Security management in the internet era
|
|
- Johnathan Walters
- 8 years ago
- Views:
Transcription
1 Security management in the internet era Cloud Security (2) October 6, 2011 Jun Murai Keio University!! Suguru Yamaguchi! Nara Institute of Science and Technology! 1
2 Schedule 01st (09/22) Course Description 02nd (09/29) Cloud Security (1) 03rd (10/06) Cloud Security (2) 04th (10/13) Military use of the cyber security technology and its issues 05th (10/20) IPv6 Security 06th (10/27) Guest Lecture(Joichi Ito) 07th (10/27) Midterm Presentation(1) 08th (11/10) Midterm Presentation(2) 09th (11/17) Disaster Recovery Internet(1) 10th (12/01) Disaster Recovery Internet(2) 11th (12/08) Personal Information and Security(1) 12th (12/15) Personal Information and Security(2) 13th (12/22) Evaluation of Security Risk 14th (1/12) Final Presentation(1) 15th (1/19) Final Presentation(2) 2
3 Cloud Security(2) 3
4 Features of Cloud Computing ( 再 掲 ) n Changing the general idea of hardware n A number of virtual hosts in one physical host n Crossing the border n There are many places to save & backup information Virtual hosts Physical host 4
5 Why the security is needed n (Not?) Best security n Disconnect from the network We cannot use the services n Trade-off between security and convenience n Business needs innovations n Innovation needs challenges n Security is not guaranteed in the challenging environment security convenience We have to think about security risks in various views 5
6 The Point of Security Management n User side n Usability v.s. Safety Ex. Can use everywhere vs. Risk of information leakage vs. Risk of out-of-service state n Benefit v.s. Cost for Safety Ex. Cost cutback vs. Confidentiality of business information n Supplier side n Profit vs. Safety Usability Benefit Safety Safety Ex. Service income vs. Cost of security 6
7 Case:Using GoogleApps in Nihon University Case study: Mail system in schools n 10 million students use GoogleApps, Gmail & etc n Advantage: Convenience (not affected by power outages) & management cost (more than two hundred million) n Disadvantage: Safety (information leakage of students) n Decision: Advantage > Disadvantage Risk of student information leakage is small n At first, faculty member s does not use GoogleApps n From the perspective of users(=faculties), safety is most important n Management cost < Risk of faculty members Information The data is stored abroad Faculty member s information is very critical If the service is stopped, the loss becomes large 7
8 Important Points of Cloud Security n Contract(Management) n Service Level Agreement n Policy Problems n Industry Protection n National problem n Cyber terror n Technology 8
9 Contract(Management) If a problem occurs in cloud computing, Who is responsible for? How laws are applied? 9
10 Contract (for companies) n service level agreement(sla) n Support for leaking n No problem if it is specified n Storing data in overseas n Who will take responsibility if the data leaked These things in reference to SLA Cost Compens ation Users have to think about both cost and compensation 10
11 Example of SLA n Clearly specified about responsibility and recompense(if it is specified, cloud service provider will not have problem) n Example of SLA (salesforce.com) 11. LIMITATION OF LIABILITY (abstract) Limitation of Liability. NEITHER PARTY'S LIABILITY WITH RESPECT TO ANY SINGLE INCIDENT ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) SHALL EXCEED THE LESSER OF $500,000 OR THE AMOUNT PAID BY YOU HEREUNDER IN THE 12 MONTHS PRECEDING THE INCIDENT,.. n If limitation is not specified.. n Distribution of free right to use 11
12 Incident and Response of the Cloud n WebARENA CLOUD9(NTTPC Data s Long-term failure) n Period:May 08, 2011-(do not start services yet) n Impact: User could not take data during two or three weeks Stop service n Guarantee:Another VPS Service free tickets n Amazon Cloud( Large-scale failure) n Occurrence time :April 21 24, 2011 n Effect of a failure: All Services of using AmazonEC2(Foursquare etc) 0.07% of data erase n Guarantee :10 days free tickets 12
13 Policy Problems n National problem n Cyber terror( 詳 細 は 第 4 回 ) n Cyber Attack n Information Protection n Intellectual property rights n User Privacy n Industry Protection 13
14 National problem Cloud Computing and Privacy n What is privacy The right to be let alone (Samuel Warren 1890) The ability that we can control the others who get or share our information (Alan Westin 1967) [The right to be let alone] è [The Rights of controlling selfinformation] n Data management policy depends on suppliers n Data Confidentiality is implemented by the contract and trust on the service supplier. n Enforce of compliance (different from countries) 14
15 National problem Globalization of Enterprise Account (Ex. Shopping) Company Personal information protection system is different from each country Subcontracting/Outsource (Ex. Customer support) Customer Information What is a problem? How to protect? Individuals Services Domestic Overseas CRM center Leakage of Personal Information 15
16 National problem Development of Laws on Data Transfer n Agreement about data transfer of each countries (Safe Harbor Agreement) n Agreement on the data transfer between U.S. and EU n Permission of the companies which fill up personal information protection technology Limit the transfer of personal data to third countries It is necessary for Japan to agree about data transfer of each countries 16
17 National problem The need for Legislation n Depending on the situation, laws cannot prevent information leakage Company There is no law to catch information thieves (Can not be arrested) Can be arrested Copy Employees Bring information Illegal Activities using information Critical Data (Thief of information) In Japan, there is no criminal law & regulations against information theft. 17
18 Cyber attack using cloud n Cyber attack using cloud environment n Bot net which has redundancy n Attack which using a lot of resources n Who is responsible for this? Easy prepara)on of a-ack resources 18
19 Intellectual property rights n Variance with intellectual property right, copyright and cloud service n Is it against the law to share music and books? n It is still gray even only you use the data n Demerit n Difficult to change to cloud service due to the legal risk n Users will not be able to use cloud technology fully Japanese cloud service will be in danger because of law Need for relaxing the law on cloud service 19
20 Industry Protection n Use the term security to protect domestic industry n Drive out oversea cloud services n Protect domestic cloud services a way of driving out oversea company openly Company There is security problem in oversea cloud services! 自 国 の クラウドサービス 20
21 Discussion n Do nations doing in the right manner dealing with oversea companies? n Is it good thing to drive oversea companies? 21
22 Summary n Cloud computing doesn t bind physical location and hardware resource n Advantage: Availability and reduction of cost n Disadvantage n Service managements depend on the Supplier n Data leakages n Important points which Cloud computing have. n Company :Contract, n Policy Problems Legal Issues Industry Protection Intellectual property rights 22
23 Assignment n n n n n Amerio Airlines, the company that has many branches around the world, want to share customer information by using cloud computing service. Please suggest the appropriate method to do this process. Your idea should consist of 4 points of view: a contract between Amerio Airlines and customer, a contract between Amerio Airlines and cloud computing service, a legal system for distributing customer information, and a data leak prevention technique. Additional Information Submit at most 2 pages(a4). The Assignment is available in Japanese or English Students that handed in a good report will make a presentation of their report at the beginning of the fifth lecture. Deadline: 10/17(Mon) 17:00(JST) Submission: SOI submission page 23
24 Appendix 24
25 Importance of Security Measures n Compliance of basic Security Management n Risk Analysis n Clarification of Cost on each entity Cover all characters n Relationship between Risk & Cost on each entity n Rational Evaluation based on balance between Risk & Cost 25
26 Management of Cloud Computing Environment n Basis of Security Management Policy n Three Components n Security measures at Users & Suppliers Technology Compliance Management 26
27 Security Measures at Suppliers n Technology n Data Encryption in Communication Channel) n Authentication n Redundancy n Compliance n Policy of Clients Information Management n Management n Risk Management of information leakage n Set the rules for service qualities, roles & responsibilities 27
28 Security Measures at Users n Technology n Data Encryption n Compliance n Security Policy on exchanges of information over the network n Management n Management of Convenience & Risk n Make agreements with content, coverage & quality 28
29 User s Side Security Management n (Reusable) Password Authentication is dominant in major cloud computing services. n Password is the only protection measure for information management, so that high risk on information leakages apparently exists. n Example Google s password Login Gmail, Google calendar & etc MobileMe s password Read mail & calendar and get system configurations Windows Live password Use messenger, read mail, get system configurations 29
Security management in the internet era
Security management in the internet era Cloud Security (1) Septemberr 29, 2011 Jun Murai Keio University! Suguru Yamaguchi! Nara Institute of Science and Technology! Schedule 01st (09/22) Course Description
More informationSecurity Management in the
Security Management in the Internet Era 8 th : Personal Information and Security (2) November 10, 2011 Jun Murai Keio University Suguru Yamaguchi Nara Institute of Science and Technology Schedule 01st
More informationMarkley Cloud Services Hosting Agreement
Cloud Services Hosting Agreement Markley PLEASE READ CAREFULLY - THIS IS A BINDING AGREEMENT. THIS MCS CLOUD PLAN HOSTING AGREEMENT ( AGREEMENT ) IS A BINDING AGREEMENT BETWEEN ONE SUMMER COLOCATION LLC,
More informationCloud Computing Phillip Hampton LogicForce Consulting, LLC
Phillip Hampton LogicForce Consulting, LLC New IT Paradigm What is? Benefits of Risks of 5 What the Future Holds 7 Defined...model for enabling ubiquitous, it convenient, ondemand network access to a shared
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationObjectives. What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer
1 Objectives What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer 2 What is Cloud Computing? Not single, agreed upon definition exists yet,
More informationEnterprise Security and Risk Management Office Risk Management Services. Risk Assessment Questionnaire. March 22, 2011 Revision 1.
March 22, 2011 Revision 1.5 Full_Assessment Questions_with_scoring key_03-22-2011 Page 2 of 23 Initial Release Date: March 31, 2004 Version: 1.0 Date of Last Review: March 22, 2011 Version: 1.5 Date Retired:
More informationAUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM
GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationA Hands-On Understanding of Cloud Services. Presented by: PMPA IT Committee
A Hands-On Understanding of Cloud Services Presented by: PMPA IT Committee Today s Agenda Introduction / Overview Benefits Risks of using Cloud Services Cloud Apps Overview/Preview Shop Example Hands-On
More informationNOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0
NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationDatacenter Hosting - The Best Form of Protection
Datacenter Hosting Scalable Technology and Insurance for Your Business nsacom.com Datacenter Hosting Scalable Technology and Insurance for Your Business Datacenter Hosting Gives You the Best of Both Worlds
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationWeb Drive Limited TERMS AND CONDITIONS FOR THE SUPPLY OF SERVER HOSTING
Web Drive Limited TERMS AND CONDITIONS FOR THE SUPPLY OF SERVER HOSTING Application of Terms Agreement to these terms requires agreement to Web Drive s Standard Terms & Conditions located online at the
More informationPerforming Vendor Risk Assessments
Performing Vendor Risk Assessments You can outsource the work, but you can t outsource the risk! Presented by Jennifer F Alfafara Consultant, Resources Global Professionals Introduction 2 There is significant
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationStudy on Cloud security in Japan
Study on Cloud security in Japan 2011/February Professor Yonosuke HARADA INSTITUTE of INFORMATION SECURITY (C) ITGI Japan Content 1 Background 2 Survey 2.1 Respondents 2.2 User on cloud services 2.3 Risk
More informationCertification for Information System Security Professional (CISSP)
Certification for Information System Security Professional (CISSP) The Art of Service Copyright Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by
More informationCLOUD SERVICES SERVICE LEVEL AGREEMENT. Cloud Services
Article 1: Definitions CLOUD SERVICES SERVICE LEVEL AGREEMENT Support for all Customers on all Problems with the exception of 1 st line Help desk those which initial investigation shows are directly related
More informationQuick guide: Using the Cloud to support your business
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
More informationInformation Security Policy
Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More informationThe software on this device includes software licensed by Company from Microsoft Corporation or its affiliates.
WINDOWS PHONE 7 SOFTWARE LICENSE TERMS These license terms are an agreement between you and Nokia ( Company ), the party distributing the software and device. These terms apply to the software that came
More informationTop 10 Risks in the Cloud
A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationA COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE
A COMPLETE GUIDE HOW TO CHOOSE A CLOUD-TO-CLOUD BACKUP PROVIDER FOR THE ENTERPRISE Contents How to Buy Cloud-to-Cloud Backup...................... 4 Wait What is Cloud-to-Cloud Backup?.....................
More informationThe Data Melting Pot Computing in the Cloud. Becky Pinkard Manager, Security Operations Centres Research In Motion
The Data Melting Pot Computing in the Cloud Becky Pinkard Manager, Security Operations Centres Research In Motion Notable Quotes January 2010, Mark Zuckerberg (Facebook founder): People have really gotten
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationSecurity and Data Protection for Online Document Management Software
Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer
More informationCloud Computing. Security Practices for General User. Examples of Popular Cloud Service Providers
Cloud Computing Security Practices for General User T he cloud is composed of an extensive bulk of computers owned by a third-party in remote location(s). The Internet provides a bridge between personal
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationCloud Security for SME
Cloud Security for SME Hong Kong Computer & Communications Festival 2015 21 Aug 2015 Agenda About HKCERT What is cloud? Cloud security challenges to SME Tips for using cloud service securely About HKCERT
More informationWhat Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen
What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word
More informationMHA Service Level Agreement for Managed CRM
MHA Service Level Agreement for Managed CRM 2014 Managed Hosted Applications Limited. In Commercial Confidence October 2014 CONTENTS Managed CRM... 2 Managed Control Panel... 2 Policy Recommendations...
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationChapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
More informationData Privacy, Security, and Risk Management in the Cloud
Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationAddressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications
Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications Varun Badhwar Co-Founder; VP of Products & Solution Engineering 1 2013 CipherCloud All rights reserved. Agenda Introduction
More informationBackground Convincing the Critics Decision to Outsource. Legal Pointers NERCOMP 04/12/12
Selection and Migration to an Outsourced Exchange Email NERCOMP SIG 4/12/12 Ellen Gulachenski Director Administrative Project Services SIG Evaluation : bit.ly/nercomp_email NERCOMP 04/12/12 1 Agenda Background
More informationHow not to lose your head in the Cloud: AGIMO guidelines released
How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationDISCLOSURE STATEMENT PREPARED BY
DISCLOSURE STATEMENT PREPARED BY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationCloud Computing and Data Protection Compliance - Experiences from Norway
Cloud Computing and Data Protection Compliance - Experiences from Norway PhD Thomas Olsen Legal Aspects of Cloud Computing, UiO, 27 January 2015 www.svw.no Overview Cloud Computing Introduction to EU and
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationService Level Standard
Service Level Standard External Storage Devices and Cloud Services SLS Date: May 24, 2012 Table of Contents Executive Summary... 1 General Overview... 1 Roles and Responsibilities... 1 Information Technology...
More informationAre Frustrations with Microsoft Exchange Driving You to The Cloud? Introduction
Are Frustrations with Microsoft Exchange Driving You to The Cloud? As a leading venture capital firm, Benchmark operates in a fast-paced environment. Timely communication is critical so we cannot afford
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationProtecting Your Data On The Network, Cloud And Virtual Servers
Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public
More informationSolving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools
White Paper Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools Introduction The modern workforce is on the hunt for tools that help them get stuff done. When the technology
More informationCloud Security & Standardization. Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC
0 Copyright 2011 FUJITSU Cloud Security & Standardization Markku Siltanen Tietoturvakonsultti CISA, CGEIT, CRISC Cloud computing 1 Copyright 2011 FUJITSU Characteristics of cloud 2 Copyright 2011 FUJITSU
More informationCloud Services and Business Process Outsourcing
Cloud Services and Business Process Outsourcing What security concerns surround Cloud Services and Outsourcing? Prepared for the Western NY ISACA Conference April 28 2015 Presenter Kevin Wilkins, CISSP
More informationThe Cloud On A Clear Day. Neal Juern
The Cloud On A Clear Day Neal Juern Alternate Titles The Cloud So what is it anyway? Why is it so cloudy? How To Keep Your Head Out What are the risks? Is it all just marketing fluff? What is The Cloud?
More informationHope for the best, prepare for the worst:
Hope for the best, prepare for the worst: Why your customers will demand self-service back-up Presented by Ridley Ruth, COO 2014 a record year for hacking! 100K+ WordPress sites infected by mysterious
More informationAgenda. What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you
Agenda What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you What is Cloud Computing? Compute as a utility: third major era of computing Cloud enabled by Moore
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationSurviving the Era of Hack Attacks Cyber Security on a Global Scale
Surviving the Era of Hack Attacks Cyber Security on a Global Scale Dr. Adriana Sanford ASU Lincoln Professor of Global Corporate Compliance and Ethics Clinical Associate Professor of Law and Ethics This
More informationExpert Reference Series of White Papers. 10 Security Concerns for Cloud Computing
Expert Reference Series of White Papers 10 Security Concerns for Cloud Computing 1-800-COURSES www.globalknowledge.com 10 Security Concerns for Cloud Computing Michael Gregg, Global Knowledge Instructor,
More informationCSUSB Cloud Computing Standard CSUSB, Information Security Office
CSUSB, Information Security Office Last Revised: 01/30/2013 Final REVISION CONTROL Document Title: Author: File Reference: CSUSB Cloud Computing Standard James Macdonell Date By Action Pages 05/04/12 J
More informationTSM Backup Service. Standard Service Level Agreement
TSM Backup Service Standard Service Level Agreement University Of Michigan Information Technology and Services 7/1/2008 1.0 Overview Service Level Agreements (SLAs) are between Information Technology and
More informationWhat s happening in the area of E-security for the Financial Transactions in China
What s happening in the area of E-security for the Financial Transactions in China Dr. Wang Jun Head of E-banking Division, Bank of China Sep. 26, 2002 A Tremendous Potential E-financing Market is is coming
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationBusiness Identity Fraud Prevention Checklist
Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business
More informationHow to procure a secure cloud service
How to procure a secure cloud service Dr Giles Hogben European Network and Information Security Agency Security in the cloud contracting lifecycle Can cloud meet your security requirements Choose the provider
More informationWelcome! What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business. Historical PC Business Network
More informationEXIN Cloud Computing Foundation
Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing
More informationCyberSecurity & Keeping your data safe. October 20, 2015
CyberSecurity & Keeping your data safe Medway Business Council John Haddad, Bisinet Technologies October 20, 2015 We are under attack!!! 2013 110 million records compromised 2014 56 million payment cards
More informationInformation Security Baseline (minimal measures)
Information Security Baseline (minimal measures) 1 Version management Version 0.1 9 September 2013 1st draft Version 0.2 23 September 2013 2nd draft after review by Erik Adriaens Version 0.3 8 October
More informationEvolving Technology Issues: Cloud Computing
Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to
More informationCYBER-LIABILITY COVERAGE: The $ 45 Million Dollar Exposure
CYBER-LIABILITY COVERAGE: The $ 45 Million Dollar Exposure CYBER-LIABILITY COVERAGE: The $ 45Million Dollar Exposure Today s Presenters: Mark J. Camillo, MBA, BS Head of Network Security and Privacy Products
More informationThinking Cloud Services Look Before You Leap
Thinking Cloud Services Look Before You Leap Brian V. Cummings brian.cummings@tcs.com Tata Consultancy Services Friday, March 16, 2012 Session 10358 Preamble Cloud security literature consistently boils
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationSaaS Terms & Conditions
SaaS Terms & Conditions These SaaS Terms and Conditions ( SaaS Terms ) are part of the Serraview Services Agreement ( Agreement ) which governs Client s (also referred to herein as you or your ) use of
More informationCONTROLLING DATA IN THE CLOUD: OUTSOURCING COMPUTATION WITHOUT OUTSOURCING CONTROL
CONTROLLING DATA IN THE CLOUD: OUTSOURCING COMPUTATION WITHOUT OUTSOURCING CONTROL Paper By: Chow, R; Golle, P; Jakobsson, M; Shai, E; Staddon, J From PARC & Masuoka, R And Mollina From Fujitsu Laboratories
More informationSYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY. Symantec 2010 SMB Information Protection Survey. Global Data
SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY Symantec 2010 SMB Information Protection Survey Global Data June 2010 CONTENTS Executive Summary...3 Methodology...4 Finding 1: SMBs serious about information
More information12 Key File Sync and Share Advantages of Transporter Over Box for Enterprise
WHITE PAPER 12 Key File Sync and Share Advantages of Transporter Over Box for Enterprise Cloud storage companies invented a better way to manage information that allows files to be automatically synced
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Google Ireland Limited Address Google Ireland Ltd Gasworks Building Barrow
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationResult of the Attitude Survey on Information Security
Presentation Result of the Attitude Survey on Information Security Conducted toward the companies Operating in Thailand February, 2009 Center of the International Cooperation for Computerization of Japan
More informationFujitsu s Approach to Cloud-related Information Security
Fujitsu s Approach to Cloud-related Information Security Masayuki Okuhara Takuya Suzuki Tetsuo Shiozaki Makoto Hattori Cloud computing opens up a variety of possibilities but at the same time it raises
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationIs Cloud-Based WMS an Option for Complex Distribution Centers?
Welcome to Session 233 Is Cloud-Based WMS an Option for Complex Distribution Centers? Presented by: Sponsored by: Chuck Fuerst 2012 Material Handling Industry. Copyright claimed as to audiovisual works
More informationAppendix J Contractor s Insurance Requirements
Appendix J Contractor s Insurance Requirements Page 1 of 7 Appendix J Contractor s Insurance Requirements During the term of this Contract, the Contractor shall maintain in force, at its sole cost and
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationSECURITY DOCUMENT. BetterTranslationTechnology
SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of
More information