Red Island Consulting
|
|
- Richard Harvey
- 7 years ago
- Views:
Transcription
1 Red Island Consulting SECURITY ACCREDITATION FOR THE PSN Dave Duke Head of Business Development Red Island Consulting 9/17/2013 8:45:39 AM. AM 1
2 Agenda 1. A bit about Red Island Consulting 2. PSN Accreditation First Steps 3. PSN Accreditation Impact Levels 4. PSN Accreditation IL2 5. ISO27001 Certification Process 6. IL2 and IL3 Accreditation process 7. PSN Accreditation Things to Consider 9/17/2013 8:45:39 AM. 2
3 Who are we? Enterprise Risk Management, Compliance and Governance Services Management System & Technology Specialists 3 rd Party Information Assurance and Risk Management Off-site Analysis On-site Audit Global Information Security / ISO27001 Specialists 28% of all UK ISO27001 certs HMG / CLAS / NHS N3 / GPG Numerous telco s and ISPs PCI DSS QSA Since 2008 Sole QSA to BT, EE, o2 De-Scoping and Process Experts BCP / ISO22301 (BS25999) Global Business Continuity Specialist -1 st Major Middle East Energy Co to UKAS certification Bespoke Training Industry Leading E- Learning On-site training Experienced Consultants Only Experienced Consultants Technical people turned Consultants Business focused Client Sizes 7 26,000 9/17/2013 8:45:39 AM. 3
4 PSN Accreditation First Steps PSN = Public Services Network Intended to unify the provision of network infrastructure across the public sector into an interconnected "network of networks Designed to enable you to get accredited once and then enable you to continue to deal with the public sector. Designed to make it easier for SMEs to do business with public sector. (e.g. You become certified once rather than by contract) To initiate accreditation suppliers need to formally apply through the government procurement process so you ll need a sponsor. 9/17/2013 8:45:39 AM. 4
5 PSN Accreditation First Steps Network Diagrams PSN Code IT Health Check Assurance 9/17/2013 8:45:39 AM. 5
6 PSN Accreditation Impact Levels (IL) IL2 Protect IL3 Restricted 9/17/2013 8:45:39 AM. 6
7 PSN Accreditation IL2 ISO27001 process Asset Identification Business Impact Analysis Risk Assessment Risk Treatment Plan Documentation Implementation On-going Monitoring 9/17/2013 8:45:39 AM. 7
8 ISO27001 Certification Process Certification involves 2 audits Stage 1 Review Asset ID, BIA and RA Methodology Review RTP Review Roles & Responsibilities Review ISMS Maturity Stage 2 Evidence of Implementation & Awareness Certificate is valid for 3 years, subject to regular surveillance audits 9/17/2013 8:45:39 AM. 8
9 PSN Accreditation IL3 Greater protection and segregation Reviewed by CLAS Airgap RMADS 9/17/2013 8:45:39 AM. 9
10 IL2 & IL3 Evidence Sets RMADS Lightweight RMADS required for BIL2 / Full RMADS required for IL3 Residual Risk Statement Risk Register Security Operating Procedures (relevant to the consumer and/or supplier) Other Security Related documentation such as IA conditions consumers are expected to meet Statement on personal data and a completed DPA questionnaire Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services ITHC (scope and results) and other evidence of assurance (e.g. CPA certificate) Required for both IL2 and IL3 systems/services, though the extent will be less for the IL2 systems/services. ISO/IEC Certificate, report & improvement notice Required for IL2systems/services 9/17/2013 8:45:39 AM. 10
11 PSN Accreditation Things to consider Functional description of Services Required (No marketing info!) Is my assurance evidence sufficient for accreditation? IS1 technical risk assessment Mapping between system components and ISO certifications (for IL2) 9/17/2013 8:45:39 AM. 11
12 PSN Accreditation Help? Who can I use to provide independent assurance? ISO27001 certification consultants CLAS consultants ISO27001 certification bodies CHECK testers 9/17/2013 8:45:39 AM. 12
13 Activities Phase 1 Phase 2 Phase 3 Phase 4 Gap Analysis Implement Controls PSN Application Accreditation Client brief on services to be accredited and confirm future PSN scope Agree phase 1 objectives with client Review & assess current documentation against scope Document Gaps against ISO/IEC27001:2005 and CESG GPG 32 (Telecoms Audit Standards) SAPMA Physical Security assessment of all sites 1 day per site Risk Treatment Plan Management summary report Agree next stage objectives with Client Scope and deliver Accreditation Plan based on phase 1 post objectives Update Design documents Document new controls into documentation Update Procedure documents Procedure planning / scheduling PSN Application planning Populate PSN CoCo and Annex B Approve initial PSN application (CoCo (spreadsheet) and Annex B (word document)) with Client Agree next stage objectives with Client Submit PSN Application to PSNA Respond to PSNA requests for change Develop resulting RMADS to support approved application CHECK Penetration Testing, (Scope, test, resolve risks) Update RMADS CLAS consultant to review and approve RMADS prior to formal submission to CESG Submit RMADS to CESG Update RMADS based on CESG comments Agree next stage objectives with Client Accreditation achieved Implement audit strategy to maintain accreditation Implement annual reaccreditation activities as business as usual Submit annual accreditation self assessment Review all changes either client or 3 rd Parties for impact to accreditation 9/17/2013 8:45:39 AM. 13
14 A date for your diaries! Find out more about Security Accreditation for PSN Friday 20 th September 9.00am to 12.30pm HMS Belfast, London 9/17/2013 8:45:39 AM. 14
15 Red Island Consulting Thank you! Dave Duke Head of Business Development Red Island Consulting M: /17/2013 8:45:39 8:45:41 AM. AM 15
A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template
G-Cloud Service Pan Government Security Accreditation Scope This form is intended for Suppliers of services on the G-Cloud to complete. Upon receipt, the G-Cloud Programme will check Section A, Reference
More informationHow to gain accreditation for a G-Cloud Service
www.ascentor.co.uk How to gain accreditation for a G-Cloud Service Demystify the process As a registered supplier of G-Cloud services you will be keenly aware that getting onto the G-Cloud framework does
More informationSCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services
SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services Contents 1 Introduction...2 2 IA, CLAS Consulting and CHECK Testing...3 3 Information Assurance...4 4 Accreditation...5
More informationUK Government IA Recent Changes and Update
UK Government IA Recent Changes and Update INTRODUCTION Agenda Part 1 Government IA and Cyber Security Background Quick Threat Update UK Government Cyber Security Initiative Government Asset Control in
More informationHow To Secure Cloud Compute At Eduserv
Implementing the CESG Cloud Security Principles February 2015 Eduserv Public www.eduserv.org.uk Contents Introduction... 4 The principles... 4 About our claims... 5 1 Data in transit protection... 6 2
More informationThales Service Definition for PSN Secure Email Gateway Service for Cloud Services
Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...
More informationIT Heath Check Scoping guidance ALPHA DRAFT
IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance
More informationICT and Information Security Resources
Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44
More informationediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: 0207 444 4080 Email: G-Cloud@esynergy-solutions.co.
ediscovery G-Cloud V Service Definition Lot 4 SCS Tender Validity Period: 120 days from 10/04/14 Contact us: Danielle Pratt Email: G-Cloud@esynergy-solutions.co.uk Contents About... 1 Specialist Cloud
More informationGPG13 Protective Monitoring. Service Definition
GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights
More informationUK Permanent Salary Index - 2015
1 SYSTEM INTEGRATORS & CONSULTANCIES Job Title Guidelines 8 9 2010 2011 2012 2013 2014 Information & Risk IT Officer Project & Risk Consultant Analyst Part of a team in a large organisation responsible
More informationEmbrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.
Embrace the G-Cloud Ultra Secure Colocation Services for the Public Sector 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Introduction What is G-Cloud? Types of accreditation: Business Impact Levels
More informationPSN Protective Monitoring. Service Definition
PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights
More informationAchieve ISO Certification
Achieve ISO Certification Risk Management & Compliance Services Main UK Office 020 3432 2854 Midlands Office 01332 896 478 Wales & West Office 029 2000 4623 Assent 1st Floor, 120 London Road, Benfleet,
More informationProtecting Malaysia in the Connected world
Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE
More informationCESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)
CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) Version 1.0 Crown Copyright 2016 All Rights Reserved Page 1 Document History Version Date Description 1.0 October 2013 Initial issue Soft copy
More informationChoosing Ascentor as your cyber security partner. Secure your information Strengthen your business
Secure your information Strengthen your business Choosing Ascentor as your cyber security partner www.ascentor.co.uk Ascentor Ltd 5 Wheatstone Court, Davy Way Waterwells Business Park Quedgeley, Gloucester
More informationManagement Systems Consultancy & Support Specialists
Consultancy Management Systems Continual Improvement Outsourcing Auditing Support Data Analysis Training Documentation Services to meet your business requirements specialise in ISO 9001 Quality Management
More informationOverview. Service Description: BCP & DR Strategy (L6)
Service Description: BCP & DR Strategy (L6) Government Enterprise Architecture Specialists T: 07966 457 571 E: peter@vision-ist.net Overview Visionist will help your organisation develop a Business Continuity
More informationSmart Security. Smart Compliance.
Smart Security. Smart Compliance. SRM are dedicated to helping our clients stay safe in the information environment. With a wide range of knowledge and practical experience, our consultants are ready to
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationSCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT
SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT Issue 1.0 Date 24/03/2011 Logica is a business and technology service company, employing 39,000 people. It provides business consulting, systems integration
More informationProtecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh
Protecting Your Customers' Card Data Presented By: Oliver Pinson-Roxburgh Agenda Trustwave Overview PCI Scope Compromise Statistics PCI Makes Business Sense Registration Process TrustKeeper Features Support
More informationesourcing MANAGED SERVICE CUSTOMER NOTICE Security Accreditation
esourcing MANAGED SERVICE CUSTOMER NOTICE Security Accreditation Purpose The purpose of this Customer Notice is to provide details of the Security Accreditation for the esourcing Managed Service performed
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationNorth East Regional Bias Against Information Security Threat
Summary Information Security North East () is a forum for council and public service information security managers from Northumberland, Tyne and Wear, Durham and the Tees Valley 1. is also the Warning,
More informationVendor Management Panel Discussion. Managing 3 rd Party Risk
Vendor Management Panel Discussion Managing 3 rd Party Risk Vendor Risk at its Finest Vendor Risk at its Finest CVS Care Mark Corporation announced that it had mistakenly sent letters to approximately
More informationCenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)
CenturyLink Disaster Recovery Service G-Cloud V Lot 4 (Specialist Cloud Services) Overview of the Service To help public sector organisations be prepared in the event of a disaster, CenturyLink Technology
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationFrequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005
Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005 The following are a set of frequently asked questions that relate to new developments regarding ISO/IEC
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationFebruary 2015 Issue No: 5.2. CESG Certification for IA Professionals
February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or
More informationSecurity Risk Management Strategy in a Mobile and Consumerised World
Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key
More informationIntegrated Management System Software
Integrated Management System Software QSA Integrated Management System Software QSA is a software solution which you can manage all management system requirements in a single platform. By using QSA, you
More informationISO standards are not just for the large enterprises, they are of benefit to start-ups, micro businesses, SMEs and large undertakings alike.
What are ISO Standards? Why are they Important to You? ISO standards are not just for the large enterprises, they are of benefit to start-ups, micro businesses, SMEs and large undertakings alike. Some
More informationPCI DSS Overview. By Kishor Vaswani CEO, ControlCase
PCI DSS Overview By Kishor Vaswani CEO, ControlCase Agenda About PCI DSS PCI DSS Applicability to Banks, Merchants and Service Providers PCI DSS Technical Requirements Overview of PCI DSS 3.0 Changes Key
More informationCCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd
CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate
More informationPayment Card Industry Standard - Symantec Services
Payment Card Industry Standard - Symantec Services The Payment Card Industry Data Security Standard (PCI, or PCI DSS) was developed by the PCI Security Standards Council to assure cardholders that their
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating
More informationApril 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level
April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level
More informationGOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com
GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers
More informationConnecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open
Connecting to the Cloud Version: 3.0, Issue Date: 01/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating this Response,
More informationName: Lynda Cooper Date: November 24th. Revising ISO/IEC 20000 to fit the future of service management
Name: Lynda Cooper Date: November 24th Revising ISO/IEC 20000 to fit the future of service management Agenda Brief overview of ISO20000 Changes Why and How What Your views and how you can influence the
More informationG-Cloud Service Definition. Atos Security Professional Services SCS
G-Cloud Service Definition Atos Security Professional Services SCS Atos Security Professional Services SCS Security Professional Services delivered by experienced certified professionals empowered by market
More informationSecurity Overview. A guide to data security at AIMES Data Centres. www.aimesgridservices.com TEL: 0151 905 9700 enquiries@aimes.
Security Overview A guide to data security at AIMES Data Centres www.aimesgridservices.com TEL: 0151 905 9700 enquiries@aimes.net Page 1 of 10 Contents I. Protecting our clients data...2 II. Information
More informationManaging Supply Chain Impacts
Managing Supply Chain Impacts Increasing shareholder, public and media scrutiny means that any irregular or irresponsible practices within an organisation's supply chain can permanently damage an organisation's
More informationIT Security Testing Services
Context Information Security T +44 (0)207 537 7515 W www.contextis.com E gcloud@contextis.co.uk IT Security Testing Services Context Information Security Contents 1 Introduction to Context Information
More informationCompliance Security Continuity
Compliance Security Continuity About Us Information Security Put the necessary processes, policies and procedures in place, identify your company s most valuable assets and implement and test controls
More informationOur consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.
Service Definition Business Continuity Plan Overview of Service Sapphire provides a bespoke service, working with your organisation to develop a comprehensive Business Continuity Plan (BCP) designed to
More informationThird Party Supplier Security
Third Party Supplier Security Managing risk and compliance through external due diligence audits. Presented by: Stephen Higgins 6 th December 2012 To cover When third party supplier security goes wrong...
More informationInternal Audit Activity Update
Internal Audit Activity Update April 17, 2013 Agenda Internal Audit (IA) purpose, authority and responsibility State Internal Audit Advisory Board (SIAAB) Fiscal Control and Internal Auditing Act ( FCIAA)
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this
More informationProperty of CampusGuard. Compliance With The PCI DSS
Compliance With The PCI DSS Today s Agenda PCI DSS Introduction How are Colleges and Universities Affected? How Do You Validate Compliance? Best Practices Q&A CampusGuard Full-Service QSA/ASV Firm We Know
More informationThird-Party Access and Management Policy
Third-Party Access and Management Policy Version Date Change/s Author/s Approver/s Dean of Information Services 1.0 01/01/2013 Initial written policy. Kyle Johnson Executive Director for Compliance and
More informationLet s talk information security.
Let s talk information security. Don t think. Know. Let s face it. Your data is precious. You don t want to think it s safe as it flies across your network you want to know it s safe. We understand that.
More informationHow To Write A Scoping Statement For A Cloud Security Alliance
G-Cloud or PSN Service Descripton and Commitment for Security Accreditaton This form is intended for Suppliers of PSN or G-Cloud services to complete. Upon receipt, the G-Cloud or PSN Programme will check
More informationCyber Essentials Scheme
Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified
More informationINFORMATION SECURITY MANAGEMENT SYSTEMS QUOTE REQUEST FORM
INFORMATION SECURITY MANAGEMENT SYSTEMS QUOTE REQUEST FORM Please provide the following information to enable us to confirm the costs of ISO 27001 registration. 1) Organisation details: Company name: Company
More informationSaaS IMPLEMENTATION BUSINESS CASE DEVELOPMENT SUPPORTING INFORMATION. VERSION 0 4 February 2014
BUSINESS CASE DEVELOPMENT SUPPORTING INFORMATION VERSION 0 4 February 2014 CONTENTS Introduction... 1 Functionality... 1 Pricing, Terms and Conditions... 2 Availability (up-time) of solution... 2 System
More informationEnforcement Operations. Module Db. Technical Solution
Module Db Technical Solution Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL: Cost is reduced through greater economies of scale, removal of duplication
More informationData Centre excellence, consummate security and exemplary connectivity.
world class hosting 2 Data Centre excellence, consummate security and exemplary connectivity. In addition to our unrivalled reputation for service, we bring all our skills, and all our passion, to our
More informationPROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution
PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution 1. The Challenge Large enterprises are experiencing an ever increasing burden of regulation and legislation against which they
More informationPayment Card Industry Data Security Standard
Payment Card Industry Data Security Standard Abhinav Goyal, B.E.(Computer Science) MBA Finance Final Trimester Welingkar Institute of Management ISACA Bangalore chapter 13 th February 2010 Credit Card
More informationInfrastructure Services
Information Security Management System Infrastructure Services Service Definition Version: 1.0 Version date: October 2015 Classification: Public Backup-as-a-Service Systems Monitoring DR-as-a-Service Storage-as-a-Service
More informationCareer Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88
Career Survey 1. In which country are you based? 88 answered question 88 skipped question 0 2. What is your job title? 88 answered question 88 skipped question 0 3. Travel budget not at all 21.0% 17 somewhat
More informationGet Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.
i Compliant Fully managed Encryption Overlay service enabling data sharing across secure networks. Provides operational efficiencies and cost savings through simplified procurement Get Better Protected...
More informationSBL Integration, Capabilities, and Enablement in Defence Justice@softbox.co.uk. 01347 812148 www.softbox.co.uk
SBL Integration, Capabilities, and Enablement in Defence Justice@softbox.co.uk 01347 812148 www.softbox.co.uk Contents Page 3 SBL Company Overview 4 SBL in Justice 5 SBL Apple Authorised Reseller 5 SBL
More informationUnderstanding OHSAS 18001:1999 and ANSI Z-10
Understanding OHSAS 18001:1999 and ANSI Z-10 by Ron Henderson Manager EH&S Programs www.abs-qe.com 1 In the United States, two safety management systems programs are getting attention and gaining interest:
More informationPaul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com
Managing IT Fraud Using Ethical Hacking Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com Agenda Introductions Context for Ethical Hacking Effective use of ethical hacking in fraud
More informationInformation System Audit Guide
Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Commonwealth of Australia 2011 Page 1 TABLE OF CONTENTS 1. INTRODUCTION TO ACCREDITATION...4 2. THE
More informationWHITE PAPER. How to simplify and control the cardholder security environment
WHITE PAPER How to simplify and control the cardholder security environment Document Version V1-0 Document Set: QCC Information Security Prepared By Nick Prescot - QCC Information Security Ltd Sponsored
More informationISO/IEC 27001:2013 webinar
ISO/IEC 27001:2013 webinar 11 June 2014 Dr. Mike Nash Gamma Secure Systems Limited UK Head of Delegation, ISO/IEC JTC 1/SC 27 Introducing ISO/IEC 27001:2013 and ISO/IEC 27002:2013 New versions of the Information
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationPCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina ricklambert@sc.
PCI Compliance at The University of South Carolina Failure is not an option Rick Lambert PMP University of South Carolina ricklambert@sc.edu Payment Card Industry Data Security Standard (PCI DSS) Who Must
More informationSupplier Information Assurance Assessment Framework and Guidance UNCLASSIFIED
January 2011 Issue No: 1.0 Supplier Information Assurance Assessment Framework and Guidance UNCLASSIFIED Supplier Information Assurance Assessment Framework and Guidance Issue No: 1.0 January 2011 The
More informationProjects undertaken in current role. Governance Lead/CISO for international Geospatial Solution
Dr Carol Buttle 27 Middleleaze Drive Swindon, Wilts SN5 5GL 07747882435 carolbuttle@icloud.com Summary Highly technical defence and security specialist providing Information Security Strategies (ISS) to
More informationNATIONAL RECORDS OF SCOTLAND preserving the past; recording the present; informing the future. 2011 Census
NATIONAL RECORDS OF SCOTLAND preserving the past; recording the present; informing the future 2011 Census Information Assurance Policy Statement By the UK Census Offices June 2011 NATIONAL RECORDS OF SCOTLAND
More informationIT Support for London
IT Support for London London Systems IT Support Your Helpdesk What s included; We are your IT Department, we are at the end of a phone to listen and work with you to resolve the situation no matter where
More informationClient information note Assessment process Management systems service outline
Client information note Assessment process Management systems service outline Overview The accreditation requirements define that there are four elements to the assessment process: assessment of the system
More informationAn Introduction to the Information Security Program Model (ISPM)
SECURELY ENABLING BUSINESS An Introduction to the Information Security Program Model (ISPM) Presented by: Nick Puetz VP of Strategic Services, FishNet Security David Robinson CIO, Lockton Companies AGENDA
More informationG-CLOUD SPECIALIST CLOUD SERVICES
ITSUS CONSULTING G-CLOUD SPECIALIST CLOUD SERVICES Page 1 of 13 SPECIALIST CLOUD SERVICES ITSUS is a specialist network consultancy which delivers that crucial combination of security and efficiency, both
More informationRequest for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon
Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon Request for Proposal P a g e 2 Table of Contents 1.
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationQuality Management Standard BS EN ISO 9001:2008. www.imsworld.org
Quality Management Standard BS EN ISO 9001:2008 The Origin of Quality Standards Ministry of Defence Marks & Spencer Ford Motor Company All had their own Quality standards, which they expected their suppliers
More informationCESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS
CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS Issue 1.1 Crown Copyright 2015 All Rights Reserved 1 of 9 Document History Version Date Description 0.1 November 2012 Initial Draft Version
More informationwhite paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY
white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY SECURITY EXECUTIVE SUMMARY The UK government has increasingly been encouraging the use of cloud services instead of traditional
More informationMETANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April
Data Centre Quality and Security Enterprise Security Management METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April Corporate Security & Risk Group (CSRG) Interoute
More informationPCI DSS 3.0 and You Are You Ready?
PCI DSS 3.0 and You Are You Ready? 2014 STUDENT FINANCIAL SERVICES CONFERENCE Linda Combs combslc@jmu.edu Ron King rking@campusguard.com AGENDA PCI and Bursar Office Role Key Themes in v3.0 Timelines Changes
More informationInformation Security, Privacy and Compliance Convergence
Information Security, Privacy and Compliance Convergence Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI Rebecca Herold & Associates, LLC April 2009 Agenda Information lifecycles Security and privacy challenges
More informationHow To Implement An Information Security Management System
ISO/IEC 27001 Informa2on Security Management System Presented by Daminda Perera 26/07/2008 ISO/IEC 27001:2005 Informa@on technology Security techniques Informa@on security management systems Requirements
More informationIA Assessor Panel APMG IA ASSESSORS PANEL
IA Assessor Panel Adrian Hicks Adrian is an experienced consultant who has, for more than 25 years, been providing business and application analysis skills to a wide variety of organizations and environments.
More informationPCI DSS Certification. Fast and easy security compliance
PCI DSS Certification Fast and easy security compliance InfoPulse A part of the Partner Nordic IT group EVRY Company brief BMS Consulting is established as IT system integrator since 1997 Leading positons
More informationGuide to Penetration Testing
What to consider when testing your network HALKYN CONSULTING 06 May 11 T Wake CEH CISSP CISM CEH CISSP CISM Introduction Security breaches are frequently in the news. Rarely does a week go by without a
More informationProcurement Policy Note Use of Cyber Essentials Scheme certification
Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply
More informationGovernment Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL. v2.0 March 2014
Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL v2.0 March 2014 This FAQ describes how risk management activities should be conducted for the new OFFICIAL classification.
More informationCareer Analysis into Cyber Security: New & Evolving Occupations
Alderbridge Specialists in Info Security Specialist Recruitment Knowledge for e-skills UK s Cyber Security Learning Pathways Programme Career Analysis into Cyber Security: New & Evolving Occupations e-skills
More informationKey USP s. Multiple PCI level GRC tool
PCI GRC tool Introduction GP history Visa level 1 approved hosting facility Niche product for a specific problem Reduce BAU cost and cost of PCI compliance Reduce cost in managing 3rd parties PCI stakeholder
More informationINFORMATION ASSURANCE
Service Definition Thomson Reuters Legal Matter Management service (Serengeti Tracker) is the highest rated legal matter management, e-billing and analytics system designed for inhouse legal departments.
More informationSpecialist Cloud Services. Acumin Cloud Security Resourcing
Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting
More information