Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

Size: px
Start display at page:

Download "Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES"

Transcription

1 Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

2 Agenda Importance of Common Cloud Standards Outline current work undertaken Define Cloud security requirements & prac<ces Review various ISO Standards both published and in development

3 The Importance of Common Standards for the Cloud Cloud services offer many proprietary techniques which prevent interoperability and portability between environments. Benefits of Common Standards: Prevents vendor lockout Creates common terminology for cloud consumers AND providers Creates a common set of control objec<ves for security controls for cer<fica<ons and audits Creates standardized methodologies and formats for monitoring and logging Creates a standardized set of assurance models used by both cloud consumers and cloud providers Provides a standardized set of APIs for ease of automa<on and instrumenta<on

4 Ongoing technical work in ISO JTC1 SC27 General ISO 27000, 27001, 27002, Informa<on security best prac<ces and security cer<fica<on ISO , , Supply chain risk management Numerous other ISO standards covering technical topics in network management, iden<ty management, cryptography, and privacy Cloud Specific ISO Security guidance on implementa<on requirements for cloud ISO Data protec<on controls for public cloud ISO Security guidance on supply chain risk management issues specific to cloud deployments Collabora<on with SC38 on Cloud- related projects (ISO 17788, 17789) Study period for Cloud Risk Assessment

5 ISO/IEC highlights Cloud Terminology Key Characteris<cs Broad Network Access network accessible from anywhere Measured Service usage monitored, controlled, reported, and billed Mul<- tenancy physical and virtual resources allocated in a manner which isolates one tenant s computa<on and data from other tenants On- demand self- service cloud service customer provisions as needed automa<cally or with minimal interac<on with cloud service provider Rapid elas<city and scalability physical or virtual resources are rapidly and elas<cally provisioned as needed per service agreement Resource pooling cloud service provider resources are aggregated without customer control or knowledge of how resources are provided or where they are located unless contractual agreement specifies loca<on

6 ISO/IEC highlights Cloud compu<ng roles and ac<vi<es Cloud service customer business rela<onship with cloud service provider or cloud service customer for the purpose of using cloud services Cloud service partner a party suppor<ng the ac<vi<es of either the cloud service provider or the cloud service customer e.g. cloud auditor, cloud service broker Cloud service provider a party which makes cloud services available

7 ISO/IEC highlights Cloud Service Capabili<es Applica<on capabili<es type cloud service customer uses the cloud service provider s applica<on Infrastructure capabili<es type cloud service customer provisions and uses processing, storage, or networking resources Pla^orm capabili<es type cloud service customer deploys, manages, and runs a customer- created or customer- acquired applica<on using programming languages or execu<on environments supported by the cloud service provider

8 ISO/IEC highlights Cloud Service Categories Communica<ons as a Service (CaaS) Real<me interac<on and collabora<on Compute as a Service (CompaaS) Provisioning and use of processing resources needed to deploy and run so`ware Infrastructure as a Service (IaaS) Infrastructure capabili<es are provided to the cloud service customer Network as a Service (NaaS) Capability provided is transport connec<vity and related network capabili<es Pla^orm as a Service (PaaS) Capability provided is pla^orm capabili<es type So`ware as a Service (SaaS) Capability provided is the applica<on capabili<es type

9 ISO/IEC highlights Cloud Deployment models Public Cloud resources are controlled by the cloud service provider and available to any cloud service customer Private Cloud cloud deployment used exclusively by a single cloud service customer with a narrowly controlled boundary based on limi<ng customers to one organiza<on. May be operated by customer or third party, on premise or off premise. Community Cloud supports and is shared by a specific collec<on of cloud service customers with shared requirements and a rela<onship with one another. Broad boundary limi<ng par<cipa<on to customers with shared set of concerns Hybrid Cloud deployment model using at least two different deployment models bound together by appropriate technology to enable interoperability, data portability, and applica<on portability. Boundary reflects its two base deployments.

10 ISO/IEC ISO/IEC DIS Informa<on technology - - Security techniques - - Code of prac<ce for informa<on security controls based on ISO/IEC for cloud services Status: Under development Target publica<on date:

11 ISO/IEC Overview SCOPE Gives guidelines for relevant controls specified in ISO/IEC Provides addi<onal controls with implementa<on guidance specifically rela<ng to cloud services for both cloud service providers and cloud service customers NORMATIVE REFERENCES ISO/IEC 27000, Informa(on technology - Security techniques - Informa(on security management systems - Overview and vocabulary ISO/IEC 17788, Informa(on technology Cloud compu(ng Overview and vocabulary ISO/IEC 17789, Informa(on technology Cloud compu(ng Reference architecture ISO/IEC 27002:2013, Informa(on technology - Security techniques - Code of prac(ce for informa(on security controls

12 ISO/IEC Overview Cloud sector- specific security concepts in this standard Supplier rela<onships in cloud services Acquirer- supplier rela<onship Supply chain rela<onships between cloud infrastructure providers and cloud applica<on providers Rela<onships between cloud service customers and cloud service providers Cloud service customer s business process dependency upon CIA of cloud service Cloud service customer requires security informa<on from cloud service provider to determine if addi<onal controls must be implemented for risk mi<ga<on Managing informa<on security risks in cloud services derived from its features Networking Resource sharing Cross- jurisdic<onal service provisioning Limited visibility into implementa<on of controls Etc.

13 ISO/IEC Overview Appendix B provides references for risk sources and risks in the provision and use of cloud services Recommenda<on ITU- T X.1601, Security framework for cloud compu(ng - Jan Australian Government Informa<on Management Office, Summary of Checkpoints of Privacy and Cloud Compu(ng for Australian Government Agencies: BeMer Prac(ce Guide - Feb Australian Signals Directorate, Sec<on 17 Overview of Cloud Compu(ng Security Considera(ons of Cloud Compu(ng Security Considera(ons - Sep Hong Kong OGCIO, Security & Privacy Checklist for Cloud Service Providers in Handling Personal Iden(fiable Informa(on in Cloud PlaSorms - April 2013 Hong Kong OGCIO, Security Checklists for Cloud Service Consumers - Jan NIST, SP Guidelines on Security and Privacy in Public Cloud Compu(ng - Dec NIST, SP Cloud Compu(ng Synopsis and Recommenda(ons - May 2012

14 ISO/IEC Demo of Content

15 ITU- T X.1601 digression ISO/IEC provides a list of references for cloud- based threat/risk assessments. ITU- T X.1601 provides useful informa<on on this topic and, unlike ISO/IEC standards, this ITU- T standard is FREE. Topics covered: Security threats for cloud compu<ng Security threats for cloud service customers (CSCs) Security threats for cloud service providers (CSPs) Security challenges for cloud compu<ng Security challenges for cloud service customers (CSCs) Security challenges for cloud service providers (CSPs) Security challenges for cloud service partners (CSNs)

16 ITU- T X.1601 Con'nued Cloud compu<ng security capabili<es Trust model Iden<ty and access management (IAM), authen<ca<on, authoriza<on and transac<on audit Physical security Interface security Compu<ng virtualiza<on security Network security Data isola<on, protec<on and privacy protec<on Security coordina<on Opera<onal security Incident management Disaster recovery Service security assessment and audit Interoperability, portability and reversibility Supply chain security

17 ITU- T X.1601 Con'nued Useful threat tables Y indicates where a security capability addresses a threat or challenge

18 ISO/IEC Status: Published ISO/IEC 27018:2014 Informa<on technology Security techniques Code of prac<ce for PII protec<on in public clouds ac<ng as PII processors Abstract ISO/IEC 27018:2014 establishes commonly accepted control objec<ves, controls and guidelines for implemen<ng measures to protect Personally Iden<fiable Informa<on (PII) in accordance with the privacy principles in ISO/IEC for the public cloud compu<ng environment. In par<cular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into considera<on the regulatory requirements for the protec<on of PII which might be applicable within the context of the informa<on security risk environment(s) of a provider of public cloud services. ISO/IEC 27018:2014 is applicable to all types and sizes of organiza<ons, including public and private companies, government en<<es, and not- for- profit organiza<ons, which provide informa<on processing services as PII processors via cloud compu<ng under contract to other organiza<ons. The guidelines in ISO/IEC 27018:2014 might also be relevant to organiza<ons ac<ng as PII controllers; however, PII controllers can be subject to addi<onal PII protec<on legisla<on, regula<ons and obliga<ons, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such addi<onal obliga<ons.

19 ISO/IEC 27018:2014 preview

20 ISO/IEC 27018:2014 preview

21 ISO/IEC 27018:2014 Demo of standard

22 SC27 Cloud Study Groups Cloud Compu<ng Security and Privacy SC27 liaison officers and project editors meet to maintain consistency and alignment among cloud standards Use cases used to develop joint text between SC27(ISO/IEC 27017) and ITU- T SG17(X.ccsec) Study Period on Cloud Security Technologies was extended to inves<gate: Virtualiza<on Security Security as a Service Integra<on of Cloud Compu<ng into exis<ng projects: Storage Incident Management Forensics Supplier Rela<onships Disaster Recovery

23 New work in study period Cloud risk management Based upon NIST work on Cloud adapted Risk Management Framework Dra` created by CS1 for input into study period work in progress Responsibili<es shi` from Provider to Consumer depending on the cloud deployment model Cloud specific considera<ons for risk management emerge based on the shi` in responsibility

24 Other Cloud Standardiza'on Ac'vi'es ITU- T SG17 X.ccsec ENISA Cloud Compu<ng Security Risk Assessment Procure Secure Cri<cal Cloud Compu<ng ETSI - Cloud Standards Coordina<on Workshops Coordinate with stakeholders in the cloud standards ecosystems Devise standards roadmaps in support of EU policy in cri<cal areas such as security, interoperability, data portability, and reversibility

25 Other Cloud Standardiza'on Ac'vi'es Cloud Security Alliance (CSA) Established Interna<onal Standardiza<on Council in 2012 Liaisons with ISO/IEC SC27, ISO/IEC SC38 and ITU- T, contributor to cloud standards Standards and best prac<ces on many aspects of cloud security, for example: Security Guidance Cloud Controls Matrix Training and Cer<ficate of Cloud Security Knowledge (CCSK) CSA Security Trust and Assurance Registry (STAR)

26 Ge[ng involved locally Cloud Security Alliance: Searle Chapter Free membership Monthly mee<ngs in Bellevue 8 <mes/year Generally held towards end of month Thursday evening 6-8 Two speakers and food hrps://chapters.cloudsecurityalliance.org/searle/

27 Ques<ons?

Update on the Cloud Demonstration Project

Update on the Cloud Demonstration Project Update on the Cloud Demonstration Project Khalil Yazdi and Steven Wallace Spring Member Meeting April 19, 2011 Project Par4cipants BACKGROUND Eleven Universi1es: Caltech, Carnegie Mellon, George Mason,

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Don t screw with my chain, dude! Jon Boyens Computer Security Division IT Laboratory November

More information

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO

More information

Cloud Compu)ng in Educa)on and Research

Cloud Compu)ng in Educa)on and Research Cloud Compu)ng in Educa)on and Research Dr. Wajdi Loua) Sfax University, Tunisia ESPRIT - December 2014 04/12/14 1 Outline Challenges in Educa)on and Research SaaS, PaaS and IaaS for Educa)on and Research

More information

Building an Effec.ve Cloud Security Program

Building an Effec.ve Cloud Security Program Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on

More information

Legacy Archiving How many lights do you leave on? September 14 th, 2015

Legacy Archiving How many lights do you leave on? September 14 th, 2015 Legacy Archiving How many lights do you leave on? September 14 th, 2015 1 Introductions Wendy Laposata, Himforma(cs Tom Chase, Cone Health 2 About Cone Health More than 100 loca=ons 6 hospitals, 3 ambulatory

More information

Privileged Administra0on Best Prac0ces :: September 1, 2015

Privileged Administra0on Best Prac0ces :: September 1, 2015 Privileged Administra0on Best Prac0ces :: September 1, 2015 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program

More information

Project Por)olio Management

Project Por)olio Management Project Por)olio Management Important markers for IT intensive businesses Rest assured with Infolob s project management methodologies What is Project Por)olio Management? Project Por)olio Management (PPM)

More information

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems Lifting the Fog Around Cloud Computing Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems 1 Straw Poll Cloud Awareness A. To truly understand clouds one should

More information

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013 Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts October 3, 2013 Agenda 1. Introductions 2. Higher Ed Industry Trends 3. Technology Trends in Higher Ed

More information

How To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook

How To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook How To Perform a SaaS Applica7on Inventory in 5Simple Steps A Guide for Informa7on Security Professionals WHY SHOULD I READ THIS? This book will help you, the person in the organiza=on who cares deeply

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

Achieving Global Cyber Security Through Collaboration

Achieving Global Cyber Security Through Collaboration Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department November 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda

More information

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems Latest in Cloud Computing Standards Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems 1 Short Introduction CTO Security & Privacy, Hitachi Data Systems Involved

More information

Council Monitoring & Assessment Program Development

Council Monitoring & Assessment Program Development Council Monitoring & Assessment Program Development Steve Giordano & Mark Monaco, Na9onal Oceanic & Atmospheric Administra9on Greg Steyer & Mike Lee, U.S. Geological Survey Alyssa Dausman & Jessica Henkel,

More information

Introduc)on to the IoT- A methodology

Introduc)on to the IoT- A methodology 10/11/14 1 Introduc)on to the IoTA methodology Olivier SAVRY CEA LETI 10/11/14 2 IoTA Objec)ves Provide a reference model of architecture (ARM) based on Interoperability Scalability Security and Privacy

More information

Update on the Cloud Demonstration Project

Update on the Cloud Demonstration Project Update on the Cloud Demonstration Project Steven Wallace Joint Techs Summer 2011 13- July- 2011 Project Par4cipants BACKGROUND Twelve Universi,es: Caltech, Carnegie Mellon,Cornell George Mason, Indiana

More information

The Real Score of Cloud

The Real Score of Cloud The Real Score of Cloud Mayur Sahni Sr. Research Manger IDC Asia/Pacific msahni@idc.com @mayursahni Digital Transformation Changing Role of IT Innova&on Informa&on Business agility Changing role of the

More information

Data Management in the Cloud: Limitations and Opportunities. Annies Ductan

Data Management in the Cloud: Limitations and Opportunities. Annies Ductan Data Management in the Cloud: Limitations and Opportunities Annies Ductan Discussion Outline: Introduc)on Overview Vision of Cloud Compu8ng Managing Data in The Cloud Cloud Characteris8cs Data Management

More information

Chapter 3. Database Architectures and the Web Transparencies

Chapter 3. Database Architectures and the Web Transparencies Week 2: Chapter 3 Chapter 3 Database Architectures and the Web Transparencies Database Environment - Objec

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

HIPAA Breaches, Security Risk Analysis, and Audits

HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC What cons?tutes PHI? HIPAA provides a list of 18 iden?fiers that cons?tute PHI. Any one of these iden?fiers

More information

Effec%ve AX 2012 Upgrade Project Planning and Microso< Sure Step. Arbela Technologies

Effec%ve AX 2012 Upgrade Project Planning and Microso< Sure Step. Arbela Technologies Effec%ve AX 2012 Upgrade Project Planning and Microso< Sure Step Arbela Technologies Why Upgrade? What to do? How to do it? Tools and templates Agenda Sure Step 2012 Ax2012 Upgrade specific steps Checklist

More information

Mission. To provide higher technological educa5on with quality, preparing. competent professionals, with sound founda5ons in science, technology

Mission. To provide higher technological educa5on with quality, preparing. competent professionals, with sound founda5ons in science, technology Mission To provide higher technological educa5on with quality, preparing competent professionals, with sound founda5ons in science, technology and innova5on, commi

More information

Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework

Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework Steven Hunt Enterprise IT Governance Strategist NASA Ames Research Center Michael

More information

Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management. TSCP Symposium November 2013

Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management. TSCP Symposium November 2013 Using FICAM as a model for TSCP Best Prac:ces in Physical Iden:ty and Access Management TSCP Symposium November 2013 Quantum Secure s Focus on FICAM and Related Standards Complete Suite of Physical Iden:ty

More information

Computer Security Incident Handling Detec6on and Analysis

Computer Security Incident Handling Detec6on and Analysis Computer Security Incident Handling Detec6on and Analysis Jeff Roth, CISSP- ISSEP, CISA, CGEIT Senior IT Security Consultant 1 Coalfire Confiden+al Agenda 2 SECURITY INCIDENT CONTEXT TERMINOLOGY DETECTION

More information

Top Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces

Top Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces Top Practices in Health IT Compliance Data Breach & Leading Program Prac3ces Overview Introduc3on to ID Experts & Secure Digital Solu3ons Healthcare Data Breach Trends & Drivers Data Incident Management

More information

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security Mihai Voicu CIO/CSO ILS Technology LLC Topics 1 What is the role of standardization in security for M2M solutions? 2 How are TIA and other

More information

So#ware Product Lines for Automa5c Mul5- Cloud Configura5on

So#ware Product Lines for Automa5c Mul5- Cloud Configura5on So#ware Product Lines for Automa5c Mul5- Cloud Configura5on Université Lille 1 CRIStAL UMR CNRS 9189 Inria Lille - Nord Europe France Gustavo Sousa gustavo.sousa@inria.fr Encadrants: Walter Rudametkin

More information

Cloud Compu)ng: Overview & challenges. Aminata A. Garba

Cloud Compu)ng: Overview & challenges. Aminata A. Garba Cloud Compu)ng: Overview & challenges Aminata A. Garba Outline I. Introduc*on II. Virtualiza*on III. Resources Op*miza*on VI. Challenges 2 A Historical Note 1960, the idea of organizing computa)on as a

More information

Challenges emerging from future cloud applica4on scenarios

Challenges emerging from future cloud applica4on scenarios Challenges emerging from future cloud applica4on scenarios Keith Jeffery, Dimosthenis Kyriazis, George Kousiouris, Jörn Altmann, Augusto Ciuffole?, Ilias Maglogiannis, Paolo Nesi, Bojan Suzic, Zhiming

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

BPO. Accerela*ng Revenue Enhancements Through Sales Support Services

BPO. Accerela*ng Revenue Enhancements Through Sales Support Services BPO Accerela*ng Revenue Enhancements Through Sales Support Services What is BPO? Business Process Outsorcing (BPO) is the process of outsourcing specific business func6ons to a third- party service provider

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

CLINES. 05.08.15 Cluster- based Innova6on through Embedded Systems technology

CLINES. 05.08.15 Cluster- based Innova6on through Embedded Systems technology CLINES SWOT Analysis Smart Mobility 1 Smart Mobility in Bavaria Strong presence of automo>ve industry Ambi>ous research on mobility issues in Bavarian universi>es and research ins>tu>ons Prominent specializa>ons:

More information

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft)

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Working Group Dr. Michaela Iorga, NIST Senior Security Technical Lead for Cloud Computing Chair, NIST

More information

Cloud Compu?ng & Big Data in Higher Educa?on and Research: African Academic Experience

Cloud Compu?ng & Big Data in Higher Educa?on and Research: African Academic Experience 3 rd SG13 Regional Workshop for Africa on ITU- T Standardiza?on Challenges for Developing Countries Working for a Connected Africa (Livingstone, Zambia, 23-24 February 2015) Cloud Compu?ng & Big Data in

More information

2008- CEO Pawn Promotion 2004- Senior Project Manager PDC/KTH 2003- Co-founder Numeri

2008- CEO Pawn Promotion 2004- Senior Project Manager PDC/KTH 2003- Co-founder Numeri Åke Edlund, PhD 2008- CEO Pawn Promotion 2004- Senior Project Manager PDC/KTH 2003- Co-founder Numeri 2003-2004 Core Application Architect, Sony Ericsson Mobile Communications AB 2001 Solution Manager,

More information

So#ware quality assurance - introduc4on. Dr Ana Magazinius

So#ware quality assurance - introduc4on. Dr Ana Magazinius So#ware quality assurance - introduc4on Dr Ana Magazinius 1 What is quality? 2 What is a good quality car? 2 and 2 2 minutes 3 characteris4cs 3 What is quality? 4 What is quality? How good or bad something

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

A R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g

A R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g RM-C A R o a d t o y o u r C l o u d Professional Service C R M a n d C l o u d C o n s u l t i n g CRM-C Highlights! A Unique Cloud CRM Consulting service firm! Specializing in cloud CRM and Office Collaboration

More information

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value

More information

B2B Offerings. Helping businesses op2mize. Infolob s amazing b2b offerings helps your company achieve maximum produc2vity

B2B Offerings. Helping businesses op2mize. Infolob s amazing b2b offerings helps your company achieve maximum produc2vity B2B Offerings Helping businesses op2mize Infolob s amazing b2b offerings helps your company achieve maximum produc2vity What is B2B? B2B is shorthand for the sales prac4ce called business- to- business

More information

SUMMIT. November 2010

SUMMIT. November 2010 SUMMIT November 2010 Why Summit? Comprehensive Summit provides a unified approach to IT enterprise management following a prescriptive, ITIL based framework Rapid Deployment Summit is developed for and

More information

Cloud Risks and Opportunities

Cloud Risks and Opportunities Cloud Risks and Opportunities John Howie COO Cloud Security Alliance #SCCLondon About the Cloud Security Alliance Global, not- for- profit organiza;on Building security best prac;ces for next genera;on

More information

Main Research Gaps in Cyber Security

Main Research Gaps in Cyber Security Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence Index CAMINO WP2: Iden8fica8on and Analysis

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning MIS5206 Week 8 In the News Readings In Class Case Study BCP/DRP Test Taking Tip Quiz In the News Discuss items

More information

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Dr ITU-T, Chairman of Cloud Computing Working Party, SG 13 Future Networks Orange Labs Networks, Cloud & Future Networks Standard

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on

Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on Lucila Ohno-Machado, MD, PhD Division of Biomedical Informatics University of California San Diego PCORI Workshop 7/2/12

More information

Trends in Supply Chain and Network Management - 2014 AlfaSec Advisors Pte Ltd

Trends in Supply Chain and Network Management - 2014 AlfaSec Advisors Pte Ltd Trends in Supply Chain and Network Management - 2014 AlfaSec Advisors Pte Ltd SINGAPORE HONG KONG - TOKYO www.alfa- sec.com 1 Introduc;on Agent and Supply Chain Network Management is a growing focus by

More information

! Global Efforts to Secure! Cloud Computing

! Global Efforts to Secure! Cloud Computing ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Final Review Workshop. CSC phase 2, WP 3

Final Review Workshop. CSC phase 2, WP 3 Final Review Workshop. CSC phase 2, WP 3 Bernd Becker, Emmanuel Darmois, Anders Kingstedt, Olivier Le Grand, Peter Schmi>ng, Wolfgang Ziegler Brussels, October 1 st, 2015 ETSI 2015. All rights reserved

More information

Paco Hope Florence Mo ay 2012 Cigital. All Rights Reserved. SecAppDev. Define third party so ware

Paco Hope <paco@cigital.com> Florence Mo ay <fmo ay@cigital.com> 2012 Cigital. All Rights Reserved. SecAppDev. Define third party so ware Paco Hope Florence Moay 2012 Cigital. All Rights Reserved. SecAppDev 1 Objectives Define third party soware What it is, why we use it Define the risks from third

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Cloud Computing Standards: Overview and ITU-T positioning

Cloud Computing Standards: Overview and ITU-T positioning ITU Workshop on Cloud Computing (Tunis, Tunisia, 18-19 June 2012) Cloud Computing Standards: Overview and ITU-T positioning Dr France Telecom, Orange Labs Networks & Carriers / R&D Chairman ITU-T Working

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Presented by: Toby Emden Prac0ce Director Iden0ty Management and Access Governance Agenda Typical Business Drivers for

More information

IT Governance in Organizations Experiencing Decentralization. Jelena Zdravkovic

IT Governance in Organizations Experiencing Decentralization. Jelena Zdravkovic IT Governance in Organizations Experiencing Decentralization Jelena Zdravkovic Department of Computer & Systems Sciences (DSV), Stockholm University, Sweden Giannoulis About the Speaker Title: Associate

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

PROJECT PORTFOLIO SUITE

PROJECT PORTFOLIO SUITE ServiceNow So1ware Development manages Scrum or waterfall development efforts and defines the tasks required for developing and maintaining so[ware throughout the lifecycle, from incep4on to deployment.

More information

Build a HIPAA- Compliant Prac5ce. Wes Strickling, Founder & CEO

Build a HIPAA- Compliant Prac5ce. Wes Strickling, Founder & CEO Build a HIPAA- Compliant Prac5ce Wes Strickling, Founder & CEO Agenda What is HIPAA Compliance? What does it mean to your prac5ce? What should you do? Q & A What Is HIPAA Compliance? Health Insurance Portability

More information

Pu?ng B2B Research to the Legal Test

Pu?ng B2B Research to the Legal Test With the global leader in sampling and data services Pu?ng B2B Research to the Legal Test Ashlin Quirk, SSI General Counsel 2014 Survey Sampling Interna6onal 1 2014 Survey Sampling Interna6onal Se?ng the

More information

Splunk for Mobile Intelligence

Splunk for Mobile Intelligence Copyright 2014 Splunk Inc. Splunk for Mobile Intelligence Bill Emme< Director, Solu?ons Marke?ng Panos Papadopoulos Director, Product Management Disclaimer During the course of this presenta?on, we may

More information

Management and Provisioning of M2M Devices and Applications

Management and Provisioning of M2M Devices and Applications Management and Provisioning of M2M Devices and Applications Musa Unmehopa Technical Plenary Chairman, OMA Director of Standards, Alcatel-Lucent M2M devices outnumber mobile devices by an order of magnitude

More information

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Subhash Sankuratripati NetApp SNIA Legal Notice The material contained in

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity January 2016 cyberframework@nist.gov Improving Critical Infrastructure Cybersecurity It is the policy of the United States to enhance the security

More information

FTC Data Security Standard

FTC Data Security Standard FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls

More information

Contrail : Open Compu0ng Infrastructures For Elas0c Services Un approccio federa0vo alla creazione di pia=aforme Cloud affidabili

Contrail : Open Compu0ng Infrastructures For Elas0c Services Un approccio federa0vo alla creazione di pia=aforme Cloud affidabili CONSIGLIO NAZIONALE DELLE RICERCHE Massimo Coppola Contrail : Open Compu0ng Infrastructures For Elas0c Services Un approccio federa0vo alla creazione di pia=aforme Cloud affidabili 26 e 27 Maggio, 2014

More information

Balancing Usability and Security for Medical Devices

Balancing Usability and Security for Medical Devices Balancing Usability and Security for Medical Devices Ken Hoyme Adven&um Labs ken.hoyme@adven8umlabs.com Robert North, LLC bnorth@humancenteredstrategies.com March 17, 2014 3/17/2014 2014 Adven8um Labs

More information

Webinar: Having the Best of Both World- Class Customer Experience and Comprehensive Iden=ty Security

Webinar: Having the Best of Both World- Class Customer Experience and Comprehensive Iden=ty Security Webinar: Having the Best of Both World- Class Customer Experience and Comprehensive Iden=ty Security With Iden>ty Expert and UnboundID Customer Bill Bonney Today s Speakers Bill Bonney Formerly Director,

More information

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Stakeholders Mee.ng on Healthcare Financing in Kenya Health Care Financing Reforms in Kenya. Elkana Ong u* Chief Economist (MOMS) 30 th August,2012

Stakeholders Mee.ng on Healthcare Financing in Kenya Health Care Financing Reforms in Kenya. Elkana Ong u* Chief Economist (MOMS) 30 th August,2012 Stakeholders Mee.ng on Healthcare Financing in Kenya Health Care Financing Reforms in Kenya Elkana Ong u* Chief Economist (MOMS) 30 th August,2012 Presenta.on Outline Kenya health sector vision Objec.ves

More information

Migra1ng to the Cloud

Migra1ng to the Cloud Migra1ng to the Cloud Barry P. Sheward LM Fellow barry.p.sheward@lmco.com June 9, 2014 2014 Lockheed Mar1n. All Rights Reserved. 1 About this presenta/on The presenta1on will cover a brief introduc1on

More information

Session 4: Programmes: the Core of the 10YFP

Session 4: Programmes: the Core of the 10YFP Session 4: Programmes: the Core of the 10YFP * Criteria * Initial and non-exhaustive list * 5 steps model to develop programmes * Request for additional programmas * Criteria and process for new programmes

More information

The Development of Cloud Interoperability

The Development of Cloud Interoperability NSC- JST Workshop The Development of Cloud Interoperability Weicheng Huang Na7onal Center for High- performance Compu7ng Na7onal Applied Research Laboratories 1 Outline Where are we? Our experiences before

More information

Connec(ng to the NC Educa(on Cloud

Connec(ng to the NC Educa(on Cloud NC Educa)on Cloud Connec(ng to the NC Educa(on Cloud May 2012 Update! http://cloud.fi.ncsu.edu! Dave Furiness, MCNC! Phil Emer, Friday Institute! 1 First Things First Year one was about planning we are

More information

AVOIDING SILOED DATA AND SILOED DATA MANAGEMENT

AVOIDING SILOED DATA AND SILOED DATA MANAGEMENT AVOIDING SILOED DATA AND SILOED DATA MANAGEMENT Dalton Cervo Author, Consultant, Management Expert September 2015 This presenta?on contains extracts from books that are: Copyright 2011 John Wiley & Sons,

More information

Graduate Systems Engineering Programs: Report on Outcomes and Objec:ves

Graduate Systems Engineering Programs: Report on Outcomes and Objec:ves Graduate Systems Engineering Programs: Report on Outcomes and Objec:ves Alice Squires, alice.squires@stevens.edu Tim Ferris, David Olwell, Nicole Hutchison, Rick Adcock, John BrackeL, Mary VanLeer, Tom

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

Cluster on Data Protec/on, Security and Privacy in Cloud. Mee/ng of the 7th of Oct 2015 CloudForward 2015, Pisa. Erkuden Rios (TECNALIA)

Cluster on Data Protec/on, Security and Privacy in Cloud. Mee/ng of the 7th of Oct 2015 CloudForward 2015, Pisa. Erkuden Rios (TECNALIA) Cluster on Data Protec/on, Security and Privacy in Cloud Mee/ng of the 7th of Oct 2015 CloudForward 2015, Pisa. Erkuden Rios (TECNALIA) Context Increase impact of EU- funded projects on Cloud working in

More information

What s Driving Adop2on of IT Governance? ISACA North Texas Chapter. Aus2n Hu@on Hu@on Consul2ng October 11, 2012

What s Driving Adop2on of IT Governance? ISACA North Texas Chapter. Aus2n Hu@on Hu@on Consul2ng October 11, 2012 What s Driving Adop2on of IT Governance? ISACA North Texas Chapter Aus2n Hu@on Hu@on Consul2ng October 11, 2012 Learning Objec2ves Overview of the history of IT Governance The rela2onship to corporate

More information

DTCC Data Quality Survey Industry Report

DTCC Data Quality Survey Industry Report DTCC Data Quality Survey Industry Report November 2013 element 22 unlocking the power of your data Contents 1. Introduction 3 2. Approach and participants 4 3. Summary findings 5 4. Findings by topic 6

More information

ITU- T Focus Group Cloud Compu2ng

ITU- T Focus Group Cloud Compu2ng ITU- T Focus Group Cloud Compu2ng International Telecommunication Union 1 ITU-T FG Cloud Management & Structure Management team: Chairman: Victor Kutukov (Russia) Vice-Chairman: Jamil Chawki (France Telecom

More information

Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE!

Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE! Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE! Simple Showcase 2 Cloud compu1ng has been envisioned as the next- genera1on architecture

More information

Project Management Introduc1on

Project Management Introduc1on Project Management Introduc1on Session 1 Part I Introduc1on By Amal Le Collen, PMP Dr. Lauren1u Neamtu, PMP Session outline 1. PART I: Introduc1on 1. The Purpose of the PMBOK Guide 2. What is a project?

More information

PARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT.

PARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT. PARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT. PhD Student Teemu Karvonen Supervisors: Markku Oivo and Pasi Kuvaja XP2015

More information

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look

More information

InterCloud Exchange: pia5aforme neutrali di comunicazione tra sistemi di Cloud Compu:ng. Cosimo Anglano Lorenzo Benussi Andrea Casalegno Andrea Rive@

InterCloud Exchange: pia5aforme neutrali di comunicazione tra sistemi di Cloud Compu:ng. Cosimo Anglano Lorenzo Benussi Andrea Casalegno Andrea Rive@ InterCloud Exchange: pia5aforme neutrali di comunicazione tra sistemi di Cloud Compu:ng Cosimo Anglano Lorenzo Benussi Andrea Casalegno Andrea Rive@ Cloud Compu:ng: essen:al features (1) Virtualiza)on:

More information

Challenges of PM in Albania and a New. Professional Perspec8ve. Prepared by: Dritan Mezini, MBA, MPM B.S. CS

Challenges of PM in Albania and a New. Professional Perspec8ve. Prepared by: Dritan Mezini, MBA, MPM B.S. CS Challenges of PM in Albania and a New Professional Perspec8ve Prepared by: Dritan Mezini, MBA, MPM B.S. CS Table of contents Presenter s brief introduc8on General Concepts What is a project? What is Project

More information