IIA Conference. September 18, Paige Needling Director, Global Information Security Recall, Inc.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc."

Transcription

1 IIA Conference September 18, 2015 Paige Needling Director, Global Information Security Recall, Inc.

2 IT SECURITY UMBRELLA Compliance for IT Data Privacy Protection Privacy Risk Assessment Vulnerability Assessment and Management Governance Oversight IT Security Training and Awareness Application Security Cost/Benefits Analysis Policies and Standards Business Continuity Management Incident Response Management 3

3 ISO 27001: 2013 ISO 20000: 2011 IT COMPLIANCE / CERTIFICATIONS Payment Card Industry Data Security Standard (PCI DSS v3.0) SOC2 Type 1, SOC2 Type2 Cloud Security Alliance Security Trust & Assurance Registry (CSA STAR) HIPAA Internal Audit NIST / FedRamp 4

4 COMPLIANCE CHALLENGES Global, Multigenerational, Multicultural Workforce (C) Complexity of GRC Regulatory Environment (M) Increased Reliance on Third Parties (C) Breaking Down Compliance Silos (C) Security/Compliance Budget (M) Achieving and Maintaining Compliance (M) Document, Measure, Repeat, Control (Managing Compliance for the Evolving Workforce May 2015); Microsoft IT Compliance Management Guide; Wikipedia 5

5 CREATE A SECURITY-CENTRIC YET COMPLIANT CULTURE 1. STREAMLINE PROCESSES A secure and compliant culture should not be complicated, too many steps leads to confusion. 2. GAIN COMPLIANCE The law; is the law; is the law. 3. STRENGTHEN KNOWLEDGE Partner with your company s business units to ensure buy-in and understanding of the security/compliance initiatives. 4. INSTILL CULTURE Not everyone will agree with the security or compliance posture of the company. Try to understand their position. 5. EMBRACE CHANGE Change is inevitable, but misery is optional. 6. BUILD PARTNERSHIPS Partner with Security to gain funding for Compliance initiatives and remediation of gaps. 7

6 COMPLIANCE OPPORTUNITIES Improved oversight and effective governance Competitive advantage New business opportunities based on first in show status Privacy Regulation Compliance Builds trust and confidence with customers Improve ROI by integrating Compliance with the Business Move compliance and security to the front of the bus Increased management visibility of IT security/compliance can achieve efficiency gains and cost savings for the business 8

7 Components for an Effective IT Security and Compliance Alignment Partnership Audit Remediation Audit Management Effective Policy Management & Reporting Risk Management & Oversight Regulatory & Compliance Management Customer Relationship Management Vendor Oversight

8 Components for an Effective IT Security and Compliance Alignment Partnership Audit Management 1. Be clear about what is in scope and why? 2. Maintain communication between your POC and the progress of the audit 3. Take the time to meet in person and schedule a call cadence early on 4. Discuss finding early on for validation 10

9 Components for an Effective IT Security and Compliance Alignment Partnership Risk Management & Oversight 1. Ensure risks are proactively managed and communicated as part of the overall audit program. 2. Streamline the risk assessment process by customizing the common set of controls to the organization s environment. 3. Have effective remediation recommendations that are incorporated in the workflow and audit report. 11

10 Components for an Effective IT Security and Compliance Alignment Partnership Vendor Oversight 1. Have an effective solution that allows you to identify, analyze and assess risk presented by third-party vendors. 2. Test annual vendor assessments on 3rd party vendors to ensure they are in compliance with the organization Vendor Policy. 3. Gain the visibility to identify vendors that represent the greatest risk. 12

11 Components for an Effective IT Security and Compliance Alignment Partnership Customer Relationship Management 1. Perform audit as if the customer s customer is standing over your shoulder. 2. Review procedures and make suggestions on efficiencies that can be gained by these reviews. 3. Track and report on the details of the audit and write the audit report as customer facing. 13

12 Components for an Effective IT Security and Compliance Alignment Partnership Regulatory & Compliance Management 1. Have compliance regulations tied to controls and guidelines. 2. If possible, provide updates applied in real-time and reflected within the risk and audit process where applicable. 14

13 Components for an Effective IT Security and Compliance Alignment Partnership Effective Policy Management & Reporting 1. Have an effective process that allows you to review and provide feedback as needed across the enterprise. 2. Ask for the centralized repository where materials, policies, procedures, guidelines, checklists and standards are stored and maintained up front so you aren t wasting time waiting for the organization to look for them. 3. Map policies to the organization s controls for auditing. 4. Map the organization s policies to compliance regulations and security frameworks for future audit opportunities. 15

14 Components for an Effective IT Security and Compliance Alignment Partnership Audit Remediation Efforts 1. Have audit conducted and ensure the results are measured against your controls for risk scoring, have reports submitted to control owners. 2. Leverage audit experience so that you are seen as a partner. 16

15 Compliance: Don t Wait Until It s Too Late

16 RETAIN & GAIN It is far more expensive to acquire new customers than it is to retain existing ones. Partner early on with the business to gain buy-in and momentum for security and compliance projects. Be VERY clear about what they have to lose if you don t do this. Position yourself as a key player in driving the company s strategy. Show the compliance solutions and security gains early on Money, Money, Money!! - or We don t have any! Resources, Resources, Resources!!! - or We don t have any! 18

17 Don t Be The Death of The Security Professional

18 20

Paisley Enterprise GRC Audit Profile. Linda Bergs

Paisley Enterprise GRC Audit Profile. Linda Bergs Paisley Enterprise GRC Audit Profile Linda Bergs Successful Implementation Champion Buy-in Budget Technology Who We Are Paisley is an independent software vendor providing innovative solutions for governance,

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014 TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business

More information

Logically Securing a Public Cloud Service

Logically Securing a Public Cloud Service SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only

More information

Ecom Infotech. Page 1 of 6

Ecom Infotech. Page 1 of 6 Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview

More information

XBRL & GRC Future opportunities?

XBRL & GRC Future opportunities? XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

TOP 10 Security Questions Introduction Breaches and other privacy and security incidents in healthcare are on the rise due to the vast size of the industry and the oneoffs of protected health information

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart

More information

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014 Robert Brammer Senior Advisor to the Internet2 CEO rfbtech@internet2.edu Internet2 NET+ Security Assessment Forum 8 April 2014 INTERNET2 NET+ Security Initiative Primary objective -- develop guidance to

More information

Are You Ready for PCI 3.1?

Are You Ready for PCI 3.1? Are You Ready for PCI 3.1? Are You Ready for PCI 3.1? If your hotel is not PCI compliant, it should be. Every time a customer hands over their credit card, they trust your hotel to keep their information

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Protecting your brand in the cloud Transparency and trust through enhanced reporting

Protecting your brand in the cloud Transparency and trust through enhanced reporting Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business

More information

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

Building an Effective

Building an Effective Building an Effective Cloud Security Program Becky Swain Co-Founder/Chair, CSA CCM Board Member, CSA Silicon Valley Chapter Partner, EKKO Consulting Marlin Pohlman Co-Chair, CSA CCM Co-Chair/Founder, CSA

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS

More information

IBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security

IBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security IBM Internet Security Systems October 2007 FISMA Compliance A Holistic Approach to FISMA and Information Security Page 1 Contents 1 Executive Summary 1 FISMA Overview 3 Agency Challenges 4 The IBM ISS

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

INTERNAL AUDIT GRC SERIES: CHALLENGES AND SOLUTIONS TO ALIGNMENT

INTERNAL AUDIT GRC SERIES: CHALLENGES AND SOLUTIONS TO ALIGNMENT INTERNAL AUDIT GRC SERIES: CHALLENGES AND SOLUTIONS TO ALIGNMENT Internal Audit (IA) is one of many organizational groups whose mission is to assess risks, evaluate controls, raise issues and improve processes.

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

Defending the Database Techniques and best practices

Defending the Database Techniques and best practices ISACA Houston: Grounding Security & Compliance Where The Data Lives Mark R. Trinidad Product Manager mtrinidad@appsecinc.com March 19, 2009 Agenda Understanding the Risk Changing threat landscape The target

More information

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer

More information

What can HITRUST do for me?

What can HITRUST do for me? What can HITRUST do for me? Dr. Bryan Cline CISO & VP, CSF Development & Implementation Bryan.Cline@HITRUSTalliance.net Jason Taule Chief Security & Privacy Officer Jason.Taule@FEIsystems.com Introduction

More information

GRC Stack Research Sponsorship

GRC Stack Research Sponsorship GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary

More information

Cloud Computing Security Audit

Cloud Computing Security Audit Cloud Computing Security Audit Teddy Sukardi tedsuka@indo.net.id Indonesia IT Consultant Association IKTII Chairman Agenda The data center and the cloud Concerns with cloud implementation The role of cloud

More information

HIPAA and HITRUST - FAQ

HIPAA and HITRUST - FAQ A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are

More information

Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability

Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability A Custom Technology Adoption Profile Commissioned By BitSight Technologies Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability Introduction As concerns around

More information

State of Information Security

State of Information Security State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page

More information

Taking the pain out of Risk and Compliance Management Systems. Presented by Andrew Batten 23 April 2015

Taking the pain out of Risk and Compliance Management Systems. Presented by Andrew Batten 23 April 2015 Taking the pain out of Risk and Compliance Management Systems Presented by Andrew Batten 23 April 2015 Operational Improvement Technology Solutions Providing consultancy services Gap assessments Food standard

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Open Certification Framework. Vision Statement

Open Certification Framework. Vision Statement Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

PCI DSS READINESS AND RESPONSE

PCI DSS READINESS AND RESPONSE PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and

More information

Obtaining CSF Certification Lessons Learned and Why Do It

Obtaining CSF Certification Lessons Learned and Why Do It Obtaining CSF Certification Lessons Learned and Why Do It Aaron Miri, Chief Technology Officer, Children s medical Center of Dallas Ryan Sawyer, Director, Technology Risk and Identity Governance, WellPoint

More information

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Cloud and Regulations: A match made in heaven, or the worst blind date ever? Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing

More information

Cloud Collaboration Study: Benefits of a secure & easy to use collaboration platform

Cloud Collaboration Study: Benefits of a secure & easy to use collaboration platform Cloud Collaboration Study: Benefits of a secure & easy to use collaboration platform Marcia Kaufman, COO and Principal Analyst Daniel Kirsch Senior Analyst Introduction Collaboration between employees,

More information

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance

More information

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust

More information

ISE Northeast Executive Forum and Awards

ISE Northeast Executive Forum and Awards ISE Northeast Executive Forum and Awards October 3, 2013 Company Name: Project Name: Presenter: Presenter Title: University of Massachusetts Embracing a Security First Approach Larry Wilson Chief Information

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

igrc: Intelligent Governance, Risk, and Compliance White Paper

igrc: Intelligent Governance, Risk, and Compliance White Paper igrc: Intelligent Governance, Risk, and Compliance White Paper 2013 2013 Edgile, Inc. All Rights Reserved Executive Overview This whitepaper discusses the business needs addressed by Edgile s igrc solution,

More information

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Cloud Security Alliance, 2015 Agenda Charter /Members What is Data Governance Data

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

Our Commitment to Information Security

Our Commitment to Information Security Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Whitepaper: 7 Steps to Developing a Cloud Security Plan Whitepaper: 7 Steps to Developing a Cloud Security Plan Executive Summary: 7 Steps to Developing a Cloud Security Plan Designing and implementing an enterprise security plan can be a daunting task for

More information

NEC Managed Security Services

NEC Managed Security Services NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is

More information

! Global Efforts to Secure! Cloud Computing

! Global Efforts to Secure! Cloud Computing ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

The Power of Risk, Compliance & Security Management in SAP S/4HANA

The Power of Risk, Compliance & Security Management in SAP S/4HANA The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution

More information

Cloud security with Sage Construction Anywhere

Cloud security with Sage Construction Anywhere Cloud security with Sage Construction Anywhere Table of Contents Cloud computing s advantage for construction companies... 3 Security concerns... 3 The Sage commitment to security... 4 Sage application

More information

Harness Enterprise Risks With Oracle Governance, Risk and Compliance

Harness Enterprise Risks With Oracle Governance, Risk and Compliance Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming

More information

Cyber Governance Preparing for the Inevitable Perimeter Breach

Cyber Governance Preparing for the Inevitable Perimeter Breach SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity

More information

Information Technology Risk Management (ITRM) Program

Information Technology Risk Management (ITRM) Program Information Technology Risk Management (ITRM) Program NOMINATING CATEGORY: RISK MANAGEMENT INITIATIVES NOMINATOR: TERESA A. SHUCHART DEPARTMENT OF PUBLIC WELFARE (DPW) COMMONWEALTH OF PENNSYLVANIA 1006

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS

More information

Avoiding the Top 5 Vulnerability Management Mistakes

Avoiding the Top 5 Vulnerability Management Mistakes WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability

More information

AWS Worldwide Public Sector

AWS Worldwide Public Sector 15 Minute Introduction to AWS and Q&A April 2015 Mark Fox Sr. Manager DoD Sales I love/hate relationship with the term cloud Now the IT norm Commercial Cloud should not be scary nor considered less secure

More information

Regulatory Compliance Management for Energy and Utilities

Regulatory Compliance Management for Energy and Utilities Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable

More information

Business Opportunity Enablement through Information Security Compliance

Business Opportunity Enablement through Information Security Compliance Level 3, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 Business Opportunity Enablement through Information Security Compliance Page No.1 Business Opportunity Enablement

More information

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS Nick Harrahill PayPal Global Security Operations AGENDA Inception of an engagement The legal agreement Assessing the risk Customer call

More information

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments. Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?

More information

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements

More information

Well-Documented Controls Reduce Risk and Support Compliance Initiatives

Well-Documented Controls Reduce Risk and Support Compliance Initiatives White Paper Risks Associated with Missing Documentation for Health Care Providers Well-Documented Controls Reduce Risk and Support Compliance Initiatives www.solutionary.com (866) 333-2133 Many Health

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

Consolidated Audit Program (CAP) A multi-compliance approach

Consolidated Audit Program (CAP) A multi-compliance approach Consolidated Audit Program (CAP) A multi-compliance approach ISSA CONFERENCE Carlos Pelaez, Director, Coalfire May 14, 2015 About Coalfire We help our clients recognize and control cybersecurity risk,

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

How to Define SIEM Strategy, Management and Success in the Enterprise

How to Define SIEM Strategy, Management and Success in the Enterprise How to Define SIEM Strategy, Management and Success in the Enterprise Security information and event management (SIEM) projects continue to challenge enterprises. The editors at SearchSecurity.com have

More information

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors 1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance

More information

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification is a unique new certification which

More information

Security in the Cloud

Security in the Cloud Security in the Cloud Visibility & Control of your Cloud Service Provider Murray Goldschmidt, Pierre Tagle, Ph.D. April 2012 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney

More information

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related

More information

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification differentiates you from your competition.

More information

Functional and technical specifications. Background

Functional and technical specifications. Background Functional and technical specifications Background In terms of the Public Audit Act, 2004 (Act No. 25 of 2004) (PAA), the deputy auditor-general (DAG) is responsible for maintaining an effective, efficient

More information

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

Cloud Security Benchmark Webinar. January 7, 2015 11:00 AM ET

Cloud Security Benchmark Webinar. January 7, 2015 11:00 AM ET Cloud Security Benchmark Webinar Top 10 Cloud Service Providers: Q4 2014 January 7, 2015 11:00 AM ET Disclaimer NO WARRANTY. CloudeAssurance makes this presentahon available AS- IS, and makes no warranty

More information

Building Trust in Global Cloud Computing Systems

Building Trust in Global Cloud Computing Systems Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and

More information

Comparing the CSF, ISO/IEC and NIST SP Why Choosing the CSF is the Best Choice

Comparing the CSF, ISO/IEC and NIST SP Why Choosing the CSF is the Best Choice Comparing the CSF, ISO/IEC 27001 and NIST SP 800-53 Why Choosing the CSF is the Best Choice June 2014 Why Choosing the CSF is the Best Choice Introduction Many healthcare organizations realize it is in

More information

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives. Security solutions To support your business objectives Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives. For an On Demand Business, security

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Cloud Security Certification

Cloud Security Certification Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

PCI DSS. Payment Card Industry Data Security Standard. www.tuv.com/id

PCI DSS. Payment Card Industry Data Security Standard. www.tuv.com/id PCI DSS Payment Card Industry Data Security Standard www.tuv.com/id What Is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is the common security standard of all major credit cards brands.the

More information

WHITE PAPER. Creating your Intranet Checklist

WHITE PAPER. Creating your Intranet Checklist WHITE PAPER Creating your Intranet Checklist About this guide It can be overwhelming to run and manage an Intranet project. As a provider of Intranet software and services to small, medium and large organizations,

More information