NET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP
|
|
- Annabella Farmer
- 8 years ago
- Views:
Transcription
1 NET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP Nick Lewis Internet2 NET+ Program Manager, Security and Identity 2015 Internet2
2 Welcome Goals, logistics, etc Want your feedback, so please comment and be interactive! We will have several small group discussions and each table will need a facilitator We will have a working lunch and a break after the lunch exercise Goal is to get out by 3pm if not earlier Boxnote for the agenda and notes: Could I get a couple volunteers to take notes?
3 Schedule for the day 8:00am Start of the day 8:05 Introductions 8:20 NET+ Program 9:00 How information security is currently integrated into NET+ 10:00 Break 10:30 Continue How information security is currently integrated into NET+ 12:00 Working lunch 12:30 Break 1:00 Future information security improvement to NET+ program 3:00 Wrap-up and next steps
4 Introductions Introductions and what are you expecting to get out of today? Anything you want to add to the agenda? What Cloud Services are your campus using? Who has adopted Cloud Security Assessments? What standard? Roll your own? What are your top concerns they have on security services in the cloud?
5 Campus Experience with NET+ Any campuses using NET+ services? What do you think? Any campuses not NET+ campuses? Why? Any examples where something worked better (or worse) than you expected?
6 Outline for this portion What is NET+ How information security is currently integrated into NET+ How it currently works Security assessments and requirements Identity Management and InCommon Ongoing oversight of service provider Service Provider perspective on NET+ program and information security aspects Integration into broader information security community
7 ADVANCING HIGHER EDUCATION in the AND BEYOND
8 The Genesis of NET NACUBO / EDUCAUSE Cloud Summit
9 Major Recommendations from 2010 Thirteen overall recommendations (Pg 21-22), which include: Create a cloud computing roadmap. Develop a risk-assessment framework and guide. Develop audit guidelines for cloud-based offerings. Identify needed skills and training for cloud-based services. Develop and publish model service level agreements. Encourage identity management. Create a higher education demand aggregator.
10 NET+ Three Year Review 2015 All of the areas of improvement include the security aspects Catalog Configuration monitoring performance and enhancing standards Time To Market more visibility into service validation Streamlined Agreements simpler and easier to use Procurement Improvements further streamline procurement First Service Adoption Barriers lower adoption barriers Reduce Complexity of Business Models
11 Core Objectives of NET+ Services A partnership to provide a portfolio of solutions for Internet2 member organizations that are cost-effective, easy to access, simple to administer, and tailored to the unique, shared needs of the community: Define a new generation of value-added services Leverage Internet2 R&E Network and other services such as InCommon Drive down the costs of provisioning/consuming services Provide a strategic partnership with service providers (new service offerings) Leverage community scale for better pricing and terms Develop solutions that meet performance, usability, and security requirements Provide a single point of contracting and provisioning
12 My vision for NET+ When a campus has a problem, audit finding, incident, etc, they can look in the NET+ portfolio to find a solution they can quickly adopt at a price they can afford Pre-vetted, standard terms, community oversight Meets the unique needs of higher education Mobile, highly decentralized, locally managed, etc Facilitate campuses improving how they do information security Assist campuses adopt cloud services Advances NET+ program
13 What is Internet2 NET+ Cloud? Tailored Cloud service portfolios to: Enhance academic & research user mobility in the Cloud Accelerate trusted Cloud application deployment for the enterprise Ensure standards-based Cloud security, accessibility, reliability and performance with enterprise scalability Security & Identity Software as a Service Infrastructure and Platform Video, Voice & Collaboration Digital Content for Research & Education Enables trusted and responsive user mobility in the cloud, while delivering efficiencies to the enterprise. 13
14 What NET+ Is NOT What NET+ Is A Vendor A Buying Club A Channel Partner A Reseller Exclusive (or picking winners) Community driven and a way for the community to act on its own behalf A benefit of membership (benefits that accrue to par<cipants) A means of influencing the direc<on of IT services development A (growing) porbolio of IT assets that campuses can chose from with consistent terms, best pricing and highest value.
15 370 Par(cipa(ng Campuses In Days the Community Has Built Available Services 600+ Ac(ve Subscrip(ons $250,000,000+ in Community Benefit 89 Valida(on Campuses 15 Service Valida(ons 9 New Evalua(ons WOW! 2015 Internet2
16 Internet2 NET+ Services: Engagements 16 16
17 Examples of Cloud Services Deployed at Scale Leveraging community developed offerings, preferred pricing and business terms 105+ universi<es cloud storage and collabora<on campus- wide (38 months GA) 69+ universi<es leveraging the NET+ Splunk offering (18 months from EA) 35+ universi<es moved their LMS to Instructure s Canvas (18 months from GA) universi<es leveraging Amazon Web Service offering (9 months from EA) 21+ universi<es leveraging Code42 s CrashPlan offering (23 months from EA) Up to July
18 Campus Expectations for the Cloud Any workloads not going to the cloud? Why? Any data types / security requirements not going to the cloud? Why?
19 GET INVOLVED IN THE NET+ SERVICE LIFECYCLE Sponsored by Community Members Designed by par<cipa<ng campuses, providers and Internet2 Subscrip)on by Community Members, Regional and Global partners All delivered at global scale, tailored to R&E needs, and benefi<ng all par)cipa)ng ins)tu)ons
20 The Internet2 NET+ Phases Explore Research Incubator? Inquiry Less than 50% reach Service Valida(on Service Validation Develop Evaluation Timeline variable days
21 The Internet2 NET+ Phases Develop Service Validation Apply community standards Greater than 90% reach General Availability Deploy Timeline variable days
22 Inquiry and Evaluation Inquiry Phase Discovery Understanding the opportunity (what are the possibili<es? Market scope?) Alignment Are the provider and community goals strategically aligned (are we headed in the same direc<on?) Feasibility Are the investments and mutual accommoda<ons required likely to materialize? Community engagement Membership and strategic engagement with the community Evalua(on Phase Iden(fying a Sponsor A CIO or execu<ve from a member ins<tu<on Developing a Proposal With support of the Sponsor Iden(fying addi(onal SV par(cipants Review of Requirements Networking, Iden<ty, Security, Business model and terms Membership in Internet2
23 Requirements of SPs Identified Sponsor: CIO or other senior exec from a member institution Membership in Internet2 and InCommon Federation Adoption of InCommon -Shibboleth/SAML2.0 and Connection of services to the R&E Network Completion of the Internet2 NET+ Cloud Control Matrix Commitment to: A formal Service Validation with 5-7 member institutions Enterprise wide offerings and best pricing at community scale Establishing a service advisory board for each service offering Community business terms (NET+ Business / Customer agreements) support the community s security, privacy, compliance and accessibility obligations Willingness to work with the Internet2 community to customize services to meet the unique needs of education and research
24 How NET+ Providers are Selected: ALWAYS Sponsored by Internet2 Member Campus Can the services scales at least nationally? Can it be delivered over global R&E networks? Develop a business model that scales globally and serves significant portion of community? Will provider work with community to meet unique R&E needs today and into the future? Adopts R&E federated identity standards? Commit to community s Security, Privacy, Compliance, and Accessibility needs? Supportive of common, community contracting terms and conditions (negotiate once, use many times)
25 Quick-Start Program: Requirements Identified Sponsoring CIO ( or other senior executive from a member) Membership in Internet2 and InCommon Federation Adoption of InCommon -Shibboleth/SAML2.0 (within 6 months) Connection to the R&E Network (within 6 months) Completion of the NET+ Cloud Control Matrix Commitment to enterprise wide offerings and best pricing Commitment to establish of a service advisory group within the first 6 months and to a formal Service Validation (within 24 months or after 10 campus enrollments) Acceptance of the Internet2 NET+ template business and customer agreement terms and the community BAA (for HIPAA compliance) with minimal negotiation. Offerings will be limited to a 2 year renewable term and customer agreements will be between the service provider and consuming institution.
26 Quick-Start Program: Additional Considerations Program is for services where the standard requirements and business terms are immediately acceptable Modifications to the template made only to ensure appropriate representation of specific types of services The advantages of the program: Provide fast-track onboarding services to community requirements Minimizing the cost/effort required for on-boarding Benefit to Providers: faster time to revenue generation within the portfolio rubric and to community specifications Benefit to Members: faster time to value, minimum investment until scale economies and persistent interest is established, consistent adoption of community requirements
27 Internet2 NET+ Service Validation Assessment of the service for inclusion in the catalog Applying a consistent process / standard Available at scale to the entire higher education community SV Group is led by the sponsoring institution and 5-7 campus participants Facilitated by Internet2 Program Manager SV participants represent o Themselves AND the Community o Assess the service for inclusion in the catalogue o Negotiate terms, business model and pricing for the entire R&E community
28 Service Validation Func(onal Assessment Review features and func<onality Tune service for research and educa<on community Technical Integra(on Network: determine op<mal connec<on and op<mize service to use the Internet2 R&E network Iden<ty: InCommon integra<on Security and Compliance Security assessment: Cloud Controls Matrix FERPA, HIPAA, privacy, data handling Accessibility Business o Legal: customized agreement using NET+ community contract templates o Business model o Define pricing and value proposi<on Deployment o Documenta<on o Use cases o Support model
29 NET+ Service Validation: Functional Assessment Review current features and func(onality Discuss exis<ng Service Provider product roadmap (under NDA) Determine ways in which service needs to be tuned for research and educa(on community Priori(ze feature requests among the par<cipa<ng universi<es in the Service Valida<on group and discuss priori<za<on with Service Provider s product team Process and Deliverables: customized roadmap for higher educa2on from the Service Provider; feature, func2onality, and bug report priori2za2on from the universi2es
30 NET+ Service Validation: Technical Integration Network: Integrate service with the Internet2 R&E network and op<mize for enhanced delivery Test the network connec<on to create benchmarks Iden(ty: Review Service Provider s iden<ty strategy and determine InCommon integra<on NET+ Iden<ty Guidance for Services Process and Deliverables: Service Provider and par2cipa2ng universi2es assign technical team members on networking and iden2ty; develop and review tes2ng plans; and produce reference documents for service subscribers
31 Identity Management and InCommon NET+ Identity Service Validation Process Collect use cases. Assess current implementation and roadmap. Compare implementation, roadmap, and use cases. Prioritize implementation and refine roadmap. Implement and document. Schools sign off. Iterate. NET Plus Identity Guidance for Services +Services
32 IDM and InCommon Discussion Any feedback from campuses?
33 SV: Business & Legal Legal: customized agreement using NET+ community contract templates MOU between Internet2 and Service Provider is signed in order to begin the Service Valida<on phase Business Agreement between Internet2 and Service Provider is nego<ated during the Service Valida<on phase and reviewed and approved by university counsel Business Model: customized approach to pricing that leverages community assets and captures aggrega<on to reduce costs to the Service Provider and provide savings and addi<onal value to universi<es Process and Deliverables: Par2es nego2ate business agreements, enterprise customer agreements and any associated terms of use
34 NET+ Agreements: Mitigating Risk Reduces business risk by vehng service providers for performance, security and compliance Reduces contrac(ng risk via standard (and beneficial) contract terms Reduces pricing risk by leveraging purchasing power of the community (including waterfall pricing) Ensures fair treatment in the market (no hidden clauses) Providing op(ons as the number of providers in each porbolio services category increases
35 NET+ Agreements: An Emerging Standard Many universi<es may find it valuable to consider service valida<on via NET+ to be a standard specifica<on and pre- qualifying evalua<on/review process that might allow: Formal procurement processes to be simplified or waived Not requiring formal bidding from Internet2 or NET+ validated service providers Elimina<ng the need for sole- source jus<fica<on for NET+ validated service providers when only one source is available for a par<cular category of service Allowing simplified proposals from NET+ validated service providers when mul<ple sources are available for a par<cular category of service
36 NET+ Template Contract One of the templates is in the Box folder Developed working with campus legal counsels to identify community terms Definition of confidential information, accounts, data, etc Indemnification and Liability (Sec 5) Availability / Zero impact maintenance Termination and data transfer
37 NET+ Template Contract Security improvements to be included back into the NET+ offering. (Sec 3.2 Modifications and 8.9 Features) Data ownership is the participant (Sec 8.1(a)) Data Privacy, Security, and Integrity Sec Response to Legal orders Sec 8.5 Incident Response Sec 8.6 Data Retention and Disposal Sec 8.7
38 How NET+ Contrac<ng Supports Procurement Community based due diligence Improves risk management by vehng service providers, standard and beneficial contract terms Ensures fair treatment in the market (no hidden clauses for other universi<es) Reduces costs of administra<on Leverages purchasing power of the en<re community Provides compe<<ve op<ons as the number of providers in each porbolio services category increases
39 Procurement Analysis Worksheets Completed for services once they complete early adopter General: Service Provider; Service; Service Type (IaaS, PaaS, SaaS, other (specify)); Admitted to Service Validation; Completed Service Validation; Schools leading the service validation were; Schools involved in legal discussions; Schools involved in business terms negotiation; Business Agreement signed Categories General details on service. Service level commitments, compliance, technical, data, use and legal concerns, and termination
40 How information security is currently integrated into NET+
41 Background Working group pulled together develop how NET+ should incorporate security Developed this guidance: Recommended Process for the Use of the Cloud Controls Matrix (CCM) in the NET + Program /04/22/ brammer-netsecurity-2.pdf Security aspects began in June 2012, delivered initial version of security controls in December 2012, now in use by NET+ Program Service validation security aspects have evolved over time.
42 Pre-Service Validation Program Manager to work with service provider Help them understand NET+ security and what campuses will expect from them Start gathering security documentation Cursory review of their security documentation to give SP feedback to help have a successful service validation Determine if NDAs are necessary and if so, start getting them from campuses in service validation
43 SV: Security & Compliance Security assessment: Customized version of the Cloud Controls Matrix (CCM) developed by the Cloud Security Alliance and SOC 2 Type 2 Report hmps://cloudsecurityalliance.org/research/collaborate/#_internet2 Accessibility review and Roadmap commitment. WCAG 3C Data handling: FERPA, HIPAA, privacy, data handling Process and Deliverables: Service Provider completes Cloud Controls Matrix and/or SOC2 Type 2 Report for review by universi<es; campus accessibility engineers review service and communicate needs to Service Provider
44 Service Validation Security Aspects NDAs if requested by SP Review of security docs from SP by campuses Call with campuses and SP security staff Whole picture from a campus perspective. What security controls does a campus need because of the SP or does the SP expect of the campus? Example - LastPass security review
45 Security Assessments / Frameworks All of the security assessments in the world will not stop all attackers. CSA CCM - The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. SOC 2 - focuses on a business s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as opposed to SOC 1/SSAE 16 which is focused on the financial reporting controls. ISO Developed to provide a model for establishing, implementing, operating, monitoring, and maintaining an information security management system, it is widely recognized as the highest security standard in the industry for examining the efficacy of an organization s overall security posture.
46 Security Requirements Use cases to flesh out security requirements Depending on the use cases will determine the security requirements FERPA is addressed by defauly If there is a healthcare use case covered with HIPAA requirements, then HIPAA is included A HIPAA BAA is included in default template Export control
47 Small group discussion on service validation What do you think of service validation? What are your experiences with service validation? How security assessments should work? How can we raise the bar to improve security? How to streamline information security aspects of SV? How to do this faster to bring tools to campuses??
48 Ongoing oversight of service providers What is currently done Internet2 NET+ Service Advisory Board (SAB) Review feedback from the community and SAB schools Performed during service validation Follow-up on security items from service validation Requirement in contract for annual updates from service providers on SOC2 or CCM Integrates with what is done on a campus for their oversight
49 Ongoing oversight of service providers What should we do? Should it be a requirement for the SAB to annually review the updated security documentation from the service provider? When there are major updates, to update the security documentation on the provider? Do current campus subscribers get notified? Follow-up on future security controls Example: Service provider promised CCM What to do if there are issues a service provider needs to address? Violation of security requirement from contract? Other contract violations Handled via the breach sections with service provider potential remedy Example: Service provider lapses in performing SOC2
50 How should ongoing oversight be handled? What can we do? What is Internet2 s role and what is the SAB s role? (20 min)
51 Service provider perspective What all of this means to them? More than a buying vehicle Potential to help them engage the HE market Help them identify features and functionality HE needs How does this help them? Streamlined legal and procurement (along with security, etc) NET+ legal work with their final approval if necessary Additional insight into what works for their customers Potential costs for the service provider Our security requirements require significant resources to meet Potential development costs to add functionality
52 How this is or should be integrated into information security community?
53 Relationship within Internet2 InCommon Require NET+ Service Providers to participate in InCommon Work with InCommon on Identity Management TIER Community Created and Curated Services could become a NET+ service Internet2 Network Services Working with Paul Howell, Chief Cyberinfrastructure Security Officer Collaborating on DDoS discussions for potential NET+ DDoS Response service CINO Working Groups CINO Working Groups Home End-to-End Trust and Security Identifying any potential service providers or areas NET+ service providers might be interested in engaging with the community
54 Higher Education Relationships Educause/HEISC Supporting HEISC mission major activity - Providing effective practices and guidance and fostering communication within the community Supporting out of scope activities for Developing or brokering information security fee based services or tool needed by the HE information security community Suggestions for potential service providers, broad direction setting and priorities REN-ISAC Support information sharing by REN-ISAC Work with the community on threat intelligence or information sharing service providers Coordination with both on HE-wide issues
55 Relationships Outside of Edu Cloud Security Alliance Updates on Cloud Control Matrix Certified Cloud Security Professional with ISC2 Training on cloud security for HE information security staff CSA Security, Trust & Assurance Registry (STAR) International Information System Security Certification Consortium, Inc., (ISC)² Certified Cloud Security Professional Training on cloud security for HE information security staff SANS, International Association of Privacy Professionals, others? Should the relationships with external organizations be lead by a campus person or Internet2?
56 Group Discussion: How this is or should be integrated into information security community? (20min)
57 NET+ SECURITY AND IDENTITY PORTFOLIO DEVELOPMENT WORKSHOP Nick Lewis Internet2 NET+ Program Manager, Security and Identity 2015 Internet2
NET+: A Cloud Services Strategy for Research & Educa<on Networks
NET+: A Cloud Services Strategy for Research & Educa
More informationUpdate on the Cloud Demonstration Project
Update on the Cloud Demonstration Project Khalil Yazdi and Steven Wallace Spring Member Meeting April 19, 2011 Project Par4cipants BACKGROUND Eleven Universi1es: Caltech, Carnegie Mellon, George Mason,
More informationGlobal Cloud Services In Higher Educa7on: Developing, Deploying and Enhancing through Community Collabora8on
Global Cloud Services In Higher Educa7on: Developing, Deploying and Enhancing through Community Collabora8on A TERENA Panel Discussion with members of the Global Cloud Services working Group June 2013
More informationUpdate on the Cloud Demonstration Project
Update on the Cloud Demonstration Project Steven Wallace Joint Techs Summer 2011 13- July- 2011 Project Par4cipants BACKGROUND Twelve Universi,es: Caltech, Carnegie Mellon,Cornell George Mason, Indiana
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More informationIT Governance Overview
IT Governance Overview Contents Executive Summary... 3 What is IT Governance?... 4 Strategic Vision and IT Guiding Principles... 4 Campus-Wide IT Strategic Vision... 4 IT Guiding Principles... 4 The Scope
More informationGÉANT Cloud Ac-vity Towards Pan- European Cloud Services Kris?n Selvaag
GÉANT Cloud Ac-vity Towards Pan- European Cloud Services Kris?n Selvaag Coordinator IaaS Procurement NTW, Copenhagen Sept. 15 16, 2015 About Includes 36 Na?onal Members, which are European na?onal research
More informationInformation Technology Strategic Plan 2014-2017
Information Technology Strategic Plan 2014-2017 Leveraging information technology to create a competitive advantage for UW-Green Bay Approved December 2013 (Effective January 2014 December 2017) Contents
More informationISE Northeast Executive Forum and Awards
ISE Northeast Executive Forum and Awards October 3, 2013 Company Name: Project Name: Presenter: Presenter Title: University of Massachusetts Embracing a Security First Approach Larry Wilson Chief Information
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationImplementing Clinical Solutions in the Cloud
Implementing Clinical Solutions in the Cloud NICK LAGROTTA Contents Introduction... 1 What is the Cloud?... 2 Service Models... 2 Delivery Models... 2 Cloud Challenges... 3 The Benefits of a Clinical Cloud...
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationIntroduction to CERNET+ IPv6 Cloud Services Platform Initiative
CANS2015 Chengdu Introduction to CERNET+ IPv6 Cloud Services Platform Initiative CERNET Corp 1 The Background 目 录 CONTENT 2 Business Model 3 The Goals and Challenges The Background CERNET+ IPv6 Cloud Services
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More informationWritten Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications
Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee
More informationSoftware Defined Hybrid IT. Execute your 2020 plan
Software Defined Hybrid IT Execute your 2020 plan Disruptive Change Changing IT Service Delivery Cloud Computing Social Computing Big Data Mobility Cyber Security 2015 Unisys Corporation. All rights reserved.
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationSe i o Pricing Document
Se i o Pricing Document This document details pricing structures and policies for ServiceNow. It includes information on the ServiceNow pricing model for standard packages as well as all options and add---ons.
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationIntroduction to the Open Data Center Alliance SM
Introduction to the Open Data Center Alliance SM Legal Notice This Open Data Center AllianceSM Usage: Security Monitoring is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS WHO ARE NOT
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationUNIVERSITY OF WISCONSIN SYSTEM INFORMATION TECHNOLOGY SUMMARY FISCAL YEAR 2015
UNIVERSITY OF WISCONSIN SYSTEM INFORMATION TECHNOLOGY SUMMARY FISCAL YEAR 2015 This page intentionally left blank. UW System IT Summary FY 2015 Page 2 CONTENTS INTRODUCTION... 5 GENERAL IT SERVICES...
More informationIndustry Consultation Note Cloud Management Office. Industry Consultation Note - Cloud Management Office (CMO)
Industry Consultation Note - Cloud Management Office (CMO) MeghRaj Policy Government of India views Information and Communication Technology (ICT) as an opportunity to achieve its vision for sustainable
More informationProtecting Data and Privacy in the Cloud
Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering
More informationPublic Sector Chief Information Officer Council
Report to Public Sector Chief Information Officer Council White Paper on a Pan Canadian Opportunities for Collaboration Project Goal Two Report: Outline and Approach Draft v1.0 Submitted by: Stuart Culbertson
More informationProject Management/Controls and their impact on Auditing and Accounting Issues. October 31, 2012
Project Management/Controls and their impact on Auditing and Accounting Issues October 31, 2012 Today s presenters Patrick Hagan National Managing Partner State and Local Government patrick.hagan@mcgladrey.com
More informationCompliance and the Cloud: What You Can and What You Can t Outsource
Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationPublic Cloud Service Agreements: What to Expect & What to Negotiate. April 2013
Public Cloud Service Agreements: What to Expect & What to Negotiate April 2013 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide customer-led guidance to the multiple
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationNET+ INFRASTRUCTURE AND PLATFORM SERVICES PORTFOLIO STATUS & UPDATE
NET+ INFRASTRUCTURE AND PLATFORM SERVICES PORTFOLIO STATUS & UPDATE Andrew Keating, Eric Jeanes, Sean O Brien NET+ Cloud Services 2014 Internet2 NET+ IPS Portfolio Update CONTENTS Goals and Updates Portfolio
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationVISP Vendor Information Security Plan: A tool for IT and Institutions to evaluate third party vendor capacity and technology to protect research data
VISP Vendor Information Security Plan: A tool for IT and Institutions to evaluate third party vendor capacity and technology to protect research data 1 Table of Contents Executive Summary... 3 Template
More informationHP S POINT OF VIEW TO CLOUD
HP S POINT OF VIEW TO CLOUD Frank Bloch Director Technology Consulting 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 3 GLOBAL MEGA
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationHP Cloud technologies
HP Cloud technologies ari.saareks@hp.com Cloud & Presales Manager Finland & Baltics 1 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without
More informationThe role of standards in driving cloud computing adoption
The role of standards in driving cloud computing adoption The emerging era of cloud computing The world of computing is undergoing a radical shift, from a product focus to a service orientation, as companies
More informationA R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g
RM-C A R o a d t o y o u r C l o u d Professional Service C R M a n d C l o u d C o n s u l t i n g CRM-C Highlights! A Unique Cloud CRM Consulting service firm! Specializing in cloud CRM and Office Collaboration
More informationImplementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks
Implementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks July 23, 2015 2015 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design
More informationBusiness Intelligence & Data Warehouse Consulting
Transforming Raw Data into Business Results In the rapid pace of today's business environment, businesses must be able to adapt to changing customer needs and quickly refocus resources to meet market demand.
More informationObtaining CSF Certification Lessons Learned and Why Do It
Obtaining CSF Certification Lessons Learned and Why Do It Aaron Miri, Chief Technology Officer, Children s medical Center of Dallas Ryan Sawyer, Director, Technology Risk and Identity Governance, WellPoint
More informationNSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015
NSW Government Data Centre & Cloud Readiness Assessment Services Standard v1.0 June 2015 ICT Services Office of Finance & Services McKell Building 2-24 Rawson Place SYDNEY NSW 2000 standards@finance.nsw.gov.au
More informationRMS(one) Summary and Points for Discussion
RMS(one) Summary and Points for Discussion Prepared by Guy Carpenter 1 April 10, 2014 1. Background: The new RMS(one) platform debuts April 15 th 2014 with actual production starting in October 2014. It
More informationInterna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES
Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationADVANCING SECURITY, TOGETHER ADVANCING. THRIVE IN THE FAST- GROWTH SECURITY MARKET Security Focused Easier Achievements Faster Rewards
SYMANTEC SECURE ONE GUIDE DECEMBER 2 0 1 5 ADVANCING SECURITY, TOGETHER ADVANCING THRIVE IN THE FAST- GROWTH SECURITY MARKET Security Focused Easier Achievements Faster Rewards Symantec Secure One Guide
More informationINFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationCloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu
Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationState of Kansas Information Technology Vendor Management Program Executive Summary
State of Kansas Executive Summary In January 2003, incoming Kansas Governor Kathleen Sebelius initiated a performance review of state government. The Budget Efficiency and Savings Team (BEST) initiative
More informationHow To Manage Cloud Management
WHITE PAPER Five Steps to Successful Integrated Cloud Management Sponsored by: HP Mary Johnston Turner May 2011 Robert P. Mahowald IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA
More informationWhat Leaders Need to Know About Managing Data Risk in Student Success Systems
An EDUCAUSE Executive Briefing What Leaders Need to Know About Managing Data Risk in Student Success Systems april 2014 Integrated planning and advising services (IPAS) systems show promise for improving
More informationProgram Overview. CDP is a registered certification designed and administered by Identity Management Institute (IMI).
Overview Certified in Data Protection (CDP) is a comprehensive global training and certification program which leverages international security standards and privacy laws to teach candidates on how to
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationASAE s Job Task Analysis Strategic Level Competencies
ASAE s Job Task Analysis Strategic Level Competencies During 2013, ASAE funded an extensive, psychometrically valid study to document the competencies essential to the practice of association management
More informationCloud Computing and Data Center Consolidation
Cloud Computing and Data Center Consolidation Charles Onstott, PMP Chief Technology Officer, Enterprise IT Services SAIC Steven Halliwell General Manager for State and Local and Education Sales Amazon
More informationOptimizing the Data Center for Today s Federal Government
WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S FEDERAL......... GOVERNMENT............................... Optimizing the Data Center for Today s Federal Government Who should read this paper CIOs,
More informationG-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service
G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service 1 Table of contents 1. Scope of our services... 3 2. Approach... 4 a. HealthCheck Application Scan... 4
More informationagility made possible
SOLUTION BRIEF CA IT Asset Manager how can I manage my asset lifecycle, maximize the value of my IT investments, and get a portfolio view of all my assets? agility made possible helps reduce costs, automate
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationHot Topics in IT. CUAV Conference May 2012
Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationTop 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationCyber Security Defense Services Portfolio Development Status. February 2016
Cyber Security Defense Services Portfolio Development Status February 2016 1 Agenda Merit s Six Strategic Thrusts Merit s current security offerings Member feedback Mission and vision statement for this
More informationContact Center TotalCare Enhanced Services
ASSESS. PLAN. OPTIMIZE. Contact Center TotalCare Enhanced Services The Exceptional Customer Experience Customers have more options than ever and retaining or losing valued business is often a click away.
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationIT AS A SERVICE BROKER
IT AS A SERVICE BROKER MIT Sloan CIO Symposium May 21, 2014 Thomas P. Roloff Senior Vice President EMC Global Services twitter: @TRoloff 1 Why Transformation? Business is Changing Faster Than IT Business
More informationIT Transformation. Moving Beyond Service Management to a Strategic Business Role. August 2013. kpmg.com
IT Transformation Moving Beyond Service Management to a Strategic Business Role August 2013 kpmg.com KPMG surveyed over 275 attendees at ServiceNow s Knowledge13 conference, here is what we learned. Key
More informationBoston College Information Technology Services
Boston College Information Technology Services Strategic Plan Version 1.0, Fall 2013 1 Boston College Information Technology Services Strategic Plan Version 1.0, Fall 2013 Letter from Vice President,
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More information9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania
Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of
More informationCisco Cloud Enablement Services for Adopting Clouds
Cisco Cloud for Adopting Clouds Cisco Cloud for Adopting Clouds help you understand which applications you need to migrate; build business justifications for migrating your applications to a public cloud
More informationCloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent
Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationView Point. Lifting the Fog on Cloud
View Point Lifting the Fog on Cloud There s a massive Cloud build-up on the horizon and the forecast promises a rain of benefits for the enterprise. Cloud is no more a buzzword. The enabling power of the
More informationManagement and Use of Information & Information Technology (I&IT) Directive. Management Board of Cabinet
Management and Use of Information & Information Technology (I&IT) Directive Management Board of Cabinet February 28, 2014 TABLE OF CONTENTS PURPOSE... 1 APPLICATION AND SCOPE... 1 PRINCIPLES... 1 ENABLE
More informationChoosing the Right Project and Portfolio Management Solution
Choosing the Right Project and Portfolio Management Solution Executive Summary In too many organizations today, innovation isn t happening fast enough. Within these businesses, skills are siloed and resources
More informationReview of Cloud Risks: What if
Review of Cloud Risks: What if Availability of Data Ownership of Data Security of Information Privacy Controls there is no way to prevent Twitter from sharing your data (like when & where you tweeted from)
More informationSuccess Factors for Global Alignment and Targeting Platform. Pranav Lele
Success Factors for Global Alignment and Targeting Platform Pranav Lele Success Factors for Global Alignment and Targeting Platform Pranav Lele Increasing complexity and the globalization of pharma business
More informationPARTNER PROGRAMME GUIDE
PARTNER PROGRAMME GUIDE Content Introduction...3 Committed to Partnerships...4 Market Environment...4 Discover Dimension Data Cloud...5 Partner Programme Overview...6 Why become a Dimension Data partner?...7
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationProject Por)olio Management
Project Por)olio Management Important markers for IT intensive businesses Rest assured with Infolob s project management methodologies What is Project Por)olio Management? Project Por)olio Management (PPM)
More informationCloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationHP and netforensics Security Information Management solutions. Business blueprint
HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationApplication Performance Monitoring/Management (APM) Request for Information (RFI) 28198-CH
Application Performance Monitoring/Management (APM) Request for Information (RFI) 28198-CH Issued: March 30, 2015 Responses Due: May 12, 2015 This is not a bid or proposal. This Request for Information
More informationThe Cadence Partnership Service Definition
The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues
More informationThe Webcast will begin at 1:00pm EST. www.gig-werks.com
SharePoint 2013 & SharePoint Online Security, Compliance & ediscovery The Webcast will begin at 1:00pm EST Today s Presentation: Introduction & About Gig Werks Gig Werks Experience with SharePoint Office
More informationHow To Manage Project And Portfolio Management In Microsoft Office 2010
Enterprise Project Management SOLUTIONS THAT LAST Challenges in PPM What is a Project? Why Project Management? Challenges in Project and Portfolio Management (PPM) Problems for PM and PPM Leaders Presentation
More informationData Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1
Data Risk Management: ISM Ground to Cloud Summit accelerate your ambition 1 John Jones Branch Practice Manager Networking, Communications & Security Solutions John.Jones@dimensiondata.com Justin Evans
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
More informationThe Shi/ To Services: IT s Role Transforming Higher Educa=on
University of Colorado August 1, 2012 Shelton Waggener Senior Vice President, Internet2 The Shi/ To Services: IT s Role Transforming Higher Educa=on About Me 20 Years in private sector Sybase, Octel, Lucent
More informationproactive contract management
TM proactive contract management Six Reasons Why Contract Management Matters Table of Contents Why Contract Management Matters 2 How Contracts Impact Your Business 2 Contract Data Determines Revenue and
More information