life where you have to ask yourself, Why wouldn t I want this? Colocation can unburden you from some

More information

Managing Cyber Risk in the Cloud

Managing Cyber Risk in the Cloud Managing Cyber Risk in the Cloud VMware Compliance & Cyber Risk Solutions March 2016 Table of Contents Managing Cyber Risk in the Cloud... 3 Compliance in Complex Environments... 3 The Definition of Compliance...

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank

More information

COMPLIANT CLOUD INFRASTRUCTURE FOR THE PUBLIC SECTOR SERVING STATE, LOCAL GOVERNMENT AND EDUCATION ORGANIZATIONS

COMPLIANT CLOUD INFRASTRUCTURE FOR THE PUBLIC SECTOR SERVING STATE, LOCAL GOVERNMENT AND EDUCATION ORGANIZATIONS COMPLIANT CLOUD INFRASTRUCTURE FOR THE PUBLIC SECTOR SERVING STATE, LOCAL GOVERNMENT AND EDUCATION ORGANIZATIONS CONTENT LOGICWORKS AT-A-GLANCE 04 PRIVATE CLOUD HOSTING 05 NETWORK AND SECURITY 07 DEVOPS

More information

Best Practices - Remediation of Application Vulnerabilities

Best Practices - Remediation of Application Vulnerabilities DROISYS APPLICATION SECURITY REMEDIATION Best Practices - Remediation of Application Vulnerabilities by Sanjiv Goyal CEO, Droisys February 2012 Proprietary Notice All rights reserved. Copyright 2012 Droisys

More information

HOW SECURE IS YOUR PAYMENT CARD DATA?

HOW SECURE IS YOUR PAYMENT CARD DATA? HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,

More information

Windows XP End-of-Life Handbook for Upgrade Latecomers

Windows XP End-of-Life Handbook for Upgrade Latecomers s Why Windows XP End-of-Life Handbook for Upgrade Latecomers s Why Introduction Windows XP end of life is April 8, 2014. Do you have Windows XP systems but can t upgrade to Windows 7 or Windows 8, or can

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Service Organizations and the Internal Audit function. 2015 conference Institute of Internal Auditors in Israel

Service Organizations and the Internal Audit function. 2015 conference Institute of Internal Auditors in Israel Service Organizations and the Internal Audit function 2015 conference Institute of Internal Auditors in Israel Proprietary This work product/document is intended solely for the information and use of the

More information

Vendor Compliance Management Series: Performing an Effective Risk Assessment

Vendor Compliance Management Series: Performing an Effective Risk Assessment Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must

More information

DATA CENTERS. POWERED BY TRUST DuPONT FABROS TECHNOLOGY

DATA CENTERS. POWERED BY TRUST DuPONT FABROS TECHNOLOGY DATA CENTERS POWERED BY TRUST DuPONT FABROS TECHNOLOGY NO MATTER WHAT BUSINESS YOU RE IN TODAY, YOU RE ALSO IN THE IT BUSINESS. OUR RELENTLESS FOCUS ON RELIABILITY RESULTED IN AN INDUSTRY-LEADING 11.1

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Managed Online Backup Compliance

Managed Online Backup Compliance Managed Online Backup Compliance Introduction Many of MAXfocus s new and existing customers who have started to use Managed Online Backup [MOB] have asked for a statement of compliance against existing

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows

More information

MA 201 CMR STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH

MA 201 CMR STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH MA 201 CMR 17.00 STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH Personal Information - Defined Personal information, a Massachusetts resident's first name and last

More information

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper Maintaining Herd Communication - Standards Used In IT And Cyber Security Laura Kuiper So what is Cyber Security? According to ITU-T X.1205 Cybersecurity is the collection of tools, policies, security concepts,

More information

Top 10 Tips for Effectively Assessing Third-party Vendors

Top 10 Tips for Effectively Assessing Third-party Vendors Top 10 Tips for Effectively Assessing Third-party Vendors Presented by: Tom Garrubba, Manager, Technical Assessments Group, CVS Caremark Web Hull, Senior Privacy & Compliance Specialist, Iron Mountain

More information

E-Guide CONSIDERATIONS FOR EFFECTIVE SOFTWARE LICENSE MANAGEMENT

E-Guide CONSIDERATIONS FOR EFFECTIVE SOFTWARE LICENSE MANAGEMENT E-Guide CONSIDERATIONS FOR EFFECTIVE SOFTWARE LICENSE MANAGEMENT F or many reasons, has become a critical issue for many IT organizations and enterprise s alike. With many licensing options, hurdles and

More information

ERIC M. WRIGHT, cpa, citp

ERIC M. WRIGHT, cpa, citp ERIC M. WRIGHT, cpa, citp ERIC M. WRIGHT, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He specializes in and oversees the design, setup, installation and

More information

Solving the Second Site IT Dilemma. Understanding the Benefits of Cloud DR for NetApp Storage Environments. Introduction.

Solving the Second Site IT Dilemma. Understanding the Benefits of Cloud DR for NetApp Storage Environments. Introduction. Solving the Second Site IT Dilemma Executive Brief Understanding the Benefits of Cloud DR for NetApp Storage Environments Introduction This executive brief explores the costs of maintaining do-it-yourself

More information

Cloud Computing and the Regulatory Compliance Labyrinth

Cloud Computing and the Regulatory Compliance Labyrinth Cloud Computing and the Regulatory Compliance Labyrinth About ERM About The Speaker Nick Shuman Information Security Consultant Bachelor of Science in Computer Science and Psychology - University of Miami

More information

Compliance, Audits and Fire Drills: In the Way of Real Security?

Compliance, Audits and Fire Drills: In the Way of Real Security? Compliance, Audits and Fire Drills: In the Way of Real Security? Mark Estberg and John Howie Microsoft Corporation Session ID: SP01-203 Session Classification: Intermediate Introduction Microsoft s Global

More information

Security Overview

Security Overview 2016-2017 Security Overview Background Handshake, a leading career management platform headquartered in San Fransisco, securely powers career centers at over 180 institutions including Stanford, Princeton,

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Maintain Compliance with a Risk Assessment.

Maintain Compliance with a Risk Assessment. Maintain Compliance with a Risk Assessment www.qsource.net Maintain Compliance with a Risk Assessment Did you know... All companies that accept, process, store, or transmit credit card information are

More information

EDC Collaboration White Paper Cloud Companion SM IT Services Delivery Transformation

EDC Collaboration White Paper Cloud Companion SM IT Services Delivery Transformation EDC Collaboration IT Delivery Transformation By W. Fred Rowell Vice President and Chief Technology Officer Companion Data, LLC IT Delivery Transformation Contents Introduction... 1 Cloud DNA... 1 Through

More information

edelta Vendor Risk Management Assessment Services Key Contact Jon Bosco, Managing Partner 122 East 42nd Street Suite 608 New York, NY 10168

edelta Vendor Risk Management Assessment Services Key Contact Jon Bosco, Managing Partner 122 East 42nd Street Suite 608 New York, NY 10168 edelta C O N S U LT I N G Vendor Risk Management Assessment Services Key Contact Jon Bosco, Managing Partner 122 East 42nd Street Suite 608 New York, NY 10168 Office: 646-205-9961 Cell: 917-939-2873 e-mail:

More information

Dynamic Data Center Compliance with Tripwire and Microsoft

Dynamic Data Center Compliance with Tripwire and Microsoft Dynamic Data Center Compliance with Tripwire and Microsoft white paper Configuration Control for Virtual and Physical Infrastructures For IT, gaining and maintaining compliance with one or more regulations

More information

Cloud Computing Risk management @HKQAA Symposium Antony Ma Chairman, CSA-HK&M Chapter Global, not-for-profit organization Over 40,000 individual members, around 200 corporate and affiliate members, 64

More information

How ByStorm Software enables NERC-CIP Compliance

How ByStorm Software enables NERC-CIP Compliance How ByStorm Software enables NERC-CIP Compliance The North American Electric Reliability Corporation (NERC) has defined reliability standards to help maintain and improve the reliability of North America

More information

AWS Worldwide Public Sector

AWS Worldwide Public Sector 15 Minute Introduction to AWS and Q&A April 2015 Mark Fox Sr. Manager DoD Sales I love/hate relationship with the term cloud Now the IT norm Commercial Cloud should not be scary nor considered less secure

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Document Control in an ISO Environment

Document Control in an ISO Environment AN INTRODUCTORY GUIDE: Document Control in an ISO Environment How to maintain an up-to-date Quality System Why is Document Control Important? Document control has the ability to ensure that all end users

More information

Pursuing Compliance in the Public Cloud

Pursuing Compliance in the Public Cloud white paper Pursuing Compliance in the Public Cloud Identifying the right compliance strategy for your business in the cloud Introduction Organisations considering moving IT assets or applications from

More information

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards A Member of OneBeacon Insurance Group SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards Author: Jack Fletcher, Risk Control Technology Specialist Published: November 2014 Executive

More information

A Practical Guide to Conducting an Enterprise-wide Information Security Risk Assessment

A Practical Guide to Conducting an Enterprise-wide Information Security Risk Assessment A Practical Guide to Conducting an Enterprise-wide Information Security Risk Assessment Copyright 2008 this presentation may not be reproduced without the express written consent of Why Conduct an Enterprise-wide

More information

Virtustream. The public cloud company of Dell Technologies. Steve Midgley VP Virtustream. Internal Use Only Not for Distribution

Virtustream. The public cloud company of Dell Technologies. Steve Midgley VP Virtustream. Internal Use Only Not for Distribution Virtustream The public cloud company of Dell Technologies Steve Midgley VP Virtustream What are customers saying? 1. We need Digital agility Personalization / Service / Speed / Security (defend their market

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

TABLE RONDE LMI 1 er JUIN 2012

TABLE RONDE LMI 1 er JUIN 2012 TABLE RONDE LMI 1 er JUIN 2012 107 Countries Consumerization of IT Distributed Workforce 50 percent of business devices are expected to be smartphones by 2014 84 percent of organizations have a remote

More information

Building an Effective

Building an Effective Building an Effective Cloud Security Program Becky Swain Co-Founder/Chair, CSA CCM Board Member, CSA Silicon Valley Chapter Partner, EKKO Consulting Marlin Pohlman Co-Chair, CSA CCM Co-Chair/Founder, CSA

More information

Who s Got Your Data? Managing Vendor Risk. Chris Clymer, Advisory Services

Who s Got Your Data? Managing Vendor Risk. Chris Clymer, Advisory Services Who s Got Your Data? Managing Vendor Risk Chris Clymer, Advisory Services Any views or opinions presented are solely those of the author and do not necessarily represent those of SecureState LLC. Synopsis

More information

Secure Cloud Hosting for Healthcare Organizations

Secure Cloud Hosting for Healthcare Organizations Secure Cloud Hosting for Healthcare Organizations OUR MISSION FIREHOST MISSION Our core is an unshakable, no compromise commitment to protect our customer's digital assets with integrity and innovation

More information

Governance and Control in the Cloud. Infrastructure as a Service

Governance and Control in the Cloud. Infrastructure as a Service 1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology

More information

Well-Documented Controls Reduce Risk and Support Compliance Initiatives

Well-Documented Controls Reduce Risk and Support Compliance Initiatives White Paper Risks Associated with Missing Documentation for Health Care Providers Well-Documented Controls Reduce Risk and Support Compliance Initiatives www.solutionary.com (866) 333-2133 Many Health

More information

Compliance, Incentives and Penalties: Hot Topics in US Health IT

Compliance, Incentives and Penalties: Hot Topics in US Health IT Compliance, Incentives and Penalties: Hot Topics in US Health IT Table of Contents Introduction... 1 The Requirements... 1 PCI HIPAA ARRA Carrot and Stick How does third party assurance fit into the overall

More information