Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER"

Transcription

1 Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of Elsevier SVNGRESS

2 Contents Acknowledgments About the Author About the Technical Editor Introduction xiii xv xvii xix CHAPTER 1 Introduction to Cloud Computing and Security 1 Understanding Cloud Computing 1 Cloud Scale, Patterns, and Operational Efficiency 2 A Synergistic Trick 3 Elasticity, Shape Shifling, and Security 3 The IT Foundation for Cloud 4 Cloud Computing as Foundation for Cloud Services 5 Cloud Computing Qualities 7 The Bottom Line 8 An Historical View: Roots of Cloud Computing 10 Decentralization and Proliferation 10 Networking, the Internet, and the Web 11 Virtualization 12 A Brief Primer on Security: From 50,000 ft 13 Terminology and Principles 14 Risk Management 17 Security Must Become a Business Enabler 17 A Brief Primer on Architecture 18 Systems Engineering 19 IT Architecture 20 Security Architecture: A Brief Discussion 20 Defense in Depth 23 Cloud Is Driving Broad Changes 23 Cloud Works Today 24 Valid Concerns 25 Summary 26 Endnotes 26 CHAPTER 2 Cloud Computing Architecture 29 Cloud Reference Architecture 29 Revisiting Essential Characteristics 30 Cloud Service Models 33 Cloud Deployment Models 35

3 viii Contents Control over Security in the Cloud Model 37 Cloud Application Programming Interfaces 39 Making Sense of Cloud Deployment 39 Public Clouds 40 Private Clouds 40 Community Clouds 41 Hybrid Clouds 41 Making Sense of Services Models 43 Cloud Software-as-a-Service 43 Cloud Platform-as-a-Service 43 Cloud Infrastructure-as-a-Service 43 How Clouds Are Formed and Key Examples 44 Using Virtualization to Form Clouds 45 Using Applications or Services to Form Clouds 48 Real-world Cloud Usage Scenarios 49 Virtualization Formed Clouds 49 Application/Service Formed Clouds 51 Hybrid Cloud Models 52 Summary 52 Endnotes 52 CHAPTER 3 Security Concerns, Risk Issues, and Legal Aspects 55 Cloud Computing: Security Concerns 56 A Closer Examination: Virtualization 57 A Closer Examination: Provisioning 62 A Closer Examination: Cloud Storage 64 A Closer Examination: Cloud Operation, Security, and Networking 66 Assessing Your Risk Tolerance in Cloud Computing 67 Assessing the Risk 68 Information Assets and Risk 69 Privacy and Confidentiality Concerns 70 Data Ownership and Locale Concerns 71 Auditing and Forensics 72 Emerging Threats 73 So, Is It Safe? 73 Legal and Regulatory Issues 74 Third Parties 75 Data Privacy 79 Litigation 84 Summary 85 Endnotes 87

4 Contents ix CHAPTER 4 Securing the Cloud: Architecture 89 Security Requirements for the Architecture 91 Physical Security 91 Cloud Security Standards and Policies 93 Cloud Security Requirements 94 Security Patterns and Architectural Elements 102 Defense In-depth 102 Honeypots 104 Sandboxes 104 Network Patterns 104 The Importance of a CMDB 107 Cabling Patterns 109 Resilience and Grace 110 Planning for Change Ill Cloud Security Architecture Ill Cloud Maturity and How It Relates to Security 112 Jericho Forum 113 Representative Commercial Cloud Architectures 114 Representative Cloud Security Architectures 115 Planning Key Strategies for Secure Operation 121 Classifying Data and Systems 121 Define Valid Roles for Cloud Personnel and Customers 122 Summary 123 Endnotes 123 CHAPTER 5 Securing the Cloud: Data Security 125 Overview of Data Security in Cloud Computing 125 Control over Data and Public Cloud Economics 126 Organizational Responsibility: Ownership and Custodianship 127 Data at Rest 128 Data in Motion 130 Common Risks with Cloud Data Security 130 Data Encryption: Applications and Limits 132 Overview of Cryptographic Techniques 133 Common Mistakes or Errors with Data Encryption 135 Cloud Data Security: Sensitive Data Categorization 137 Authentication and Identity 137 Access Control Techniques 138 Data Categorization and the Use of Data Labels 140 Application of Encryption for Data at Rest 141

5 X Contents Application of Encryption for Data in Motion 142 Impediments to Encryption in the Cloud 143 Deletion of Data 143 Data Masking 144 Cloud Data Storage 145 Cloud Lock-in (the Roach Motel Syndrome) 146 Metadata 148 Avoiding Cloud Lock-in (the Roach Motel Syndrome) 149 Summary 150 Endnotes 151 CHAPTER 6 Securing the Cloud: Key Strategies and Best Practices 153 Overall Strategy: Effectively Managing Risk 154 Risk Management: Stages and Activities 154 Overview of Security Controls 156 Cloud Security Controls Must Meet Your Needs 156 NIST Definitions for Security Controls 157 Unclassified Models 158 Classified Model 160 The Cloud Security Alliance Approach 161 The Limits of Security Controls 162 Security Exposure Will Vary over Time 164 Exploits Don't Play Fair 164 Best Practices 165 Best Practices for Cloud Computing: First Principals 165 Best Practices across the Cloud Community 170 Other Best Practices for Cloud Computing: Cloud Service Consumers 172 Other Best Practices for Cloud Computing: Cloud Service Providers 173 Security Monitoring 174 The Purpose of Security Monitoring 176 Transforming an Event Stream 177 The Need for C.I.A. in Security Monitoring 183 The Opportunity for MaaS 184 Summary 184 Endnotes 185 CHAPTER 7 Security Criteria: Building an Internal Cloud 187 Private Clouds: Motivation and Overview 187 Security Implications: Shared versus Dedicated Resources 189

6 Contents xi Considerations for Achieving Cost Savings 190 Private Clouds: The Castle Keep? 193 Analysis to Support Architecture Decisions 194 Security Criteria for Ensuring a Private Cloud 195 Network Considerations 196 Data Center Considerations 202 Operational Security Considerations 206 Regulation 208 Summary 209 Endnotes 210 CHAPTER 8 Security Criteria: Selecting an External Cloud Provider 211 Selecting a CSP: Overview of Assurance 211 Vendor Claims and Independent Verification 212 Selecting a CSP: Vendor Transparency 215 Selecting a CSP: Overview of Risks 217 Risk Will Vary by Customer and by CSP 217 Assessing Risk Factors 218 Selecting a CSP: Security Criteria 224 Security Criteria: Revisiting Defense-in-depth 225 Security Criteria: Other Considerations 227 Additional Security-relevant Criteria 229 Summary 232 Endnotes 232 CHAPTER 9 Evaluating Cloud Security: An Information Security Framework 233 Evaluating Cloud Security 234 Existing Work on Cloud Security Guidance or Frameworks 235 Checklists for Evaluating Cloud Security 237 Foundational Security 238 Business Considerations 240 Defense-in-depth 242 Operational Security 246 Metrics for the Checklists 249 Summary 249 Endnotes 250 CHAPTER 10 Operating a Cloud 253 From Architecture to Efficient and Secure Operations 255 The Scope of Planning 255 Physical Access, Security, and Ongoing Costs 256

7 xii Contents Logical and Virtual Access 257 Personnel Security 257 From the Physical Environment to the Logical 259 Bootstrapping Secure Operations 260 The Refinement of Procedures and Processes over Time 260 Efficiency and Cost 260 Security Operations Activities 262 Server Builds 263 Business Continuity, Backup, and Recovery 265 Managing Changes in Operational Environments 266 Information Security Management 269 Vulnerability and Penetration Testing 270 Security Monitoring and Response 271 Best Practices 274 Resilience in Operations 275 Summary 275 Endnotes 277 Index 279

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN i I I I THE PRACTITIONER'S GUIDE TO DATA QUALITY IMPROVEMENT DAVID LOSHIN ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann

More information

Managing Data in Motion

Managing Data in Motion Managing Data in Motion Data Integration Best Practice Techniques and Technologies April Reeve ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Virtualization and Forensics

Virtualization and Forensics Virtualization and Forensics A Digital Forensic Investigator's Guide to Virtual Environments Diane Barrett Gregory Kipper Technical Editor Samuel Liles ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK

More information

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY

More information

Risk Analysis and the Security Survey

Risk Analysis and the Security Survey Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

Master Data Management

Master Data Management Master Data Management David Loshin AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO Ик^И V^ SAN FRANCISCO SINGAPORE SYDNEY TOKYO W*m k^ MORGAN KAUFMANN PUBLISHERS IS AN IMPRINT OF ELSEVIER

More information

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Contents. Foreword. Acknowledgments Introduction

Contents. Foreword. Acknowledgments Introduction The Manager's Handbook for Corporate Security Establishing and Managing a Successful Assets Protection Program Dr. Gerald L Kovacich Edward P. Halibozek ilu TTERWORTH I N E M A N N An imprint of Elsevier

More information

Measuring Data Quality for Ongoing Improvement

Measuring Data Quality for Ongoing Improvement Measuring Data Quality for Ongoing Improvement A Data Quality Assessment Framework Laura Sebastian-Coleman ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Metrics and Methods for Security Risk Management

Metrics and Methods for Security Risk Management Metrics and Methods for Security Risk Management Carl S. Young ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of

More information

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press

RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press SECURE and RESILIENT SOFTWARE Requirements, Test Cases, and Testing Methods Mark S. Merkow and Lakshmikanth Raghavan CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint

More information

Customer Relationship Management

Customer Relationship Management Customer Relationship Management Concepts and Technologies Second edition Francis Buttle xlloillvlcjx. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Data Warehousing in the Age of Big Data

Data Warehousing in the Age of Big Data Data Warehousing in the Age of Big Data Krish Krishnan AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD * PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of Elsevier

More information

Eleventh Hour Security+

Eleventh Hour Security+ Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.

More information

Securing the Cloud Cloud Computer Security Techniques and Tactics

Securing the Cloud Cloud Computer Security Techniques and Tactics Securing the Cloud Cloud Computer Security Techniques and Tactics This page intentionally left blank Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor

More information

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection Measuring and Communicating Security's Value A Compendium of Metrics for Enterprise Protection George Campbell AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Rapid System Prototyping with FPGAs

Rapid System Prototyping with FPGAs Rapid System Prototyping with FPGAs By R.C. Coferand Benjamin F. Harding AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Newnes is an imprint of

More information

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management Configuration Management for Senior Managers Essential Product Configuration and Lifecycle Management for Manufacturing Frank B. Watts ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler Agile Development & Business Goals The Six Week Solution Bill Holtsnider Tom Wheeler George Stragand Joseph Gee AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier Trading and Money Management in a Student-Managed Portfolio Brian Bruce Jason Greene ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic

More information

Data Model ing Essentials

Data Model ing Essentials Data Model ing Essentials Third Edition Graeme C. Simsion and Graham C. Witt MORGAN KAUFMANN PUBLISHERS AN IMPRINT OF ELSEVIER AMSTERDAM BOSTON LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON Cloud Computing Theory and Practice Dan C. Marinescu AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO M< Morgan Kaufmann is an imprint of Elsevier

More information

IT Manager's Handbook

IT Manager's Handbook IT Manager's Handbook Getting your new job done Third Edition Bill Holtsnider Brian D. Jaffe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan

More information

The Sea Change in Data Protection Who Should Read This Book What Should You Read Acknowledgments About the Author

The Sea Change in Data Protection Who Should Read This Book What Should You Read Acknowledgments About the Author Preface The Sea Change in Data Protection Who Should Read This Book What Should You Read Acknowledgments About the Author xix xx xx xxii xxiii xxv Chapter 1 The Time Has Come for Change 1 Chapter 2 1.1

More information

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown. Enterprise Software Delivery Bringing Agility and Efficiency Global Software Supply Chain to the Alan W. Brown AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto

More information

Digital Forensics with Open Source Tools

Digital Forensics with Open Source Tools Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

Human Performance Improvement

Human Performance Improvement Human Performance Improvement Building Practitioner Competence Second Edition William J. Rothwell Carolyn K. Hohne Stephen B. King ELoEVIElx AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph David Loshin ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN

More information

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing International Journal of Emerging Engineering Research and Technology Volume 3, Issue 5, May 2015, PP 1-7 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) A Survey on Security Issues and Security Schemes

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

for the Entire Organization

for the Entire Organization Enterprise Risk Management A Common Framework for the Entire Organization Philip E. J. Green ELSEVIER AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK OXFORD. PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE. SYDNEY.

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Ensuring Cloud Security Using Cloud Control Matrix

Ensuring Cloud Security Using Cloud Control Matrix International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 9 (2013), pp. 933-938 International Research Publications House http://www. irphouse.com /ijict.htm Ensuring

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan Security Metrics A Beginner's Guide Caroline Wong Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents FOREWORD

More information

Contents. xvii. Preface. xxi. Foreword. 1 Introduction 1. Preamble 1. Scope and Structure of the Book 3. Acknowledgments 4 Endnotes 5

Contents. xvii. Preface. xxi. Foreword. 1 Introduction 1. Preamble 1. Scope and Structure of the Book 3. Acknowledgments 4 Endnotes 5 Contents Preface Foreword xvii xxi 1 Introduction 1 Preamble 1 Scope and Structure of the Book 3 Acknowledgments 4 Endnotes 5 2 Engineering Systems 7 Introduction 8 Some Initial Observations 8 Deficient

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer

Security Considerations for Cloud Computing. Steve Ouzman Security Engineer Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview

More information

Beginning SQL Server. 2012 Administration. Apress. Rob Walters Grant Fritchey

Beginning SQL Server. 2012 Administration. Apress. Rob Walters Grant Fritchey Beginning SQL Server 2012 Administration Rob Walters Grant Fritchey Apress Contents at a Glance About the Authors About the Technical Reviewer Acknowledgments Introduction xv xvi xvii xviii Chapter 1:

More information

POWER PROTECT PROMOTE. Information Governance In The Cloud

POWER PROTECT PROMOTE. Information Governance In The Cloud Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud Security Specialist Certification Self-Study Kit Bundle Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Security Officer s Checklist in a Sourcing Deal

Security Officer s Checklist in a Sourcing Deal Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.

More information

The Data Access Handbook

The Data Access Handbook The Data Access Handbook Achieving Optimal Database Application Performance and Scalability John Goodson and Robert A. Steward PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New

More information

Obj ect-oriented Construction Handbook

Obj ect-oriented Construction Handbook Obj ect-oriented Construction Handbook Developing Application-Oriented Software with the Tools & Materials Approach Heinz Züllighoven IT'Workplace Solutions, Inc., and LJniversity of Hamburg, Germany as

More information

Supply Chain Strategies

Supply Chain Strategies Supply Chain Strategies Customer-driven and customer-focused Tony Hines ELSEVIER BUTTERWORTH HEINEMANN AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Winning the Hardware-Software Game

Winning the Hardware-Software Game Winning the Hardware-Software Game Using Game Theory to Optimize the Pace of New Technology Adoption Ruth D. Fisher PRENTICE Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal

More information

Practical Intrusion Analysis

Practical Intrusion Analysis Practical Intrusion Analysis PREVENTION AND DETECTION FOR THE TWENTY-FIRST CENTURY Ryan Trost TT Ar Addison-Wesley Upper Saddle River, NJ Boston Indianapolis * San Francisco New York Toronto Montreal London

More information

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com Syslog Analyzer ABOUT US OSSera, Inc. is a global provider of Operational Support System (OSS) solutions for IT organizations, service planning, service operations, and network operations. OSSera's multithreaded

More information

Information Security Awareness Training

Information Security Awareness Training Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information

More information

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with. Web Services, Service-Oriented Architectures, and Cloud Computing The Savvy Manager's Guide Second Edition Douglas K. Barry with David Dick ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Brochure More information from http://www.researchandmarkets.com/reports/2213812/ Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Description: The auditor's guide to ensuring

More information

Private Cloud Computing

Private Cloud Computing Private Cloud Computing Consolidation, Virilization, and Service-Oriented Infrastructure Stephen R. Smoot Nam K. Tan ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO M< SAN FRANCISCO

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

Web Application Security

Web Application Security Web Application Security A Beginner's Guide Bryan Sullivan Vincent Liu Mc r New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents

More information

Dispelling the Myths about Cloud Computing Security

Dispelling the Myths about Cloud Computing Security Dispelling the Myths about Cloud Computing Security security is no longer an hinderance to the cloud! Leo F. Howell, CISSP CISA CCSK Knowledge MYTH we are all talking about the same cloud Discussion cloud

More information

Engineering DOCUMENTATION CONTROL HANDBOOK

Engineering DOCUMENTATION CONTROL HANDBOOK Engineering DOCUMENTATION CONTROL HANDBOOK CONFIGURATION MANAGEMENT AND PRODUCT LIFECYCLE MANAGEMENT FOURTH EDITION FRANK B. WATTS Amsterdam Boston Heidelberg London New York Oxford Paris San Diego San

More information

CIMA'S Official Learning System

CIMA'S Official Learning System cima CIMA'S Official Learning System Strategic Level Paul M. Collier Sam Agyei-Ampomah ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Contents

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Implementing Database Security and Auditing

Implementing Database Security and Auditing Implementing Database Security and Auditing A guide for DBAs, information security administrators and auditors Ron Ben Natan ELSEVIER DIGITAL PRESS Amsterdam Boston Heidelberg London New York Oxford P

More information

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA ^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book

More information

Data Center Storage. Hubbert Smith. Implementation, and Management »C) Cost-Effective Strategies, CRC Press J Taylor & Francis Group

Data Center Storage. Hubbert Smith. Implementation, and Management »C) Cost-Effective Strategies, CRC Press J Taylor & Francis Group Data Center Storage Cost-Effective Strategies, Implementation, and Management Hubbert Smith»C) CRC Press J Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO DW2.0 The Architecture for the Next Generation of Data Warehousing W. H. Inmon Forest Rim Technology Derek Strauss Gavroshe Genia Neushloss Gavroshe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Subhash Sankuratripati NetApp SNIA Legal Notice The material contained in

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier Emerging Market Bank Lending and Credit Risk Control Evolving Strategies to Mitigate Credit Risk, Optimize Lending Portfolios, and Check Delinquent Loans Leo Onyiriuba ELSEVIER AMSTERDAM BOSTON HEIDELBERG

More information

Governance Simplified

Governance Simplified Information Security Governance Simplified From the Boardroom to the Keyboard TODD FITZGERALD, cissp; cisa, cism Foreword by Tom Peltier CRC Press Taylor & Francis Croup Boca Raton London NewYork CRC Press

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

security peace of mind

security peace of mind IN F O R M AT ION TEC HNOLOGY (IT ) SECURIT Y AT GEN ES I S security peace of mind You re covered. Access Control Application Security Business Continuity and Disaster Recovery Planning Cryptography Information

More information

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process Job Hazard Analysis A Guide for Voluntary Compliance and Beyond From Hazard to Risk: Transforming the JHA from a Tool to a Process James E. Roughton Nathan Crutchfield E L S E V I E R AMSTERDAM. BOSTON.

More information

Service Operations Management

Service Operations Management Third Edition Robert Johnston and Graham Clark Service Operations Management Improving Service Delivery Prentice Hall FINANCIAL TIMES An imprint of Pearson Education Harlow, England London New York Boston

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren

More information

Contents. Foreword. Acknowledgments

Contents. Foreword. Acknowledgments Foreword Preface Acknowledgments xv xvii xviii CHAPTER 1 Introduction 1 1.1 What Is Mission Critical? 1 1.2 Purpose of the Book 2 1.3 Network Continuity Versus Disaster Recovery 2 1.4 The Case for Mission-Critical

More information

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for

More information

Cloud Computing. Implementation, Management, and Security. John W. Rittinghouse James F. Ransome

Cloud Computing. Implementation, Management, and Security. John W. Rittinghouse James F. Ransome Cloud Computing Implementation, Management, and Security John W. Rittinghouse James F. Ransome ( r öc) CRC Press W / Taylor &. Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor

More information

Cloud Computing. Karan Saxena * & Kritika Agarwal**

Cloud Computing. Karan Saxena * & Kritika Agarwal** Page29 Cloud Computing Karan Saxena * & Kritika Agarwal** *Student, Sir M. Visvesvaraya Institute of Technology **Student, Dayananda Sagar College of Engineering ABSTRACT: This document contains basic

More information

Networking. Cloud and Virtual. Data Storage. Greg Schulz. Your journey. effective information services. to efficient and.

Networking. Cloud and Virtual. Data Storage. Greg Schulz. Your journey. effective information services. to efficient and. Cloud and Virtual Data Storage Networking Your journey to efficient and effective information services Greg Schulz CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information