Cloud Risks and Opportunities
|
|
- Dorthy Roberts
- 8 years ago
- Views:
Transcription
1 Cloud Risks and Opportunities John Howie COO Cloud Security Alliance #SCCLondon
2 About the Cloud Security Alliance Global, not- for- profit organiza;on Building security best prac;ces for next genera;on IT Research and Educa;onal Programs Cloud Provider Cer;fica;on User Cer;fica;on Awareness and Marke;ng The globally authorita;ve source for Trust in the Cloud To promote the use of best prac1ces for providing security assurance within Cloud Compu1ng, and provide educa1on on the uses of Cloud Compu1ng to help secure all other forms of compu1ng.
3 CSA Fast Facts Founded in 2009 Membership stats 48,000 individual members, 66 chapters globally 170+ corporate members Major cloud providers, tech companies, infosec leaders, governments, financial ins;tu;ons, retail, healthcare and more Offices in SeaWle USA, Singapore, Greece Over 30 research projects in 25 working groups Strategic partnerships with governments, research ins;tu;ons, professional associa;ons and industry
4 Growing to serve the Industry 2009 CSA launch at RSA 2009 with Security Guidance for Cri;cal Areas of Focus in Cloud Compu;ng 6,000 members 2010 Launch Cer;ficate of Cloud Security Knowledge (CCSK) 15,000 members 2011 Launch CSA Security, Trust and Assurance Registry (STAR) 27,000 members 2012 Launch CSA Mobile and Big Data research to address emerging needs 42,000 members 50,000 40,000 30,000 20,000 10,000 0 Membership Growth Nort h Amer ica
5
6 Cloud Actors
7 CLOUD CONSUMER
8 About the Notorious Nine The Notorious Nine can be downloaded here Top Threats WG formed in 2009 to engage experts and the broader community to iden;fy top security threats for Cloud Compu;ng Purpose of the series of reports was to educate cloud providers/consumers on how to mi;gate risk when deploying/adop;ng cloud compu;ng Expanded the report from the Seven Deadly Sins to the Evil 8 to the Notorious 9 in 2013 New version mapped to Cloud Controls Matrix and Risk Matrix added (Actual vs. Perceived Risk)
9 Notorious Nine Methodology Surveyed over 300 Security Professionals from 50 countries globally Validated that the threat lis;ng reflects the most current concerns of the industry Reflected current consensus among experts about the most significant threats to cloud security Experts iden;fied nine cri;cal threats to cloud compu;ng in 2013
10 9 Threats Identified (1 4) #1 Threat: Data Breaches Ranking Comparison #2 Threat: Data Loss Ranking Comparison #3 Threat: Account or Service Traffic Hijacking Ranking Comparison #4 Threat: Insecure Interfaces and APIs Ranking Comparison
11 9 Threats Identified (5 9) #5 Threat: Denial of Service Ranking Comparison #6 Threat: Malicious Insiders Ranking Comparison #7 Threat: Abuse of Cloud Services Ranking Comparison #8 Threat: Insufficient Due Diligence Ranking Comparison #9 Threat: Shared Technology Vulnerabili;es Ranking Comparison
12 CLOUD CARRIER
13 Internet Threats AWacks against internet infrastructure con;nue to plague us Rou;ng hijacks (BGP) DNS compromise PKI Some solu;ons exist, but The current protocols are fundamentally broken We need to start over (IPv6 is not a solu;on)
14 CLOUD PROVIDER
15 Tradi;onal Approach Tradi;onally development, test and produc;on environments were strictly separated Developers worked in a dedicated environment and handed completed code over to testers Testers work in a separate environment and perform unit, func;onal and end- to- end tes;ng Tested and built code is handed over to Opera;ons staff who deploy in pre- produc;on environment to perform deployment and integra;on tes;ng before signing release off Released code is deployed into produc;on environment by Opera;ons staff Developers and testers do not have access to produc;on environment
16 Classic Solware Development Dev Test Pre- Prod Prod Development Staff Opera;ons Staff
17 Modern Approach: DevOps Olen leveraged in conjunc;on with Agile Development, Developer Opera;ons (DevOps) is just what it sounds like Developers are responsible for development and opera;ons management of their solware Separa;on between environments can be eroded: code is developed, tested and deployed in produc;on environment Ra;onale behind DevOps is that developers can quickly roll out new features and fix problems as they are discovered Cited as cri;cal market advantage in highly compe;;ve industries such as Search, Social Media, Collabora;on, etc. Gaining adop;on in tradi;onal business environments, too
18 DevOps Solware Development Deployment is accomplished by turning on new features to all users rather than deploying new solware Feedback can be structured, ad hoc, or even a percep;on Deployment User Feedback Test Development Tes;ng is usually done by deploying to a limited popula;on of users and watching their experiences Development might be done in situ, in the produc;on environment
19 DevOps Security Challenge PCI DSS v Separate development/test environments from produc;on environments, and enforce the separa;on with access controls Separa;on of du;es between development/test and produc;on environments ISO/IEC 27002: Separa;on of development, test, and opera;onal facili;es Control: Development, test, and opera;onal facili;es should be separated to reduce the risks of unauthorised access or changes to the opera;onal system.
20 Summary Cloud compu;ng is s;ll a developing field Significant pressure on costs and agility mean some security issues might be passed over New technology will bring new issues Cloud providers are probably bewer than you at protec;ng your data The problem is that they might be doing it in a way that violates your compliance obliga;ons
21 THANK YOU #SCCLondon
Building an Effec.ve Cloud Security Program
Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on
More informationInterna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES
Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define
More informationMAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT. How to Drive Adop.on, Efficiency, and ROI for the Long Term
MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT How to Drive Adop.on, Efficiency, and ROI for the Long Term What We Will Cover Today Presenta(on Agenda! Who We Are! Our History! Par7al
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationCase Studies in Solving Testing Constraints using Service Virtualization
Case Studies in Solving Testing Constraints using Service Virtualization Rix.Groenboom@Parasoft.NL 2/21/14 1 Introduction Paraso& is supplier automated tes1ng solu1ons Since 1984, Los Angeles (US) and
More informationCloud Compu)ng in Educa)on and Research
Cloud Compu)ng in Educa)on and Research Dr. Wajdi Loua) Sfax University, Tunisia ESPRIT - December 2014 04/12/14 1 Outline Challenges in Educa)on and Research SaaS, PaaS and IaaS for Educa)on and Research
More informationDDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna
DDOS Mi'ga'on in RedIRIS SIG- ISM. Vienna Index Evolu'on of DDOS a:acks in RedIRIS Mi'ga'on Tools Current DDOS strategy About RedIRIS Spanish Academic & research network. Universi'es, research centers,.
More informationDistance.fsu.edu. Dr. Susann Rudasill, Director Office of Distance Learning
Distance.fsu.edu Dr. Susann Rudasill, Director Office of Distance Learning Live Link Organiza;onal Structure Interim Provost & Vice President Faculty Development and Advancement Budget Office Academic
More informationPCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management
PCI VERSION 2.0 AND RISK MANAGEMENT Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management Objec&ve: Protect cardholder data (CHD) wherever it resides Applica&on: All card
More informationGe#ng Started with the Unidesk Solu5on Partner Program. Copyright Unidesk Corpora3on
Ge#ng Started with the Unidesk Solu5on Partner Program Copyright Unidesk Corpora3on The Unidesk Solu3on Partner (USP) program is designed to enable resellers, system integrators, distributors and service
More informationQubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management
Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Presented by: Toby Emden Prac0ce Director Iden0ty Management and Access Governance Agenda Typical Business Drivers for
More informationAPP-SOLUTELY SECURITY: The State of Mobile Security. CARTES Secure Connexions The Digital Security World MAY 14, 2014
APP-SOLUTELY SECURITY: The State of Mobile Security CARTES Secure Connexions The Digital Security World MAY 14, 2014 APP-SOLUTELY SECURITY: The State of Mobile Security Session Topics Current Sta*s*cs
More informationA view from the Cloud Security Alliance peephole
A view from the Cloud Security Alliance peephole Cloud One million new mobile devices - each day! Social Networking Digital Natives State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data
More informationOracle Solu?ons for Higher Educa?on
Presented with Oracle Solu?ons for Higher Educa?on Cole Clark Global Vice President Oracle, Educa?on & Research June 12, 2014 Oracle Confiden?al Internal/Restricted/Highly Restricted Safe Harbor Statement
More informationStream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More
Copyright 2015 Splunk Inc. Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More Stela Udovicic Sr. Product Marke?ng Manager Clayton
More informationProgram Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional.
Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional. 163 Stormont Street New Concord, OH 43762 614-286-7895
More informationPrivileged Administra0on Best Prac0ces :: September 1, 2015
Privileged Administra0on Best Prac0ces :: September 1, 2015 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program
More informationMission. To provide higher technological educa5on with quality, preparing. competent professionals, with sound founda5ons in science, technology
Mission To provide higher technological educa5on with quality, preparing competent professionals, with sound founda5ons in science, technology and innova5on, commi
More informationA R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g
RM-C A R o a d t o y o u r C l o u d Professional Service C R M a n d C l o u d C o n s u l t i n g CRM-C Highlights! A Unique Cloud CRM Consulting service firm! Specializing in cloud CRM and Office Collaboration
More informationConvergence: Telecom Moving into Mainstream IT Channel
Convergence: Telecom Moving into Mainstream IT Channel 20- Minute Channel Byte Housekeeping Webinar is being recorded. Slides and recording link will be available tomorrow.? Contact informa?on is provided
More informationVoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov
VoIP Security How to prevent eavesdropping on VoIP conversa8ons Dmitry Dessiatnikov DISCLAIMER All informa8on in this presenta8on is provided for informa8on purposes only and in no event shall Security
More informationIT Governance in Organizations Experiencing Decentralization. Jelena Zdravkovic
IT Governance in Organizations Experiencing Decentralization Jelena Zdravkovic Department of Computer & Systems Sciences (DSV), Stockholm University, Sweden Giannoulis About the Speaker Title: Associate
More informationCompliance and Cloud Computing
Compliance and Cloud Computing Balaji Palanisamy Director, Southwest- US Coalfire Systems, Inc. July 24, 2014 Agenda Introduction Cloud Computing Basics Cloud Computing Threats Security vs. Compliance
More informationPARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT.
PARADIGM SHIFT FROM LARGE RELEASES TO CONTINUOUS DEPLOYMENT OF SOFTWARE. DESIGNING A REFERENCE MODEL FOR CONTINUOUS DEPLOYMENT. PhD Student Teemu Karvonen Supervisors: Markku Oivo and Pasi Kuvaja XP2015
More informationProtec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko
Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning MIS5206 Week 8 In the News Readings In Class Case Study BCP/DRP Test Taking Tip Quiz In the News Discuss items
More informationB2B Offerings. Helping businesses op2mize. Infolob s amazing b2b offerings helps your company achieve maximum produc2vity
B2B Offerings Helping businesses op2mize Infolob s amazing b2b offerings helps your company achieve maximum produc2vity What is B2B? B2B is shorthand for the sales prac4ce called business- to- business
More informationDisaster Recovery Planning and Implementa6on. Chris Russel Director, IT Infrastructure and ISO Compu6ng and Network Services York University
Disaster Recovery Planning and Implementa6on Chris Russel Director, IT Infrastructure and ISO Compu6ng and Network Services York University Agenda Background for York s I.T. Disaster Recovery Planning
More informationPublic Cloud Security: Surviving in a Hostile Multitenant Environment
Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could
More informationHow To Protect Virtualized Data From Security Threats
S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust
More informationEverything You Need to Know about Cloud BI. Freek Kamst
Everything You Need to Know about Cloud BI Freek Kamst Business Analy2cs Insight, Bussum June 10th, 2014 What s it all about? Has anything changed in the world of BI? Is Cloud Compu2ng a Hype or here to
More informationUpdate on the Cloud Demonstration Project
Update on the Cloud Demonstration Project Khalil Yazdi and Steven Wallace Spring Member Meeting April 19, 2011 Project Par4cipants BACKGROUND Eleven Universi1es: Caltech, Carnegie Mellon, George Mason,
More informationSan Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP
Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO
More informationFrom Consultancy. Projects to Case Studies. Ins2tute Case Studies: 10 September 2012, SSI Fellows Programme Launch Steve Crouch s.crouch@so#ware.ac.
Ins2tute Case Studies: From Consultancy Projects to Case Studies 10 September 2012, SSI Fellows Programme Launch Steve Crouch s.crouch@so#ware.ac.uk In Context Developing the scien/fic compu/ng / so4ware
More informationPaco Hope <paco@cigital.com> Florence Mo ay <fmo ay@cigital.com> 2012 Cigital. All Rights Reserved. SecAppDev. Define third party so ware
Paco Hope Florence Moay 2012 Cigital. All Rights Reserved. SecAppDev 1 Objectives Define third party soware What it is, why we use it Define the risks from third
More informationFixed Scope Offering (FSO) for Oracle SRM
Fixed Scope Offering (FSO) for Oracle SRM Agenda iapps Introduc.on Execu.ve Summary Business Objec.ves Solu.on Proposal Scope - Business Process Scope Applica.on Implementa.on Methodology Time Frames Team,
More informationThe Real Score of Cloud
The Real Score of Cloud Mayur Sahni Sr. Research Manger IDC Asia/Pacific msahni@idc.com @mayursahni Digital Transformation Changing Role of IT Innova&on Informa&on Business agility Changing role of the
More informationCSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments
CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang
More informationThe Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.
The Magical Cloud Lennart Franked Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall. 2014-10-20 Lennart Franked (MIUN IKS) The Magical Cloud 2014-10-20 1 / 35
More informationDeveloping a Full- Spectrum Security Training Program
Developing a Full- Spectrum Security Training Program Wayne State University Compu3ng & Informa3on Kevin Hayes, CISSP, CISM Informa)on Security Officer Geoff Nathan Faculty Liason Agenda Background Our
More information1. Introduc+on and Background. 2. Service Overview. 3. Your Requirements. Cloud Services so far Feasibility Study Next Steps Procurement, POC
1. Introduc+on and Background Cloud Services so far Feasibility Study Next Steps Procurement, POC 2. Service Overview Service Profile The Architecture & principles The Service Features/Characteris+cs 3.
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt
ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt Cyber European Union Security Agency for Network Energia, and Informa8on Rome, Security 24/09/15
More informationMapping Out Agile Product Management Expanding Agile beyond development, to maximize Agile within development
Mapping Out Agile Product Management Expanding Agile beyond development, to maximize Agile within development Mack Adams Calgary Agile Methods User Group September 4, 2014 About Mack Adams Agile Consultant
More informationHow Do You Secure An Environment Without a Perimeter?
How Do You Secure An Environment Without a Perimeter? Using Emerging Technology Processes to Support InfoSec Efforts in an Agile Data Center PTC Briefing January 18, 2015 About the Presenters CHARLA GRIFFY-BROWN
More informationProtec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology
Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology Alexey Kirichenko, F- Secure Corpora7on ICT SHOK, Future Internet program 30.5.2012 Outline 1. Security WP (WP6) overview
More informationHow To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9
Copyright 2014 Splunk Inc. Splunk for Mobile Intelligence Bill Emme< Director, Solu?ons Marke?ng Panos Papadopoulos Director, Product Management Disclaimer During the course of this presenta?on, we may
More informationBPO. Accerela*ng Revenue Enhancements Through Sales Support Services
BPO Accerela*ng Revenue Enhancements Through Sales Support Services What is BPO? Business Process Outsorcing (BPO) is the process of outsourcing specific business func6ons to a third- party service provider
More informationECEC 22013. Accelera@ng Europe s Cloud Future. Chambre du Commerce September. October. 14. Mai 2013, Konzerthaus. 1st 2014
ECEC 22013 014 ECDC Partnerschaft in in der der Cloud Cloud Partnerschaft Accelera@ng Europe s Cloud Future Europe Congress & A ward Ceremony 14. Mai 2013, Konzerthaus Chambre du Commerce 14. Mai 2013,
More informationTOOLS and BEST PRACTICES
TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within
More informationSan Jacinto College Banner & Enterprise Applica5on Review Task Force Report. November 01, 2011 FINAL
San Jacinto College Banner & Enterprise Applica5on Review Task Force Report November 01, 2011 FINAL 1 Content Review goal and approach 3 Barriers to effec5ve use of Banner: Consultant observa5ons 10 Consultant
More informationNANOG DNS BoF. DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS
NANOG DNS BoF DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS The Role Of An ISP In DNSSEC Valida;on ISPs act in two different DNSSEC roles, both signing and valida;ng
More informationCloud Infrastructure Services Survey: Key UK Takeaways. Survey conducted by
Cloud Infrastructure Services Survey: Key UK Takeaways Survey conducted by Despite Understanding the Benefits of Cloud Compu7ng, UK IT Teams are Taking a Staged Approach with Migra7on NaviSite Europe Limited,
More informationMarke&ng Managed Services Provider. Managed Web Search Lead Program
Marke&ng Managed Services Provider We define, build, implement and manage web search and remarkejng lead generajon programs as a Managed Service. Managed Web Search Lead Program Plan 27 s dedicated Google
More informationAna Juan Ferrer Cloud Forward 2015, 07/10/2015
Ana Juan Ferrer Cloud Forward 2015, 07/10/2015 SLALOM in a nutshell Service Level Agreement Legal and Open Model SLALOM s principal objeccve is to create a Service Level Agreement (SLA) reference model
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationTop Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces
Top Practices in Health IT Compliance Data Breach & Leading Program Prac3ces Overview Introduc3on to ID Experts & Secure Digital Solu3ons Healthcare Data Breach Trends & Drivers Data Incident Management
More informationSoftware Development and Deployment
Software Development and Deployment PDS Management Council Face-to-Face Berkeley, California November 18-19, 2014 Sean Hardman Topics Overview Build 5a Deployment Status Repor:ng Build 5b Next Steps November
More informationReali9es of Being PCI Compliant
Reali9es of Being PCI Compliant Miguel (Mike) O. Villegas CISA, CISSP, GSEC, CEH, QSA, PA- QSA, ASV Vice President- K3DES LLC Professional Strategies S23 CRISC CGEIT CISM CISA Abstract PCI DSS compliance
More informationNET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP
NET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP Nick Lewis Internet2 NET+ Program Manager, Security and Identity 2015 Internet2 Welcome Goals, logistics, etc Want your feedback, so please comment
More informationProject Management Introduc1on
Project Management Introduc1on Session 1 Part I Introduc1on By Amal Le Collen, PMP Dr. Lauren1u Neamtu, PMP Session outline 1. PART I: Introduc1on 1. The Purpose of the PMBOK Guide 2. What is a project?
More informationSolving today's integra@on challenges with Oracle SOA Suite, and Oracle Coherence
Solving today's integra@on challenges with Oracle SOA Suite, and Oracle Coherence Asaf Lev Sales Consul@ng asaf.lev@oracle.com Agenda Industry Trends Oracle SOA Suite Oracle Coherence Oracle Service Bus
More informationMain Research Gaps in Cyber Security
Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence Index CAMINO WP2: Iden8fica8on and Analysis
More informationChapter 3. Database Architectures and the Web Transparencies
Week 2: Chapter 3 Chapter 3 Database Architectures and the Web Transparencies Database Environment - Objec
More informationQuality Label and Cer0fica0on Processes France- Suisse Summit on ehealth Interoperability 20 May 2014
Quality Label and Cer0fica0on Processes France- Suisse Summit on ehealth Interoperability 20 May 2014 Karima Bourquard Director of Interoperability IHE- Europe Tes0ng and Cer0fica0on Objec0ves To design
More informationDEFINING COMPONENTS OF NATIONAL REDD+ FINANCIAL PLANNING
DEFINING COMPONENTS OF NATIONAL REDD+ FINANCIAL PLANNING WORKSHOP ON BUILDING MULTI- SOURCE REDD+ FINANCING STRATEGIES Antigua, Guatemala July 17 and 18, 2014 Objec'ves of REDD+ Financial Planning Financial
More informationMathieu.gorge@vigitrust.com. www.vigitrust.com
Valid concerns about mobile security and how to address them Ins5tute of Management Consultants and Advisers Dublin, 19 th June 2013 Mathieu.gorge@vigitrust.com www.vigitrust.com Thursday 20 June 13 (c)
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationCloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE!
Cloud, and Digital Iden1ty Management (DIM) Exis1ng DIMs and their Limita1ons Our Goals World of Group Signatures SPICE! Simple Showcase 2 Cloud compu1ng has been envisioned as the next- genera1on architecture
More informationDeveloping Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013
Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts October 3, 2013 Agenda 1. Introductions 2. Higher Ed Industry Trends 3. Technology Trends in Higher Ed
More informationM2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC
M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security Mihai Voicu CIO/CSO ILS Technology LLC Topics 1 What is the role of standardization in security for M2M solutions? 2 How are TIA and other
More informationFTC Data Security Standard
FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls
More informationEnterprise Systems Tech. solutions, strategic persp. and org. considerations. TDEI13, 2014-09- 17 Özgün Imre
Enterprise Systems Tech. solutions, strategic persp. and org. considerations TDEI13, 2014-09- 17 Özgün Imre Agenda Report presenta=ons With candy as reward Literature Discussion Lee, Jinyoul; Keng Siau
More informationCloud Compu?ng & Big Data in Higher Educa?on and Research: African Academic Experience
3 rd SG13 Regional Workshop for Africa on ITU- T Standardiza?on Challenges for Developing Countries Working for a Connected Africa (Livingstone, Zambia, 23-24 February 2015) Cloud Compu?ng & Big Data in
More informationCyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons
Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons Bob Gourley, Partner, Cognitio September 9, 2015 How we think. Disclaimer There is a great deal of text on these slides.
More informationBIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Bryan Cline, PhD Senior Advisor
1 CSF Roadmap 2015 BIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Steve Penn is an experienced security professional with 15+ years of informa;on security experience. He currently
More informationCMG Consul*ng LLC Smarter Enterprise Solu0ons
CMG Consul*ng LLC Smarter Enterprise Solu0ons June 2015 2014 CMG Consul0ng LLC All Rights Reserved 1 Who is CMG? CMG is a strategy consul*ng and advisory company focus on enabling smarter Ci*es, Enterprises,
More informationBank of America Security by Design. Derrick Barksdale Jason Gillam
Bank of America Security by Design Derrick Barksdale Jason Gillam Costs of Correcting Defects 2 Bank of America The Three P s Product Design and build security into our product People Cultivate a security
More informationSecurity April 2015. Solving the data security challenge with our enhanced private and hybrid cloud services
Security April 2015 Secure cloud solutions with guaranteed UK data sovereignty. Solving the data security challenge with our enhanced private and hybrid cloud services This paper enables discussion around
More informationAccelerate Mobile App Delivery: API Security for DevOps
Accelerate Mobile App Delivery: API Security for DevOps Brad Kramer Sr. Business Technology Architect NY State Government 12/18/2013 2013 CA. All rights reserved. Can YOU Meet the Business Demand for Innovation?
More informationChange Management Strategies to Increase Adop5on of Systems, Programs and Processes
Change Management Strategies to Increase Adop5on of Systems, Programs and Processes Theresa Rabe, Deputy Director of HR, County of San Mateo Jay Krishnan, Director, Product Marke5ng, GuideSpark October
More information10 Steps to Preparedness
10 Steps to Preparedness Key Take- Aways Review basics of disaster recovery and con2nuity of opera2ons. Understand what you can do to prepare your pool and its members for an unplanned interrup2on. Ini2ate
More informationSOURCE, SELECT, MANAGE: THE CWM ATHLETE S TRIATHLON GUIDE SIG San Francisco Bay Symposium November 12, 2014. Matt Katz, VP Strategic Solutions
SOURCE, SELECT, MANAGE: THE CWM ATHLETE S TRIATHLON GUIDE SIG San Francisco Bay Symposium November 12, 2014 Matt Katz, VP Strategic Solutions WELCOME! It s another beaueful day in the Bay Area! 2 OPTIONAL:
More informationEvolution of Cyber Security in Healthcare
Evolution of Cyber Security in Healthcare Spencer L SooHoo, PhD Director, Scientific Computing & Chief Security Officer Enterprise Information Services Healthcare and Security How we got here Healthcare
More informationWebinar: Having the Best of Both World- Class Customer Experience and Comprehensive Iden=ty Security
Webinar: Having the Best of Both World- Class Customer Experience and Comprehensive Iden=ty Security With Iden>ty Expert and UnboundID Customer Bill Bonney Today s Speakers Bill Bonney Formerly Director,
More informationShannon Rykaceski Director of Opera4ons CCFHCC
Shannon Rykaceski Director of Opera4ons CCFHCC PRESENTER BIO Shannon Salicce Rykaceski Director of Opera4ons for the Catholic Chari4es Free Health Care Center (CCFHCC), located in PiCsburgh, PA. Prior
More informationHealthcare Informa/on at Risk: Prac/cal Strategies to Avoid Breaches
Healthcare Informa/on at Risk: Prac/cal Strategies to Avoid Breaches Sam Pierre- Louis, CISSP- ISMP - - MDAnderson Cancer Center David Houlding, CISSP, CIPP - - Intel David S. Finn, CISA, CISM, CRISC -
More informationMobility in the Modern Factory. Discussion of Mobile Adop7on for the Factories of the Future
Mobility in the Modern Factory Discussion of Mobile Adop7on for the Factories of the Future Talking Points History Lesson The Reasons for Going Mobile Mobile Infrastructure Mobile Device Security BYOD
More informationGÉANT Cloud Ac-vity Towards Pan- European Cloud Services Kris?n Selvaag
GÉANT Cloud Ac-vity Towards Pan- European Cloud Services Kris?n Selvaag Coordinator IaaS Procurement NTW, Copenhagen Sept. 15 16, 2015 About Includes 36 Na?onal Members, which are European na?onal research
More informationAWS Security & Compliance
AWS Public Sector Jerusalem 19 Nov 2014 AWS Security & Compliance CJ Moses General Manager, Government Cloud Solu3ons Security Is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually
More informationSecuring Business Informa9on in the Cloud
Securing Business Informa9on in the Cloud For security and IT pros concerned with protec9ng sensi9ve informa9on across mul9ple endpoints and applica9ons. Explore how cloud can enable us to go back to basics
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationHow To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook
How To Perform a SaaS Applica7on Inventory in 5Simple Steps A Guide for Informa7on Security Professionals WHY SHOULD I READ THIS? This book will help you, the person in the organiza=on who cares deeply
More informationGovernance as Leadership: Reframing the Work of Nonprofit Boards
Governance as Leadership: Reframing the Work of Nonprofit Boards Tradi
More information2010 Infrastructure Security Report
2010 Infrastructure Security Report 6 th Annual Edi;on Roland Dobbins Craig Labovitz Carlos Morales 2010 Infrastructure Security Survey 6 th Annual Survey Survey conducted in September October 2010 111
More informationTrend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard
Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified
More informationAn Introduc+on to CloudPrime
TM An Introduc+on to CloudPrime Secure messaging pla/orm to protect pa2ent privacy and uphold HIPAA/HITECH regula2on Mari Tangredi, CloudPrime 1 CloudPrime Company Overview! Headquartered in San Francisco,
More informationAchieving Global Cyber Security Through Collaboration
Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department November 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda
More information