Identity, Management & Federation  Can you ever trust someone you don't manage?  John Arnold Chief Security Architect, Capgemini  Geoff Sweeney CTO,

Slides:



Advertisements
Similar presentations
SKILLS SUMMIT November 2012 Warwick Quinn. Topics Today What is the Construction Safety Council? CSC Strategic Plan Current Initiatives Competency framework.
Advertisements

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
BalaBit Shell Control Box
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
Chapter 10 Accounting Information Systems and Internal Controls
1 The Development of Corporate Governance in Hong Kong Paul M Y Chow Chief Executive Hong Kong Exchanges and Clearing Limited Presented at the AIA Luncheon,
Professional Behaviour
5 Things Every Trustee Should Know/Do 1.Responsibilities 2.Governing Document 3.Prudent Control 4.Strategic Leadership 5.Challenge 6.Evaluation.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
1 Question 5 : Are they well led? Supporting staff Temporary Staffing MAST Staff Appraisals.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
The Australian/New Zealand Standard on Risk Management
Computers: Tools for an Information Age
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Management of Health & Safety Joe McNicholas July 2000.
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
Session 3 – Information Security Policies
Tips and Tricks for CFO’s Global Expansion Alliance Webinar John Galvin, June
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Chapter 7 Database Auditing Models
Welcome ISO9001:2000 Foundation Workshop.
Inspecting A Hedge Fund 2010 NASAA IA Training. Preparing for the Inspection  Getting over your fears  Treat as any other advisor  Preparation  Obtain.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
James Aiello PricewaterhouseCoopers Africa Utility Week 06 International Good Practice in Procurement.
Health and Safety Policy
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
For broker-dealer use only. Not for use with the public. PROCU 2012 ANNUAL MEETING REGULATORY UPDATE Michael D. Burns Chief Compliance Officer October.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
Change Management Facilitation Model
Managing Your Farm and Ranch Operation
The role of students in the representation of their own learning. The one-stop shop for the HE Progress File
Self Directed Support and the Workforce. SDS offers four options Option 1 – direct budget, complete control and flexibility Option 2 – control over design.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Slide 1 Mike Trigg Group Money Laundering Reporting Officer.
Jeff Miller Tamra Pawloski IT Procurement Summit headline news…
3 rd Jericho Forum European Conference Delivering solutions to the Jericho Forum Blueprint 24 th April 2005 Olympia, London Hosted by Reed Exhibitions.
APA – Fundamentals of Payroll Chapter 2 – Payroll Systems March 10, 2012.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Unit 9 Seminar Business Organizations. Things to do this unit: UNIT 9 – Read Chapter 13 and 14 – Respond to the Discussion Board – Attend the Weekly Seminar.
Topic 5: Preparing for the world of work. Activity 1: My skills.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 4.3: Internal Control & Audit.
Copyright © Houghton Mifflin Company. All rights reserved.8-1 Chapter 8 Developing an Effective Ethics Program.
Datewww.local.gov.uk Research Findings Service Delivery Models and their HR Implications Anastasia Simpson & Stephen Cooper 17 th March
Contract Management Friday 20 July Agenda 1.Welcome and introductions 2.Supplier Relationship Management – an overview 3.Group exercise and feedback.
The Social Care Commitment. White paper initiative ‘caring for our future’ Improving care, and the public’s confidence in care Developed by employers,
When things go wrong: reducing the risk of FCA enforcement action Birmingham 2016 Insurance and Financial Services Conference Wednesday, 18 June 2016 Jonathan.
Update from the Faster Payments Task Force
Developing an Effective Ethics Program
LAND RECORDS INFORMATION SYSTEMS DIVISION
Automating Security in the Cloud
Topic 5: Preparing for the world of work
Topic 5: Preparing for the world of work
Presentation transcript:

Identity, Management & Federation  Can you ever trust someone you don't manage?  John Arnold Chief Security Architect, Capgemini  Geoff Sweeney CTO, Tier-3

© 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 2 Overview  Jericho Forum’s Trust Paper –What is trust –How can we manage trust in a de-perimeterised organisation?  Tier-3 Experience with monitoring outsourced back-office for a bank

Why should we care about Trust?  Modern IT security is largely about constraining behaviour against rules in a directory  Today, we are happy to maintain that directory manually  As organisations become more porous, so do their directories  Trust is a general framework for managing directories effectively

© 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 4 Why do I trust my employees  Employment is governed by a contract –Rules of behaviour laid out for both sides –System of rewards and penalties for desired and undesired behaviour  Employment is trusting and co-operative –Employee trusts employer to pay him in arrears –Employer trusts employee not to damage his interests –The legal system, and informal sanctions, punish non-co- operation

© 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 5 How do I trust non-employees?  I will trust people to perform a task if –They have the necessary resources and skills –They are well disposed towards me –I can hold them accountable  Any form of trust can be treated as a contract –The terms must be made clear –The performance of both sides must be monitored –An accountability mechanism is required to handle non- compliance

© 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 6 Generic Trust Model Contract Formation Contract Performance Contract Monitoring Service Catalogue ProvisioningUser Audit Shopping CartFulfilmentFraud Detection

© 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 7 Trust Continuum High TrustLow Trust Strict registration and reputation checking Basic registration Emphasis on accountability Emphasis on access control Long term relationshipShort term transaction

Background  International Bank  Off shoring opportunity based in India –Attractive cost proposal  Risk management concerns –IT Security major focus  Enforcement of contract terms –SLA monitoring –Regular reporting © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 8

Key Challenges  No sure way to control outsourced environment  Detailed audit provisioning –Audit use of banking environment Network’s Operating environment Application layer –Control and monitoring of all connected devices  Real time response –Critical situation resolution © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 9

Audit Analysis  Record all network activity –VPN handoff Real time connected asset view Anomalous communications Use of bank assets –Operating system layer Account logon/off File access –Applications layer Database access (query level) Mainframe use © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 10

Ongoing Process  Compliance statement –Management reporting  Real time monitoring –Investigation and threat prioritisation  Regular reporting back to outsourcer –Anomalous and inappropriate activity SLA implications Commercial resolution © 2004 Capgemini - All rights reserved Xxx/yymmdd - Title of the presentation, Author / 11

Benefits  Monitoring makes up for difficulties with access control  Allows organisations to build up trust  Modern technology allows audit analysis to be performed in real time  Allows participants, and 3 rd parties, to gain confidence in each other  Makes new types of de-perimeterised business partnerships viable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.