Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division. U.S. Department of Agriculture
|
|
- Griselda Hall
- 8 years ago
- Views:
Transcription
1 Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division Benjamin Young, Assistant General Counsel U.S. Department of Agriculture 1
2 Disclaimer The views expressed in this presentation are solely those of the panel members and do not necessarily reflect those of the US U.S. Department of Justice, the Department of Agriculture, or any component thereof.
3 Overview E Discovery Challenges in the Cloud Advantages of the Cloud Minimizing Litigation Risk and Cost Cloud E Discovery IT Issues Practical Suggestions 3
4 What is Cloud Computing? NIST Definition Cloudcomputing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of fiveessentialessential characteristics, three servicemodels models, and four deployment models. Source: NIST, Definition of Cloud Computing, Draft version 15, computing/index.html Laymen's Definition Cloud is essentially utility computing Automated services (no humans needed for change in services) Services are consumed as used ( pay per drink ) Enabled via the internet (accessible anywhere) Elasticity in amount of services consumed (rapid provisioning and deii i Transition from capital expenses to operating provisioning) expense 4
5 Federal Timeline for Cloud Cloud First 25 Point Plan to Reform Federal IT FedRAMP Policy Memo December 9, 2010 December 8, 2011 Federal Cloud Computing Strategy February 8, 2011 Creating Effective Cloud Computing Contracts February 24,
6 Cloud: 25 Point tplan to Reform Rf IT Cloud First Policy Point 3 of the White House s 25 Point Plan to Reform Federal IT Requires agencies to evaluate safe, secure cloud options before making any new investments. This means agencies should evaluate their technology sourcing plans to include cloud solutions as part of the budget process. Three Cloud Projects by June 9, 2012 Cloud First mandates agencies move three projects to the cloud At least 1 project had to move to the cloud by December 9, 2011; 2 additional must move by June 9,
7 Cloud and E Discovery 7
8 Cloud E Discovery Challenges Data volume in the cloud may be overwhelming 1TB of data can cost <$100 to store but >$1million in litigation costs Cloud type impacts strategy Comingling of data (private vs. public cloud) Actual data location complicates E Discovery efforts Collection from multiple sources Outsourcing by the cloud provider Transfer of data issues (i.e. cross borders) 8
9 Cloud E Discovery Challenges Further challenges Implementing litigation holds Incurring the cost of identifying relevant data Determining i the collection method for relevant data Accessing the data Locating the original custodian of the data Production of data 9
10 Advantages of E Discovery in the Cloud Centralized litigation hold capabilities Stream line search and production Technology upgrades and access Efficiency of process Decreased response time 10
11 Minimizing Litigation Risks & Costs Proactive (pre litigation) steps Evaluate Type of cloud needed (e.g. private vs. public) Type of data to be stored or service needed Security and Privacy considerations Cloud provider contract language Use the White Paper: Cloud Computing and the Federal Government: Effectively Acquiring IT as a Service Include mechanism to ensure compliance (e.g. audit rights, certifications) Address subcontracting of cloud services For example, who providing E Discovery tools and support 11
12 Minimizing Litigation Risks & Costs Proactive (pre litigation) steps Document Retention Policy Data volume control Whose policy rules True data destruction Jurisdictional concerns Cross borders issues NARA considerations 12
13 Minimizing Litigation Risks & Costs Legal and IT dialogue on cloud service selection is crucial. Legal will have to defend d use IT will have to implement and support Understand the end to end costs of storage, access, and litigation 13
14 Minimizing Litigation Risks & Costs Reactive (once litigation exists) steps Identify relevant data in the cloud Act quickly to preserve data Work with IT & specialists to understand burdens 14
15 Minimizing Litigation Risks & Costs Reactive (once litigation exists) steps Negotiate and limit cloud data discovery early in litigationi i Educate court, opposing party, litigators, etc. about cloud and related burdens Ensure data security when collecting from cloud Understand how the cloud services are managed and executed Who are the key holders? Ask for help from IT and Legal 15
16 Cloud E Discovery IT Issues How will I manage content in the cloud? Cloud vendors offer two options Use cloud vendors product Send a copy to an archive 16
17 Cloud E Discovery IT Issues Manage content Business Functions E Discovery FOIA Electronic Records Management Privacy Etc. IT Functions Preserve Dispose Find Produce 17
18 Cloud E Discovery IT Issues Challenges with archival Data is dynamic, therefore, metadata is dynamic Encrypted data Data transmission and synchronization Management of legacy data and equipment 18
19 Cloud E Discovery IT Issues Challenges with archival Why first Many agencies have targeted as primary cloud implementation is most challenging content type Most E Discovery cases involve 19
20 Lessons from USDA Prior state over a dozen systems, no archive capability, no cross search search capability, no on demand preservation capability. Retrieval of took weeks. Security issues with multiple systems. Solution Cloud based system with separate repository to journal all for all users (120,000+) and a preservation, search, and retrieval component 20
21 Lessons from USDA Issues Keys to the kingdom who has access and who manages the preservation and search function? Retention period longer the period > costs, shorter less likely to capture known unknown triggers Training combining preservation and collection steps into one Chain of custody Need to have a protocol for requests and access Processing platform build on it or handle separately Legacy what to do with it and keeping track of it? User control to download and save defeats purpose of not having to search all machines Processing build platform on top or simply export to process separately? 21
22 Lessons from USDA End Result NIRVANA!! (or close to it) What took weeks now takes hours 22
23 Cloud Procurement White Paper Overview Top 10 areas Federal agencies need to address when procuring cloud Gives description of issues along with ways to address issues within contracts Provides tactical guidance through a questionnaire checklist 23
24 Partnership of IT, Acquisition, Legal Toda Today, the CIO Council, CAO Council, and Federal Cloud Compliance Committee released: Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service. This guide enables Federal agencies to make smarter, more informed cloud purchasing decisions i by utilizing i lessons learned and best practices of early adopters moving us to a more efficient and more effective government. Steven VanRoekel U.S. Chief Information Officer, OMB February 24,
25 Two Tier Approachto Creating Guidance. Development of White Paper Eiti Existing Cloud Contracts t FC3 Guidance Develop lessons learned from early adopters Informal data call through OMB to collect ~15 existing Federal cloud contracts Review of contracts to see variance of contract terms, establish baseline and identify themes Interview project managers and contracting officers of each contract: What worked What doesn t work How various issues were addressed Guidance Developed by Federal Cloud Compliance Committee (FC3) Informal interagency group comprised of Federal Attorneys, procurements officials, i and cloud SMEs. Mission: create tactical guidance to proactively assist agencies when contracting cloud Created four working groups: Security Privacy E Discovery Records Management/FOIA 25
26 Goals of White Paper Cloud Computing and the Federal Government: Effectively Acquiring IT as a Service Merge the Cloud First mandate and the visionary Cloud Computing Strategy The next step in government s move to cloud with specific guidance in effectively buying cloud services Provide guidance to agencies in developing requirements for a cloud computing contract. Highlight top ten areas for Federal agencies to address in cloud contracts Help shape the way that cloud computing services are purchased and consumed Establish common practices for the Federal government to take advantage of its position as the largest purchaser of IT 26
27 Top 10 Focus Areas 1) 2) Selecting a Cloud Service CSP and End User Agreements 3) Service Level Agreements (SLAs) 4) CSP, Agency, and Integrator Roles and Responsibilities 5) Standards 6) Security 7) Privacy 8) E Discovery 9) Freedom of Information Act (FOIA) 10) E Records 27
28 Selecting a Cloud, End User Agreements ONE Selecting a Cloud Service Agencies must choose the appropriate cloud to meet their needs Determine the appropriate service model dl to meet user needs Determine the appropriate p deployment model that meets data protection needs TWO CSP & End User Agreements Terms of Service Agreements (TOS) need to be negotiated TOS must be compliant with Federal laws and statutes Need to ensure NDA enforceability End User Agreements need to be integrated fully into cloud contracts 28
29 SLAs and CSP, Agency, Integrator t Rs & Rs THREE Service Level Agreements SLAs should clearly define CSP performance standards Need clear terms and dfiii definitions Need to determine how CSP performance will be measured Needs to establish enforcement mechanisms for SLA compliance FOUR CSP, Agency, & Integrator Roles and Responsibilities Establishes a contract with (at least) three parties Determine integrator role with CSP Need to clearly define the roles and responsibilities of all actors to ensure effectiveness of the cloud contract 29
30 Standards and Security FIVE Standards Agencies should ensure CSPs align with government standards Map services to NIST Rf Reference Architecture Ensure government participation p in standards creation Compliance with Internet Protocol version 6 SIX Security FedRAMP Compliance Clearly defined requirements Continuous monitoring activities iti Incident response to attacks and vulnerabilities Key escrow/encryption Forensic capabilities Multi factor authentication with HSPD 12 Audit capabilities 30
31 Privacy and E Discovery SEVEN Privacy Ensure compliance with the Privacy Act of 1974 and PII requirements Privacy Impact Assessments Adequate privacy training i Clearly defined data location requirements How to respond to a breach where privacy data was compromised EIGHT E Discovery Provide information management in the cloud Ability to locate relevant documents Ability to preserve data in a cloud environment Moving documents through the e discovery process Cost avoidance by inclusion of tools with CSP solution 31
32 FOIA and Federal Recordkeeping NINE FOIA Access Ability to conduct a reasonable search to meet Freedom of Information Act (FOIA) obligations Ensure the processing of information is pursuant to FOIA requirements Allow for the tracking and reporting of information pursuant to FOIA TEN Federal Recordkeeping Agencies should have proactive records planning before using a cloud service Ensure the ability to have timely and actual destruction of records in accordance with mandated records schedules How to deal with permanent records Process for transitioning to a new CSP 32
33 Appendix A: Questionnaire Overview Translates the paper to tactical questions to ask when reviewing i or creating a cloud contract Maps to the ten areas of focus within the paper Tactical approach for Agencies to use 33
34 White Paper: Key Takeaway Tk All necessary stakeholders s should dbe included when creating cloud computing contracts. OCIO OGC Privacy Records E Discovery FOIA Acquisition staff This will enable Federal agencies to more effectively procure and manage IT as a service 34
35 Cloud Resources CIO Council Federal Cloud Computing Initiative FedRAMP NIST NARA mgmt/bulletins/2010/ html 35
36 Questions? Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division Benjamin Young, Assistant General Counsel U.S. Department of Agriculture 36
Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service
Cloud Computing Best Practices Cloud Computing Best Practices Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service Overview Cloud Computing
More informationAllison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division
Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Jason R. Baron Director of Litigation National Archives and Records Administration 1 Overview Cloud Computing Defined
More informationEPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017
EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017 Collection and Retention Procedures for Electronically Stored Information (ESI)
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationCreating Effective Cloud Computing Contracts for the Federal Government
Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service A joint publication of the In coordination with the Federal Cloud Compliance Committee
More informationThe Cloud Seen from the U.S.A.
The Cloud Seen from the U.S.A. Stephen R. Bell, Counselor to the U.S. Coordinator, International Communications and Information Policy, U.S. Department of State OUTLINE Commercial drivers of Cloud services
More informationAudit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services
O F F I C E O F IN S P E C TO R GENERAL Audit Report 2014-IT-C-016 Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services September 30, 2014 B O A R D O F G O V E R
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationManagement of Cloud Computing Contracts and Environment
Management of Cloud Computing Contracts and Environment Audit Report Report Number IT-AR-14-009 September 4, 2014 Cloud computing contracts did not comply with Postal Service standards. Background The
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationPreservation of Separated Personnel s Electronically Stored Information Subject to Litigation Holds
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated July 07, 2005 Preservation of Separated Personnel s Electronically Stored Information Subject to Litigation Holds The United
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationReal World Strategies for Migrating and Decommissioning Legacy Applications
Real World Strategies for Migrating and Decommissioning Legacy Applications Final Draft 2014 Sponsored by: Copyright 2014 Contoural, Inc. Introduction Historically, companies have invested millions of
More informationOffice of Inspector General Audit Report
Office of Inspector General Audit Report DOT LACKS AN EFFECTIVE PROCESS FOR ITS TRANSITION TO CLOUD COMPUTING Department of Transportation Report Number: FI-2015-047 Date Issued: June 16, 2015 U.S. Department
More informationTHIS WEBCAST WILL BEGIN SHORTLY
If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: webcast@acc.com Thank You! THIS WEBCAST WILL BEGIN SHORTLY Cloud-Based vs. On-Premise ediscovery
More informationCloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.
Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationBreaking Down the Silos: A 21st Century Approach to Information Governance. May 2015
Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information
More informationStatus of Cloud Computing Environments within OPM (Report No. 4A-CI-00-14-028)
MEMORANDUM FOR KATHERINE ARCHULETA Director FROM: SUBJECT: PATRICK E. McFARLAND Inspector General Status of Cloud Computing Environments within OPM (Report No. 4A-CI-00-14-028) The purpose of this memorandum
More informationDepartment of Veterans Affairs VA Directive 6311 VA E-DISCOVERY
Department of Veterans Affairs VA Directive 6311 Washington, DC 20420 Transmittal Sheet June 15, 2012 VA E-DISCOVERY 1. REASON FOR ISSUE: To establish policy concerning the care and handling of documents
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationCloud Computing: Implications and Guidelines for Records Management in Kentucky State Government
Cloud Computing: Implications and Guidelines for Records Management in Kentucky State Government (Version 1.0 August 2012) Many information technology (IT) departments and resource allocators are considering
More informationThe Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative
The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative September 2014 Council of the Inspectors General on Integrity and Efficiency Cloud Computing Initiative Executive
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationHow To Use Cloud Computing For Federal Agencies
Cloud Computing Briefing Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov Cloud Computing Basics Style of computing Cloud Computing: What Does it Mean? Close public/private sector
More informationB. Preservation is not limited to simply avoiding affirmative acts of destruction because day-to-day operations routinely alter or destroy evidence.
This is a sample approach to developing a sound document collection process, referenced at Section II(7)(vi) of the Guidelines on Best Practices for Litigating Cases Before the Court of Chancery. It should
More informationNARA s Capstone Email Management Implementation: Technical Perspective
NARA s Capstone Email Management Implementation: Technical Perspective Susan J. Sullivan, CRM Director Corporate Records Management February, 2014 NARA Corporate Records Management Overview How procured
More informationCloud Computing Contract Clauses
Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security
More informationGuide to Information Governance: A Holistic Approach
E-PAPER DECEMBER 2014 Guide to Information Governance: A Holistic Approach A comprehensive strategy allows agencies to create more reliable processes for ediscovery, increase stakeholder collaboration,
More informationInteragency Science Working Group. National Archives and Records Administration
Interagency Science Working Group 1 National Archives and Records Administration Establishing Trustworthy Digital Repositories: A Discussion Guide Based on the ISO Open Archival Information System (OAIS)
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationBPA Policy 236-1 Information Governance & Lifecycle Management
B O N N E V I L L E P O W E R A D M I N I S T R A T I O N BPA Policy 236-1 Table of Contents 236-1.1 Purpose & Background... 2 236-1.2 Policy Owner... 2 236-1.3 Applicability... 2 236-1.4 Terms & Definitions...
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Online File Storage BACKGROUND Online file storage services offer powerful and convenient methods to share files among collaborators, various computers, and mobile
More informationPROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT SYSTEM
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 PROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT
More informationNightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services
EnCase Enterprise/ ediscovery Strategic Consulting EnCase customers now have a trusted expert advisor to meet their discovery goals. NightOwl Discovery offers complete support for the EnCase Enterprise
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationRetention & Disposition in the Cloud Do you really have control?
InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October
More informationADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0
ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright
More informationHow To Manage Cloud Computing In The United States Of American Agriculture
United States Department of Agriculture Office of Inspector General USDA s Implementation of Cloud Computing Services Audit Report 50501-0005-12 What Were OIG s Objectives Our objective was to evaluate
More informationSeptember 15, 2014 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES AND INDEPENDENT AGENCIES
, 0.. EXECUTIVE OFFICE OF THE PRESIDENT \ OFFICE OF MANAGEMENT AND BUDGET :t WASHINGTON, D.C. 20503 IIIIIII NATIONAL ARCHIVES AND RECORDS ADM INISTRATION WASHINGTON, D.C. 20408 September 15, 2014 '.~ ~...,,.
More informationCloud Computing. Report No. OIG-AMR-74-14-03. UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General.
UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General Cloud Computing Report No. OIG-AMR-74-14-03 October 21, 2014 CONTENTS EXECUTIVE SUMMARY... 1 BACKGROUND... 2 OBJECTIVE,
More informationHow To Write A Request For Information (Rfi)
Request for Information No. 15-200-ACCO Litigation Hold & ediscovery Tool Posting Date: November 14, 2014 Event Timeline: This Request for Information (RFI) is issued by Washington State Department of
More informationInformation Governance
Information Governance The New Records Management Rudy Moliere Director, Information Goverance & Records Management Terrence J. Coan, CRM Senior Director Information Management Practice Agenda Introductions
More informationProactive Data Management for ediscovery
Proactive Data Management for ediscovery Simon Taylor Snr. Director Information Management CommVault Systems Inc. Why ediscovery sucks for IT The US Federal Rules of Civil Procedure Rule 34(a), (b) Definition
More informationTERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL
TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,
More informationGuideline 1. Cloud Computing Decision Making. Public Record Office Victoria Cloud Computing Policy. Version Number: 1.0. Issue Date: 26/06/2013
Public Record Office Victoria Cloud Computing Policy Guideline 1 Cloud Computing Decision Making Version Number: 1.0 Issue Date: 26/06/2013 Expiry Date: 26/06/2018 State of Victoria 2013 Version 1.0 Table
More informationLegal Issues of Forensics in the Cloud
Legal Issues of Forensics in the Cloud About Me Owner, Titan Info Security Group, LLC A Risk Management and Cyber Security Law Firm Partner, OnlineIntell, LLC Protecting online brands and reputation while
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationWritten Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications
Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee
More informationPrivacy Impact Assessment
MAY 24, 2012 Privacy Impact Assessment matters management system Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov DOCUMENT
More informationPrivacy Impact Assessment
Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief
More informationDirector, Value Engineering
Director, Value Engineering April 25 th, 2012 Copyright OpenText Corporation. All rights reserved. This publication represents proprietary, confidential information pertaining to OpenText product, software
More informationCloud Computing Questions to Ask
Cloud Computing Questions to Ask Pursuant to the Federal Cloud Computing Strategy 1 and the Cloud First policy, agencies are required to evaluate safe, secure cloud computing options before making any
More informationUnited States Department of the Interior
United States Department of the Interior NATIONAL PARK SERVICE 1849 C Street, N.W. Washington, D.C. 20240 DIRECTOR'S ORDER #lld: RECORDS AND ELECTRONIC INFORMATION MANAGEMENT Effective Date: \ Duration:
More informationDigital Government Institute March 19, 2015
Digital Government Institute March 19, 2015 Government Challenges and Lessons from ediscovery Panelists Susan Taylor ALS IT Director, PAE Labat Susan Taylor brings critical analytical skills honed over
More information102 ediscovery Shakedown: Lowering your Risk. Kindred Healthcare
102 ediscovery Shakedown: Lowering your Risk Long-Term Care Session HCCA Compliance Institute April 27, 2009 Las Vegas, Nevada Presented by: Diane Kissel, Manager IS Risk & Compliance Kindred Healthcare,
More informationNavigating Information Governance and ediscovery
Navigating Information Governance and ediscovery Implementing Processes & Technology to Reduce Downstream ediscovery Cost and Risk Shannon Smith General Counsel, Globanet March 11 12, 2013 Agenda 1 Overview
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationE-Discovery and Data Management. Managing Litigation in the Digital Age. Attorney Advertising
E-Discovery and Data Management Managing Litigation in the Digital Age Attorney Advertising Every day, 12 billion corporate e-mails are created. That number doubles annually. Litigation success starts
More informationInformation Management Advice 18 - Managing records in business systems Part 1: Checklist for decommissioning business systems
Information Management Advice 18 - Managing records in business systems Part 1: Checklist for decommissioning business systems Introduction Agencies have systems which hold business information, such as
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationTop 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationIncident Management & Forensics Working Group. Charter
Incident Management & Forensics Working Group Charter February 2013 2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print,
More informationPrivacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies. Privacy Committee Web 2.0/Cloud Computing Subcommittee
Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies Privacy Committee Web 2.0/Cloud Computing Subcommittee August 2010 Introduction Good privacy practices are a key
More informationStorage Clouds. Enterprise Architecture and the Cloud. Author and Presenter: Marty Stogsdill, Oracle
Deploying PRESENTATION Public, TITLE Private, GOES HERE and Hybrid Storage Clouds Enterprise Architecture and the Cloud Author and Presenter: Marty Stogsdill, Oracle SNIA Legal Notice The material contained
More informationAUDIT REPORT. The Department of Energy's Management of Cloud Computing Activities
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Management of Cloud Computing Activities DOE/IG-0918 September 2014 Department
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance
United States Government Accountability Office Report to Congressional Requesters April 2016 CLOUD COMPUTING Agencies Need to Incorporate Key Practices to Ensure Effective Performance GAO-16-325 April
More informationGAO INFORMATION TECHNOLOGY REFORM. Progress Made but Future Cloud Computing Efforts Should be Better Planned
GAO July 2012 United States Government Accountability Office Report to the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee
More informationLegal Hold Management Within a Law Department - ILTA 08
Legal Hold Management Within a Law Department - ILTA 08 Liz Schimmel, Discovery Manager Woods Abbott, Senior Manager, Legal Operations Introductions Liz Schimmel, Discovery Manager, Halliburton Prior to
More informationCisco Cloud Assessments. Justin Tang
Cisco Cloud Assessments Justin Tang Cisco Landscape Evolution of Cloud Assessments Performing Cloud Assessments Challenges 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Definition:
More informationFrom Information Management to Information Governance: The New Paradigm
From Information Management to Information Governance: The New Paradigm By: Laurie Fischer Overview The explosive growth of information presents management challenges to every organization today. Retaining
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationSECURITY THREATS TO CLOUD COMPUTING
IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 2, Issue 3, Mar 2014, 101-106 Impact Journals SECURITY THREATS TO CLOUD
More informationNAVIGATING THE MAZE. 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona. 2013 CIO Roundtable Retreat
NAVIGATING THE MAZE 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona Information Governance Define your Process and Framework Agenda Information Governance Defined
More informationFederal Cloud Computing Initiative Overview
Federal Cloud Computing Initiative Overview Program Status To support the Federal Cloud Computing Direction and Deployment Approach, the ITI Line of Business PMO has been refocused as the Cloud Computing
More informationIntegration of E-Discovery and FOIA
Integration of E-Discovery and FOIA April 4, 2013 Tom Kennedy Director, Symantec Archiving and E-Discovery Team Digital Government Institute s E-Discovery, Records & Information Management Conference,
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations
More information3 "C" Words You Need to Know: Custody - Control - Cloud
3 "C" Words You Need to Know: Custody - Control - Cloud James Christiansen Chief Information Security Officer Evantix, Inc. Bradley Schaufenbuel Director of Information Security Midland States Bank Session
More informationAddressing Legal Discovery & Compliance Requirements
Addressing Legal Discovery & Compliance Requirements A Comparison of and Archiving In today s digital landscape, the legal, regulatory and business requirements for email archiving continue to grow in
More informationEMC PERSPECTIVE EMC SourceOne Email Management
EMC PERSPECTIVE EMC SourceOne Email Management Competitive Advantages Foreword This document provides an overview of the competitive advantages of EMC SourceOne Email Management, part of a family of next-generation
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationElectronic Data What Does it Include, its Retention and Disclosure
Electronic Data What Does it Include, its Retention and Disclosure Electronic Data What Does it Include, its Retention and Disclosure MML Legal Track Wednesday, September 19, 2007 Karrie Zeits, City Attorney,
More informationOFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery. ZL TECHNOLOGIES White Paper
ZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery ZL TECHNOLOGIES White Paper PAGE 1 A project manager s guide to e-discovery In civil litigation, the parties in a dispute are required to provide
More informationTransition Guidelines: Managing legacy data and information. November 2013 v.1.0
Transition Guidelines: Managing legacy data and information November 2013 v.1.0 Document Control Document history Date Version No. Description Author October 2013 November 2013 0.1 Draft Department of
More informationHow the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )
The Electronic Discovery Reference Model (EDRM) How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP ) December 2011
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationFederal Trade Commission Privacy Impact Assessment
Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
More informationinto HIPAA Ian Campbell and The information a service to Short Act, HIPAA "Administrative use to host contract with an Documentation regulations.
7 Things all Law Firms (and their IT staff) ) need to know about HIPAA Ian Campbell and Gavin W. Manes, Ph.D. The information contained herein is for informational purposes only as the public, and is not
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationThe Future of Information
Place image here The Future of Information Management Bill Tolson Iron Mountain In the face of an ongoing electronic information explosion, information management becomes an imperative. Organizations need
More informationCapstone for Records Management
Capstone for Records Management Patrick Bland, Esq. ediscovery & Information Governance Specialist DLT Solutions Capstone for Records Management 1 DLT Solutions Company Background Provider of best of breed
More informationDigital Security. Dr. Gavin W. Manes, Chief Executive Officer
Dr. Gavin W. Manes, Chief Executive Officer About Us Avansic E-discovery and digital forensics company founded in 2004 by Dr. Gavin W. Manes, former Computer Science professor Scientific approach to ESI
More information