Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA

Slides:

Advertisements

Similar presentations

NISSG Open Meeting, 28/06/ ENISA. NISSG Open Meeting, 28/06/ The Agency ENISA: European Network and Information Security Agency Headquarters:

Advertisements

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

World Bank Financial Management Sector September 2010.

THE STRATEGIC COUNCIL LEADERSHIP TRUST AND ENGAGEMENT NEW FUNDING SOURCES AND NEW DELIVERY VEHICLES Appendix 1 NEW FUNDING SERVOURCES AND NEW DELIVERY.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

ENISA – Cloud Computing Security Strategy Dr Steve Purser Head of Technical Department European Network and Information Security Agency.

EFSA’s Mission and Priorities Bernhard Berger Head of the Advisory Forum and Scientific Cooperation Unit Conference “Importance of food additives today.

PROCURE SECURE Continuous monitoring for public sector cloud services Dr. Giles Hogben European Network and Information Security Agency.

Security Controls – What Works

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )

SMART GRID DEVICES SECURITY CERTIFICATION

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

July 8-9, 2014 | Ronald Reagan Building | Washington, DC Federal Cloud Computing Summit Dr. Barry C. West Cloud Tools and Integration.

Computer Security: Principles and Practice

NIS Directive and NIS Platform

The Information Systems Audit Process

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Stephen S. Yau CSE , Fall Security Strategies.

ENISA and Cloud Security

National Cybersecurity Management System

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

1 ENISA: Fostering the European Cooperation on Network & Information Security Dr. Panagiotis Trimintzios, CISSP European Network &

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

1 EU Collaboration in Network and Information Security Baltic IT&T Forum 2006 Riga, 6 April 2006 Dr. Ronald de Bruin ENISA.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

Change and Patch Management Controls Critical for Organizational Success Global Technology Auditing Guide 2.

Test Organization and Management

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

State Data Center Oregon Consumer Identity Theft Protection Act Information Forum October 31, 2007.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

National Institute of Standards and Technology Information Technology Laboratory 1 USG Cloud Computing Technology Roadmap Next Steps NIST Mission: To promote.

IT Internal Audit “Hot Topics” April 2011 Agenda Survey Overview Survey Results IT Internal Audit Hot Topics Overview – Social Media and Social Networking.

ENISA efforts for securing European Internet Infrastructure

European Union Agency for Network and Information Security ENISA and Cloud Security Dimitra Liveri| NIS Expert EuroCloud Forum 2015| Barcelona|

Cloud of Clouds for UK public sector. Cloud Services Integrator.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Geneva, Switzerland, 14 November 2014 ENISA and Cloud Certification Dimitra Liveri Security and Resilience of Communication Networks Officer ENISA ITU.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.

Improving NIS in the EU Dr

European Union Agency For Network And Information Security Enhancing the security of CIIPs in Europe – eHealth and ENISA Dr. Evangelos Ouzounis, Head of.

ISACA Ireland Cyber Security Policy 9 February 2016.

Trusting your organisation UK Card Fraud Conference 2012 Keith Dewey, 28 March 2012.

Managed IT Services JND Consulting Group LLC

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

About the NIS directive

Cyber Security coordination in Europe CERT-EU’s perspective

San Francisco IIA Fall Seminar

I have many checklists: how do I get started with cyber security?

8 Building Blocks of National Cyber Strategies

Cyber attacks on Democratic processes

Trust and Security Unit

Cyber Risk & Cyber Insurance - Overview

CIPSEC architecture CIPSEC workshop Frankfurt 16/10/2018

Community of Users.

Computer Security Cooperation in Europe

Managing IT Risk in a digital Transformation AGE

Presentation transcript:

Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA

o The European Network and Information Security Agency o gives advice on information security issues o to national authorities, EU institutions, citizens, businesses o acts as a forum for sharing good NIS practices o facilitates information exchange and collaboration o Set up in 2004 – EC proposed a new mandate for New mandate pending of Council and Parliament approval. o Around 35 security experts and 25 supporting staff. o ENISA has an advisory role (not operational) and the focus is on prevention and preparedness. About ENISA 2

Information Security Risks 3 information security risks time

Part of the solution 4 Cloud computing Smartphones and apps Social media

5 The Shining Cloud

6 o 2009 Cloud computing risk assessment o 2009 Cloud security control framework o 2011 Security and resilience for gov clouds o 2011 Security parameters in gov cloud SLAs o 2011 EU Cloud strategy o 2012 Procure secure o 2012 Critical clouds ENISA’s cloud security work

Leverage

Resilience 8

9 Security will drive adoption of cloud computing

Trust

11 Security and assurance standards

12 Penetration tests

13 Backup/failover tests

14 Data portability tests

From periodic certification to continuous monitoring 15 Cloud security; if you can’t measure it, you can’t manage it

o Work started as an ENISA/OASIS/CSA workshop o Guide for customers on monitoring security parameters of cloud services o Checklist with questions to ask o 8 security parameters o What and How to measure. Independence? o When to rise a flag? Responsible (Customer/Provider)? o Examples of security parameters o Service availability o Incident response o Vulnerability management Procure secure 16

1.Service availability: monitoring, thresholds 2.Incident response: Severity classification, management capabilities 3.Service elasticity and load tolerance: burst tests, who? 4.Data life-cycle management: back-up frequency & integrity 5.Technical compliance and Vulnerability management: Configuration, patches, vulnerability discovery & reporting, 3 rd party 6.Change management: Notification, critical periods, loss of certification status 7.Data isolation: categories of data, independent test? 8.Log management and forensics: frequency, granularity, availability, cross checking Procure secure: security parameters 17

Dr. Marnix Dekker Prof. Manel Medina About securely moving to smartphones and cloud computing Security parameters in Cloud SLAs security/test/procure-secure-a-guide-to-monitoring-of- security-service-levels-in-cloud-contracts security/test/procure-secure-a-guide-to-monitoring-of- security-service-levels-in-cloud-contracts Contact 18