Cloud Computing Security Audit
|
|
- Lizbeth Fowler
- 8 years ago
- Views:
Transcription
1 Cloud Computing Security Audit Teddy Sukardi Indonesia IT Consultant Association IKTII Chairman
2 Agenda The data center and the cloud Concerns with cloud implementation The role of cloud audit as a solution Suggestions for implementation
3 Background Role of information technology continue to increase in the financial, commerce, public services, education and many other sectors The demand for data center has followed along and raised concern about eficiency and risk management Additional regulations about data center(s) will be issued and implemented nation wide in Indonesia Cloud computing has played a strategic role offering efficiency besides progress in the traditional data center role.
4 Traditional vs Cloud Data Center trends from Cisco Global Cloud Index By 2018, 78% of workloads will be processed by cloud data centers; 22% will be processed by traditional data centers. From 2013 to 2018 overall data center workloads will grow 190 % cloud workloads will grow 290 % Workload density (workload per physical server) growth from 2013 to 2018 for cloud data centers from 5.2 to 7.5 for traditional data centers from 2.2 to 2.5
5 Public vs Private Cloud Data Centers from Cisco Global Cloud Index In % will be in public cloud data centers, up from 22 per cent in 2013 In % will be in private cloud data centers, down from 78 percent in 2013
6 Cloud Computing Definition NIST model
7 Multi Tenancy Use of same resources or application by multiple consumers that may belong to same organization or different organization. Visibility of residual data or trace of operations by other user or tenant. Need for policy-driven enforcement, segmentation, isolation, governance, service levels, and chargeback/billing models for different consumer constituencies. Choices: public cloud providers service offering on an individual user basis private cloud hosting, an organization may segment users as different business units sharing a common infrastructure
8 Multi Tenancy From a provider s perspective An architectural and design approach to enable economies of scale, availability, management, segmentation, isolation, and operational efficiency. Leverage shared infrastructure, data, metadata, services, and applications across many different consumers.
9 Deployment Model
10 Mapping The Cloud Model to Control and Compliance
11 Cloud Security Risks Security controls in cloud computing are no different than security controls in any IT environment. Because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, cloud computing may present different risks to an organization than traditional IT solutions. An organization s security posture is characterized by the maturity, effectiveness, and completeness of the risk-adjusted security controls implemented. These controls are implemented in layers ranging from the facilities (physical security), the network infrastructure (network security), the IT systems (system security) and the information & applications (application security) Controls are implemented at the people and process levels, such as separation of duties and change management, respectively. The security responsibilities of both the provider and the consumer greatly differ between cloud service models.
12 Compliance Issues 1) Regulatory implications for using a particular cloud service or providers, giving particular attention to any cross-border or multi-jurisdictional issues when applicable 2) Assignment of compliance responsibilities between the provider and customer, including indirect providers (i.e.,the cloud provider of your cloud provider) 3) Provider capabilities for demonstrating compliance, including document generation, evidence production, and process compliance, in a timely manner 4) Relationships between customer, providers and auditors (both the customer's and provider's) to ensure required (and appropriately restricted) access and alignment with governance requirements
13 Cloud Security Standards ISO/IEC 27017: Cloud Computing Security and Privacy Management System-Security Controls ISO/IEC x: Multipart standard for the information security of supplier relationship management that is planned to include a part relevant to the cloud supply chain
14 The Role of Audit Audit have been one method to provide assurance that operational risk management activities are thoroughly tested and reviewed. Audit for Cloud must be independently conducted and should be designed to reflect best practice, appropriate resources, and tested protocols and standards. Both internal and external audit and controls are important, for both the customer and provider.
15 Policy and Practise Suggestions To have a right to audit clause in the contract in order to give customers the ability to audit the cloud provider. To use a normative specification in the right to audit to ensure mutual understanding of expectations. To have a right to transparency clause with specified access rights especially in highly regulated industries For Providers to review, update, and publish their information security documents and GRC processes regularly (or as required), including vulnerability analysis and related remediation decisions and activities. For third-party auditors to be mutually disclosed or selected in advance, jointly by provider and customer. For all parties to agree to use a common certification assurance framework for IT governance and security controls.
16 References from: 1) Cloud Security Alliance 2) Cisco Global Cloud Index: Forecast and Methodology White Paper
Strategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationWORKDAY CONCEPT: EMPLOYEE SELF SERVICE
WORKDAY CONCEPT: EMPLOYEE SELF SERVICE What is Employee Self Service? Employee Self Service (ESS) is the functionality allowing employees to initiate actions such as: Managing personal information Setting-up
More informationSecure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com
Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud
More informationIIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc.
IIA Conference September 18, 2015 Paige Needling Director, Global Information Security Recall, Inc. IT SECURITY UMBRELLA Compliance for IT Data Privacy Protection Privacy Risk Assessment Vulnerability
More informationRequirements and Challenges for Securing Cloud Applications and Services
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661 Volume 4, Issue 2 (Sep.-Oct. 2012), PP 46-52 Requirements and Challenges for Securing Cloud Applications and Services Mrs. Y. Lakshmi Prasanna
More informationTrend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard
Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationThe ODCA, Helix Nebula and Federated Identity Management. Mick Symonds Principal Solutions Architect Atos Managed Services NL
The ODCA, Helix Nebula and Federated Identity Management Principal Solutions Architect Atos Managed Services NL Agenda The Open Data Center Alliance Helix Nebula Federated Identity Management as a service
More informationArchitectural Principles for Secure Multi-Tenancy
Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationSecurity in the Cloud: Visibility & Control of your Cloud Service Providers
Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationClinical Trials in the Cloud: A New Paradigm?
Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand
More informationSecurity and Cloud Computing
Security and Cloud Computing Martin Borrett, Lead Security Architect NE Europe, WW Service Management Tiger Team IBM Software Optimising the World s Infrastructure 27th May - London Agenda Brief Introduction
More informationSecurity Issues in Cloud Computing
Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationHow To Understand Cloud Computing
Dr Markus Hagenbuchner markus@uow.edu.au CSCI319 Introduction to Cloud Computing CSCI319 Chapter 1 Page: 1 of 10 Content and Objectives 1. Introduce to cloud computing 2. Develop and understanding to how
More information6 Cloud computing overview
6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable
More informationHow Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015
How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More information全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks
全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate
More informationProtec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli
Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationIsraeli Law Information and Technology Authority. Privacy and Data Security in the Cloud - The Israeli Perspective
הרשות למשפט, טכנולוגיה ומידע Israeli Law Information and Technology Authority Privacy and Data Security in the Cloud - The Israeli Perspective Amit Ashkenazi, Head of the Legal Department Outline Introduction
More informationNetwork Security Requirements and Solutions
Critical Criteria For (Cloud) Workload Security Steve Armendariz Enterprise Sales Director CloudPassage October 3, 2015 @NTXISSA #NTXISSACSC3 Does anyone remember when server security was EASY? NTX ISSA
More informationEnabling Multi-Tenancy with NetApp MultiStore
Enabling Multi-Tenancy with NetApp MultiStore Agenda What is Multi-Tenancy? Secure Multi-Tenancy as Cloud Infrastructure Introducing MultiStore MultiStore Use Cases Customer Examples 2009 NetApp. All rights
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationDelivering IT Security and Compliance as a Service
Delivering IT Security and Compliance as a Service Matthew Clancy Technical Account Manager Qualys, Inc. www.qualys.com Agenda Technology Overview The Problem: Delivering IT Security & Compliance Key differentiator:
More informationDelivering IT Security and Compliance as a Service
Delivering IT Security and Compliance as a Service Jason Falciola GCIH, GAWN Technical Account Manager, Northeast Qualys, Inc. www.qualys.com Agenda Technology Overview h The Problem: Delivering IT Security
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationEssential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service
Cloud Computing Although cloud computing is quite a recent term, elements of the concept have been around for years. It is the maturation of Internet. Cloud Computing is the fine end result of a long chain;
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationTop 10 Risks in the Cloud
A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question
More informationHow to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck
How to Ensure IT Compliance Without Compromising Innovation Nik Teshima, IBM Phil Odence, Black Duck Black Duck 2013 Speakers Phil Odence VP of Business Development Black Duck Software Nik Teshima Senior
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationThe problem of cloud data governance
The problem of cloud data governance Vasilis Tountopoulos, Athens Technology Center S.A. (ATC) CSP EU Forum 2014 - Thursday, 22 nd May, 2014 Focus on data protection in the cloud Why data governance in
More informationCloudbuz at Glance. How to take control of your File Transfers!
How to take control of your File Transfers! A MFT solution for ALL organisations! Cloudbuz is a MFT (Managed File Transfer) platform for organisations and businesses installed On-Premise or distributed
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationLooking Ahead The Path to Moving Security into the Cloud
Looking Ahead The Path to Moving Security into the Cloud Gerhard Eschelbeck Sophos Session ID: SPO2-107 Session Classification: Intermediate Agenda The Changing Threat Landscape Evolution of Application
More informationAgenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems
Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Cloud Security Alliance, 2015 Agenda Charter /Members What is Data Governance Data
More informationPrivate Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist
Private Cloud Database Consolidation with Exadata Nitin Vengurlekar Technical Director/Cloud Evangelist Agenda Private Cloud vs. Public Cloud Business Drivers for Private Cloud Database Architectures for
More informationTrusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation
Trusted Geolocation in the Cloud Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation 2 Agenda Definition of cloud computing Trusted Geolocation in
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationSimplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015
Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationH Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments
H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service
More informationAccelerating Cloud adoption with Security Level Agreements automation, monitoring and industry standards compliance
Accelerating Cloud adoption with Security Level Agreements automation, monitoring and industry standards compliance Cirrus Workshop, Vienna, Austria, November 19, 2013 Dr. Said Tabet Senior Technologist
More informationTrust but Verify. Vincent Campitelli. VP IT Risk Management
Trust but Verify Vincent Campitelli VP IT Risk Management McKesson Corporation Trust but Verify Cloud Security 3 Agenda Cloud Defined Cloud Opportunities Cloud Challenges What s Different? How to Verify
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationCloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University
Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationeeye Digital Security Product Training
eeye Digital Security Product Training Retina CS for System Administration (4MD) This hands-on instructor led course provides security system administration/analysts with the skills and knowledge necessary
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationA.Prof. Dr. Markus Hagenbuchner markus@uow.edu.au. CSCI319 A Brief Introduction to Cloud Computing. CSCI319 Page: 1
A.Prof. Dr. Markus Hagenbuchner markus@uow.edu.au CSCI319 A Brief Introduction to Cloud Computing CSCI319 Page: 1 Content and Objectives 1. Introduce to cloud computing 2. Develop and understanding to
More informationCloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology
Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG Cloudy with Showers of Business Opportunities and a Good Chance of
More informationInterna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES
Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define
More informationTOOLS and BEST PRACTICES
TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationONLINE FILE SHARING: WHO S IN CONTROL? Dave Ewart Sr. Director of Product Marketing
ONLINE FILE SHARING: WHO S IN CONTROL? Dave Ewart Sr. Director of Product Marketing WHO IS WORKSHARE? 98% AmLaw 200 98% UK Law 50 62% Fortune 1000 43% of FTSE 100 85% Professional Services 250 70 Countries
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCONTROLLING CLOUDS: BEYOND SAFETY
CONTROLLING CLOUDS: BEYOND SAFETY GORDON HAFF (@ghaff) CLOUD EVANGELIST 22 OCTOBER 2013 ABOUT ME Red Hat Cloud Evangelist Twitter: @ghaff Google+: Gordon Haff Email: ghaff@redhat.com Blog: http://bitmason.blogspot.com
More informationHow To Secure Cloud Infrastructure
Trustworthy Clouds Underpinning the Future Internet Cloudscape III, Brussels, March 2011 Elmar Husmann, Corinna Schulze IBM 1 of 12 80% Of enterprises consider security the #1 inhibitor to cloud adoptions
More informationCisco Intercloud Fabric Security Features: Technical Overview
White Paper Cisco Intercloud Fabric Security Features: Technical Overview White Paper May 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of
More informationInformation Security Risk Management
Information Security Risk Management Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationSecurity Architecture Principles A Brief Introduction. Mark Battersby 2013-05-22, Oslo
Security Architecture Principles A Brief Introduction Mark Battersby 2013-05-22, Oslo Agenda About Me Enterprise Architecture Architecture Principles Our Philosophy Security Architecture Principles Security
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationProfile. Business solutions with a difference
Profile Business solutions with a difference Overview ITeM Group was founded in 1999 and has a successful history of delivering IT solutions in Australia, New Zealand, Indonesia, China and Canada. We specialise
More informationLogically Securing a Public Cloud Service
SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only
More informationSOLUTION WHITE PAPER. BMC Manages the Full Service Stack on Secure Multi-tenant Architecture
SOLUTION WHITE PAPER BMC Manages the Full Service Stack on Secure Multi-tenant Architecture Table of Contents Introduction................................................... 1 Secure Multi-tenancy Architecture...................................
More informationITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING
ITL BULLETIN FOR MARCH 2012 GUIDELINES FOR IMPROVING SECURITY AND PRIVACY IN PUBLIC CLOUD COMPUTING Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationHow To Secure Cloud Computing
A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker
More informationCloud Security: The Grand Challenge
Dr. Paul Ashley IBM Software Group pashley@au1.ibm.com Cloud Security: The Grand Challenge Outline Cloud computing: the pros, the cons, the blind spots Security in the cloud - what are the risks now and
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More information