How To Write A Book On The Internet Security



Similar documents
Architectuur hulpmiddelen TechnoVision & CORA. Maarten Engels Nieuwegein, 9 februari 2012

+ Even voorstellen Barry Derksen, Directeur BITTI B.V., Bedrijf met 10 toppers op : benchmark, advies, audit en interim/ project management

F5 NETWORKS Good, Better & Best. Patrick Heirwegh Channel Manager p.heirwegh@f5.com

Van risico analyse naar security plan

ISO 27001:2005 & ISO 9001:2008

Platform voor Informatiebeveiliging IB Governance en management dashboards

Introductie Agilos Enterprise Warehouse View The Audit-Data Warehouse: a data refinery Controls Warehouses Solution Warehouses

ISACA Roundtable. Cobit and 7 september 2015

Market Intelligence & Research Services. CRM Trends Overview. MarketCap International BV Januari 2011

Information Security Governance:

E-Commerce met Microsoft

T h e N e x t G e n e r a t i o n of C o n s u m e r i z a t i o n KIXS. Leading Edge Forum Study Tour October 2013

PinkRoccade Offshore Facilities Optimizing the Software Development Chain. PROF proposition. neral presentation

De rol van requirements bij global development

Hoe ontwerp en realiseer je een digitale wasstraat?

Information Security Governance

Cisco Data Center and Virtualisation Strategy. Marc Samsom

Security and privacy standardization for the SME community

Informatiebeveiliging volgens ISO/IEC 27001:2013

Visie op Hosted Services: Cloud Computing. Michel N guettia Business Lead Server

#BMIT. Welcome. Seminar Business Continuity

How To Run A Brainresearch Biobank

The Netherlands: ICT R&D and participation to FP7

Executive's Guide to

A view on governance. SharePoint Kennisdelingsdag. Nick Stuifbergen, consultant 28 January 2011

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

Power to Innovate. Luc Verbist CIO De Persgroep 22/1/2015

IT Audit in the Cloud

Wat is nieuw in JD Edwards?

Cloud. Regie. Cases.

Security Architecture Principles A Brief Introduction. Mark Battersby , Oslo

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Anton Wilsens. The LIRIS Academy Keys to a successful mobile channel in the Financial Services Sector and beyond

Cloud Computing Governance & Security. Security Risks in the Cloud

Theme 1: IT Governance and Audit Methodologies

Cloud computing security in the Dutch Government

Met je hoofd in de wolken. Ard-Jan Glas

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Core Fittings C-Core and CD-Core Fittings

Launching NVL Next. The future of leasing. 26 november 2015

The Netherlands ICT R&D

How To Use Risk It

Cloud Security Introduction and Overview

Magic Software Enterprises. Composite Application Development Suite

ISO de internationale richtlijn voor risicomanagement

Copyright 2015 VMdamentals.com. All rights reserved.

Secure Cloud Identity Wallet


Understanding Crowd Behaviour Simulating Situated Individuals

PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH

ENISA and Cloud Security

Machineontwerp volgens IEC 62061

Van SARA naar Vancis ICT voor de Kenniseconomie. Dr. Anwar Osseyran SARA/Vancis Managing Director

Web Services Standards: obix in the wider XML Web Services context

BUSINESS MANAGEMENT SUPPORT

Medische hulpmiddelen en geneesmiddelen: Verschuivende grenzen in Brussel?

Software VOC netwerkbijeenkomst De kansen van OEM. Hans Schut OEM Partner Manager Nederland 9 juli 2014

The hackers are ready. Are we?

How to manage IT Risks and IT Compliance as a Service

Themabijeenkomst 17 april 2003

Information Security Management Systems

Operations and Network Center (CORE)

TiSEM Master's Programs admission academic year (students who intend to start in september 2016 or February 2017)*

Business Partners Strategie Nederland

Security Inspection Inc. Solutions to secure your network

How to deliver Self Service IT Automation

SDN van start naar finish

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

IS research relevance from an industrial perspective. Ir. A.F.Baldinger Chairman of NAF

Cloud Based E-Government: Benefits and Challenges

Waarom u nog niet naar de Cloud moet migreren

Resilience in Networks: Elements and Approach for a Trustworthy Infrastructure. Andreas Fischer and Hermann de Meer

Lean Maintenance & Asset Management The Best of Both Worlds

OutSystems on Oracle

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Integrated Information Management Systems

Transcription:

Datum 27-11-2011 1 Bedrijfszekerheid in ketens Risk Towards Trustworthy ICT Service Chains Control Assurance Integrated Assurance framework for ICT enabled service chains Drs Y.W. (Ype) van Wijk RE RA Rijksuniversiteit Groningen Business & ICT IT auditing 24 november 2011

Datum 27-11-2011 2 Agenda Towards Trustworthy ICT service chains (TTISC project) Bedrijfszekerheid en trends in ketens Content versus Delivery networks Assurance guidelines The atomic approach for controls in service chains Samenvatting en conclusie

Datum 27-11-2011 3 Towards Trustworthy ICT Service Chains Innovatie samenwerkingsverband ICT services chains Chain Governance, SaaS, SOA, ICT, IT Audit Risk Control - Assurance Bedrijfszekerheid in ketenautomatisering Framework Assurance Leading Indicators Rijksuniversiteit Groningen Bestuurlijke Informatica Drs Y.W. van Wijk RE RA PWC Accountant en IT consulting Nedlloyd operational audit Euronext Amvest BV Cobalus BV Rijksuniversiteit Groningen

Datum 27-11-2011 4 Bedrijfszekerheid in ICT ketens

Bedrijfszekerheid en ICT ketens service Datum 27-11-2011 5 service request service request Consument service Enabler (certificaat) Techniek ICT Netwerk - Architectuur Service leverancier Bedrijfszekerheid 44,4 mlrd Inkomstenbelasting Miljoenennota 2010

Datum 27-11-2011 6 Trends ICT ketens van Applicaties naar ketens van gekoppelde externe service netwerken van applicaties (linkedin, maps) SaaS en Cloud computing als distributeur Toename afhankelijkheid Nieuwe risico s en bedreigingen Applicatie leverancier afhankelijk vertrouwen leveranciers van leveranciers, ad infinitum. Need for assurance (e-government, e-business) Objectieve methode assurance Security, availability, quality of service (QoS) Assurance over totale keten.

Datum 27-11-2011 7 Service chain Assurance approach Business content risk Risk Control Assurance Delivery technical risk Risico in service ketens content networks - business inhoud network controls delivery networks - technische ICT control Generalisatie en conceptualisatie Integrated Assurance Framework for ICT enabled service chains

Datum 27-11-2011 8 Standards, Guidelines, Frameworks, Best Practices, Architecture theory s Standards ISO 27000 series ENISA Guidelines COBIT IT control objectives for cloud computing ITAF (IT Assurance Framework) Val IT Risk IT IEEE Practitioners research TEXO SAP research Project Master Chain governance Scientific research Organization theory Technical ICT research Architecture Audit theory Operations research Accountancy Architectures SOA SaaS Cloud computing Assurance Conceptualization in service chains?

Datum 27-11-2011 9 Assurance Back to Basic.

Datum 27-11-2011 10 Het basis Atoom van de service chain Content network Service Chain service Content Network request A B C Add value service request Risk Control Enactment Enforcement Delivery Network Delivery network Service Chain Risk Control Assurance

Datum 27-11-2011 11 Service chain propagation in content and delivery networks Content Network Service Chain Propagation Backward Content network Front Chain propagation Risk Delivery network Service Chain Propagation Delivery Network Service Chain Propagation Chain propagation Risk

Level business content assurance network Datum 27-11-2011 12 Enactment Organisatie Client Skin Organisatie Organisatie 3. Service Chain Assurance inkoop = service + service.. Enforcement Risk Control Assurance 1. INTRA-organisatie risk-control-assurance 2. INTER-organisatie risk-control-assurance

Level Technical delivery assurance network Datum 27-11-2011 13 Enactment Mobile network Client ISP TNT Enforcement Risk Control Assurance Security Vulnerability, confidentiality, Integrity, Authentication Quality of service (QoS) Bandwidth, Delay, Jitter, Round-trip time Availability Downtime, Mean-time between failure, Self healing properties

Datum 27-11-2011 14 Consequences for Architecture Service chain architecture Split content and delivery for chains Develop content assurance chain Develop delivery assurance chain Take care of proper enactment in the chain Agree on service chain enforcement Integrate on specific assurance indicators Service Based Auditing Institutionalize audit and dissemination assurance

Datum 27-11-2011 15 Conclusions Assurance is a primary condition for services business Assurance in service chains must add predictive value For Architecture it is important to integrate a-priori the leading indicators content and delivery network assurance Integrating assurance indicators in the design phase of service oriented architecture can support content and delivery assurance. Assurance by professional independent party opinion can be fundamental for trustworthy services in chains

Datum 27-11-2011 16 Towards Trustworthy ICT Service Chains Risk Control Dank voor uw aandacht Assurance Drs Y.W. (Ype) van Wijk RE RA Rijksuniversiteit Groningen Business & ICT IT auditing

Practitioners References Datum 27-11-2011 17 Standards ISO 27000 www.iso.org ENISA www.enisa.europa.eu Guidelines COBIT www.isaca.org IT control objectives for cloud computing www.isaca.org ITAF (IT Assurance Framework) www.isaca.org Val IT www.isaca.org Risk IT www.isaca.org Practitioners research TEXO Governance framework (SAP research) Project Master www.project-master.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information