Cloud Governance is more than Security. Cloud Law or Legal Cloud?



Similar documents
Third Party Security Requirements Policy

Cloud Security Trust Cisco to Protect Your Data

Cloud Security and Managing Use Risks

University of Sunderland Business Assurance Information Security Policy

Specialist Cloud Services. Acumin Cloud Security Resourcing

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT

Privacy and Electronic Communications Regulations

HIPAA Privacy Rule Policies

Accountability Model for Cloud Governance

Managing Cloud Computing Risk

Adding Cloud Solutions to Customer Contracts Robert J. Scott

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Technology Risk Management

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

What s the Path? Information Life-cycle part of Vendor Management

(a) the kind of data and the harm that could result if any of those things should occur;

ITAG RESEARCH INSTITUTE

UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

CHAPTER 2: IT ENABLED SERVICES AND EMERGING TECHNOLOGIES... 2 PART 1: IT ASSURANCE SERVICES AND ROLE OF CAs IN BPO-KPO... 2 Learning Objectives...

The problem of cloud data governance

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Program CHARTER

CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING?

Exhibit 2. Business Associate Addendum

Corporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA Office: Fax:

Cloud Computing: Legal Risks and Best Practices

Newcastle University Information Security Procedures Version 3

Information Sheet: Cloud Computing

Data Protection Act Guidance on the use of cloud computing

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Securing the Cloud Infrastructure

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Certified Identity and Access Manager (CIAM) Overview & Curriculum

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Our Commitment to Information Security

Guideline for Roles & Responsibilities in Information Asset Management

COMMUNIQUE. Information Technology (IT) Governance Guidance

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Top Ten Technology Risks Facing Colleges and Universities

How To Assess A Critical Service Provider

Information Governance Strategy & Policy

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012

The potential legal consequences of a personal data breach

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

Cloud Computing Security Considerations

Cloud Storage Policy (Draft for consultation)

How To Protect Decd Information From Harm

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Iowa Student Loan Online Privacy Statement

Implementing Effective Training Programs to Avoid Data Security Breaches

Securing the Microsoft Cloud

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

Article 29 Working Party Issues Opinion on Cloud Computing

Australia s unique approach to trans-border privacy and cloud computing

Vendor Management Best Practices

Auditing Software as a Service (SaaS): Balancing Security with Performance

HIPAA/HITECH Compliance Using VMware vcloud Air

Adobe Systems Software Ireland Ltd

Enterprise Security Architecture

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: Fax: info@thebunker.net

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Enabling Compliance Requirements using ISMS Framework (ISO27001)

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

CLOUD COMPUTING READINESS CHECKLIST

Information Security Policy

Cloud services: Security, Compliance and Privacy. Nasos Kladakis Solutions Specialist Microsoft Hellas

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

External Supplier Control Requirements

Third Party Risk Management 12 April 2012

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve

BEST PRACTICES FOR COMMERCIAL COMPLIANCE

Outsourcing & Regulatory Compliance Risks

EA-ISP-001 Information Security Policy

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

Governance and Management of Information Security

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

ENTERPRISE RISK M A NAGEMENT POLICY

White Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX

Cybersecurity as a Risk Factor in doing business

Service Integration &

Cloud security architecture

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines

Domain 1 The Process of Auditing Information Systems

Acquia Comments on EU Recommendations for Data Processing in the Cloud

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH

Transcription:

more than Security Cloud Law or Legal Cloud?

more than Security Governance principles

more than Security Governance principles 1. Context definition Which organisation/ structure? Which roles and responsibilities? 7. Monitoring & evaluation Which key performance indicators (KPI)? What Balanced Scorecards (BSC)? 6. Communication & information Which information? How to communicate? 2. Strategic alignment How to fulfil the business needs? 3. Value creation Which projects? Which investments? 4. Risk mitigation Which threats? What protection? 5. Resource optimisation Which competencies? How much budget? Which infrastructure?

1. Cloud context definition How to govern the cloud: which management and monitoring processes should be implemented, which roles and responsibilities? Objective : Ensure effective and sustainable management processes transparent business decisions clear lines of responsibility Ensure compliance Contractual agreements Regulatory (data privacy, SOX..) Disclosure laws Legal investigation

2. Strategic alignment How to fulfil the business needs? Objective : Facilitating the achievement of the business objectives business on focus by cloud solutions Ensure applications satisfy the business requirements

3. Value creation Ensure business contribution Objective : Create value thru cost (pay for use) service immediacy service availability scalability (traffic peeks...) mobility (info everywhere)

4. Risk mitigation Which threats? How to protect? Objective : Implement risk management within the cloud computing model information security in alignment with regulatory and organisation standards confidentiality : prevent unauthorised access encryption, customer control integrity malware protection, process segregation availability (continuous service) SLA, customer data safeguards

Objective : Efficient & effective delivery of services 5. Resource optimisation Are resources used efficiently and effectively? Service level agreements (SLA), aligned with business requirements Incident mgt : detection, identification, remediation and follow-up Cost control : budget and actual cost follow-up. Asset mgt : ensure control of systems and data ; proper migration

6. Communication & information Which information? How to communicate? Objective : Ensure timely and adequate communication Service information (availability, performance, maintenance ) Solution documentation (user guides, training, releases )

7. Monitoring & evaluation Which key performance indicators (KPI)? How to audit? Objective : Ensure services comply with requirements and expectations Follow up of service indicators according SLA : performance metrics auditability : right to audit, service certifications (SAS70)

more than Security Conclusion 1. Context definition Clear roles & responsibilities Regulatory and contractual compliance 7. Monitoring & evaluation SLA performance mgt Audit agreements 2. Strategic alignment Strategic business focus fulfil business requirements 3. Value creation Service oriented (flexibility) 6. Communication & information Timely communication Adequate doc/training 4. Risk mitigation Risk management Information security management 5. Resource optimisation Service level agreement (SLA) Cost control

Jean-Pierre Palante Rue Edouard Dereume, 65 1330 Rixensart Mobile: +32.478.32.26.99 Fax: +32.2.652.48.17 E-mail: jp.palante@qap.eu Website: www.qap.eu Patrick Soenen Champ des Pétrales, 6 1332 Genval Mobile: +32.477.75.78.61 Fax: +32.2.654.05.95 E-mail: p.soenen@qap.eu Website: www.qap.eu 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information