Working Group on. First Working Group Meeting 29.5.2012



Similar documents
Adopting Cloud Computing with a RISK Mitigation Strategy

Global Efforts to Secure Cloud Computing

Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Cloud Security and Managing Use Risks

Cloud Security: Critical Threats and Global Initiatives

! Global Efforts to Secure! Cloud Computing

Analysis One Code Desc. Transaction Amount. Fiscal Period

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Key Considerations of Regulatory Compliance in the Public Cloud

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Security Issues in Cloud Computing

Information Auditing and Governance of Cloud Computing IT Capstone Spring 2013 Sona Aryal Laura Webb Cameron University.

ENISA and Cloud Security

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Cybersecurity Framework: Current Status and Next Steps

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

Specialist Cloud Services. Acumin Cloud Security Resourcing

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cloud Security. DLT Solutions LLC June #DLTCloud

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

CIP 2016 Project Outline

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Cloud Security Certification

Cloud Services Overview

Copyright 2010 NTT DATA AgileNet L.L.C. 12/06/2010 NTT DATA Agilenet L.L.C. Kenji Motohashi

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Cloud Computing ISO Security and Privacy Standards: 27017, 27018, Mike Edwards (Chair UK Cloud Standards Committee)

Protect Yourself in the Cloud Age

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Toward global Interoperable Identity Management

Selecting a Cloud Service Provider (CSP)

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Logically Securing a Public Cloud Service

Cloud Security Introduction and Overview

NICE and Framework Overview

John Essner, CISO Office of Information Technology State of New Jersey

Security Architectures for Cloud Computing

A Review : Security Framework Information Technology for University Based on Cloud Computing. E.S. Negara, R. Andryani

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

Big Data, Big Risk, Big Rewards. Hussein Syed

Ensuring Cloud Security Using Cloud Control Matrix

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

A Comprehensive Study on Cloud Computing Standardization

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

Accenture Cyber Security Transformation. October 2015

AgriLife Information Technology IT General Session January 2010

How a Cloud Service Provider Can Offer Adequate Security to its Customers

How to ensure control and security when moving to SaaS/cloud applications

Practical Vendor Management to Minimize Compliance Risks November 12, 2015

Compliance and the Cloud: What You Can and What You Can t Outsource

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Assessing Risks in the Cloud

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

CERTIFICATE PROGRAMME ON CLOUD SPECIALISTS DEVELOPMENT

Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

Cloud Computing Standards: Overview and ITU-T positioning

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

How to Lead the People in a Program Based Environment

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Information Security Management Systems

Security and Cloud Computing

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Cloud Computing Governance & Security. Security Risks in the Cloud

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

CONTROLLING CLOUDS: BEYOND SAFETY

TOOLS and BEST PRACTICES

Are You Prepared for the Cloud? Nick Kael Principal Security Strategist Symantec

VA Medical Device Protection Program (MDPP)

CHAPTER 1 INTRODUCTION

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Government Projects (as Prime Contractor)

Cisco Cloud Assessments. Justin Tang

CISA TIMETABLE (4 DAYS)

best practice guide The Three Pillars of a Secure Hybrid Cloud Environment

Cloud Courses Description

The Cloud Security Alliance

New Requirements for Security and Compliance Auditing in the Cloud

Transcription:

Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1

Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of Some Publicly Available Cloud Security Best Practices and Related Documents Cloud Security Frameworks 2

Security Standards and Status Categorization Authentication & Authorization Number of standards that are approved/ accepted by market 11 Number of standards that are under development 0 Confidentiality Integrity 7 0 4 0 Identity Management Security Monitoring & Incident Response Security Policy Management 4 7 3 1 0 0 Availability 1 0 Source : NIST Cloud Computing Standards Roadmap (July 2011) 3

List of Some Publicly Available Cloud Security Best Practices and Related Documents Organisation Document Title Timeline Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing Nov 2011 (version 3.0) (CSA) Cloud Controls Matrix (CCM) Aug 2011 (version 1.2) Top Threats to Cloud Computing Mar 2010 European Network and Cloud Computing, Benefits, risks and recommendations for information Nov 2009 Information Security Agency (ENISA) security Security & Resilience in Governmental Clouds Jan 2011 Cloud Computing Information Assurance Framework Nov 2009 ISACA Guiding Principles for Cloud Computing Adoption and Use Feb 2012 ITU-T Focus Group on Cloud Cloud Computing Security Feb 2012 Computing National Institute of Standards Guidelines on Security and Privacy Issues in Public Cloud Computing Jan 2012 ad and Technology oo (NIST) NS (NIST 800-144) Open Data Center Alliance (ODCA) Open Group Cloud Work Group Security Monitoring Jun 2011 Security Provider Assurance Jun 2011 An Architectural View of Security for Cloud Jun 2011 Security For Cloud and SOA Reference Architecture Drafting Final: 2Q2012 Open Group Cloud Security position paper 2Q2011 Group Security For Cloud and SOA Reference Architecture Drafting Final: 2Q2012 4

Cloud Security Framework (1) Cloud Architecture Domain 1: Cloud Computing Architectural Framework Governance Domains Domain 2: Governance and Enterprise Risk Management Domain 3: Legal Issues : Contracts and Electronic Discovery Domain 4: Compliance and Audit Domain 5: Information Management and Data Security Domain 6: Portability and Interoperability Operational Domains Domain 7: Traditional Security, Business Continuity, and Disaster Recovery Domain 8: Data Center Operations Domain 9: Incident Response, Notification, and Remediation Domain 10: Application Security Domain 11: Encryption and Key Management Domain 12: Identity and Access Management Domain 13: Virtualization Domain 14: Security as a Service Source : Security Guidance for Critical Areas of Focus in Cloud Computing V3.0 issued by Cloud Security Alliance in November 2011 5

Cloud Security Framework (2) Governance Compliance Trust Architecture Identity and Access Management Software Isolation Data Protection ti Availability Incident Response Source : Guidelines on Security and Privacy in Public Cloud Computing (800-144) issued by NIST 6

Summary Most of the security standards are mature and accepted by the market, except Requirement of IdM in Cloud Computing Significant number of cloud security best practices and related documents are publicly available, yet few tailored for the local environment Although different organizations have different cloud security framework, the basic components are similar 7

Potential Focus Areas of the Working Group Development of cloud security best practices, guidelines or standards d that are tailored df for the local l environment. For example, a best practices guide on cloud security and privacy of public cloud for local SMEs. Participation in the development of security standards that t not yet available or being developed d but not yet t approved or accepted by the market. For example, Identity and Access Management standards. Identification of cloud security framework components that the Working Group would pay more attention to. For example, Compliance and Audit. 8

Objectives of Cloud Security Standards Create a common, shared and consistent language/terminology in describing security controls Provide an open and fair framework for industry level compliance Enable cloud users to compare different cloud offerings off erings Encourage cloud service providers to invest in IT security controls Lower overall risk and cost for Hong Kong industry to adopt cloud computing 9

-END - 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information