© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems.

Slides:

Advertisements

Similar presentations

Microsoft Operations Framework (MOF) 4.0

Advertisements

Course: e-Governance Project Lifecycle Day 1

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,

Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,

Agenda COBIT 5 Product Family Information Security COBIT 5 content

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Security Controls – What Works

By Collin Smith COBIT Introduction By Collin Smith

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

SEC835 Database and Web application security Information Security Architecture.

DIY HEALTH CHECK… ARE YOU READY FOR THE NEW HORIZON? Linda Hayes, Managing Director, Corporate Synergies Australia 1.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.

ISA 562 Internet Security Theory & Practice

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

Computer Science and Engineering 1 Cloud ComputingSecurity.

Cloud Security Alliance Research & Roadmap

Cloud Security Alliance Overview and Organizational Plans Jim Reavis, Co-founder & Executive Director August 5, 2009.

About Sally Smoczynski Background in process improvement Consultant in Information Security, Service Management and Business Continuity Strong experience.

EHR System (EHR-S) Functional Requirements Implementation Guide: Laboratory Results Interface (LRI) Kickoff March 3 rd,

PKI Forum Mission “The PKI Forum is an international, not-for-profit, multi- vendor and end-user alliance whose purpose is to accelerate the adoption and.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” Marco Carugi.

Copyright © 2011 Cloud Security Alliance Cloud Security Alliance Research & Roadmap Jim Reavis, Executive Director, CSA.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010.

EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Spotlight on Cloud Computing February 2, 2011 A Vision for Cloud- and Earth- based Services at UC Davis 1.

EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

FinCoNet Annual General Meeting Workshop I: Strategic Priorities 15 th October 2015, Cape Town Bernard Sheridan, Director of Consumer Protection, Central.

Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.

© Cloud Security Alliance, 2015 March 2, Agenda © Cloud Security Alliance, 2015 The SecaaS Working Group Recent Activity Charter Category outline/templates.

A Methodology to Evaluate the Trustworthiness and Security Compliance of Cloud Service Providers Sasko Ristov Ss. Cyril and Methodius University, Skopje,

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Clouding with Microsoft Azure

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

VIRTUALIZATION & CLOUD COMPUTING

Speaker’s Name, SAP Month 00, 2017

Security and Boundaryless Information Flow

The Open Data Center Alliance

Making Information Security Manageable with GRC

Proposal to Create IAM Working Group

Developing a Baseline On Cloud Security Jim Reavis, Executive Director

Computer Science and Engineering

Data Governance & Management Skills and Experience

IT Management Services Infrastructure Services

Presentation transcript:

© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems

Agenda © Cloud Security Alliance, 2015  Charter /Members  What is Data Governance  Data Governance Models (Under Development)  Cloud Data Protection Model  Activities  Get Involved

Propose a data governance framework to ensure the, availability, integrity and overall security and privacy of data in different cloud models. This framework would feed into the GRC stack with tie ins across the CAIQ, CCM and STAR Develop thought leadership materials to promote CSA’s leadership in the the area of data governance in the cloud Please review our Data Governance Workgroup Charter Documenthttps://docs.google.com/a/cloudse curityalliance.org/document/d/1FhllAR4KnwP GCXwZEi4xtezzLQF9LHISlfElzJMTk30/edithttps://docs.google.com/a/cloudse curityalliance.org/document/d/1FhllAR4KnwP GCXwZEi4xtezzLQF9LHISlfElzJMTk30/edit © Cloud Security Alliance, Charter

Fostering collaboration across: Key industry leaders from different verticals Academia Industry analyst associations Vendor subject matter experts Do join our discussion on LinkedIn: CSA Cloud Data Governance Working Group CSA Cloud Data Governance Working Group © Cloud Security Alliance, Membership

Cloud Data Governance Challenges 1.Data Protection (65%) 2. Security Management (42%) 3. Compliance (53%)4. Data Governance (73%) Is data safely protected while in motion, in use or stored in the cloud How is the availability of data in the cloud assured? How are assurance levels effectively managed by the cloud provider Can I get a snapshot of the cloud provider’s security management capabilities at any point Can the cloud provider demonstrate that regulatory controls are implemented effectively and sustainably? Who owns/accesses/edits/m odifies my data in the cloud? Data does not equal a one-size fits all model How do you measure policy enforcement? How do you enforce policy? Based upon informal survey with CISOs and InfoSec leaders from Dimension Data, Kloud, CSA Enterprise Council (43 InfoSec leaders worldwide from SP and Enterprise) and FSISAC Banking Leaders – NEED to set up User Focus Groups to hone in by segment and industry Over-emphasis on technology controls often leads to underlying weaknesses in processes

Cloud Deployment Model Risks Private Community Public SaaS Public IaaS Least risk due to single ownership. Enterprise control over legal regulatory needs Greatest risk due to least amount of control for consuming organization. Risk dependent on provider. Shared legal/regulatory needs Moderate risk due to multi- tenancy – however, common regulatory/legal needs High risk amount of risk. Shared model and shared regulatory/legal needs

Canonical Question Set Guidance V3 Data Life Cycle Create …StoreUse Phase 1 Categories Data DiscoveryLocation of Data Q1.1 WhoV Q1.2 ….VV QWhatV …VVV Where … When …

Aligning Governance Models to Security Frameworks Plan/Ob serve Do/Orien t Check/D ecide Act Four Inter-related Domains of COBIT Operational and support-oriented processes Compliance and security IT goals Compliance and risk business goals Source: ISACA Achievements cascade Drives Plan-Do-Check-Act Observe-Orient-Decide-Act

Example of Governance Framework Tied to CSA Cloud Controls Matrix 3 phases to govern are Plan (Plan and Organize) Do (Acquire and Implement, Deliver and Support) Check, Act (Monitor and Evaluate) Planning ProcessesFunctional ProcessesEvaluation Processes 3. Business Continuity Management1. Application & Interface Security2. Audit Assurance & Compliance 5. Data Security and Information Lifecycle Management 6. Datacenter security4. Change Control Management 8. Governance and Risk Management 7. Encryption and Key Management14. Security Incident Management 12. Interoperability and Portability9. Human Resources 15. Supply Chain Management10. Identity and Access Management 11. Infrastructure and Virtualization Security 13. Mobile Security 16. Threat and Vulnerability Management

Example of Governance Framework tied for CCM Data and Lifecycle Management Domain

PAGE 11 Data Governance Milestones KPIs and tools for measurements in place Sporadic data issues communication Standardized data definitions and rules in place Processes defined by individual technology functions Standardized process per organization/ Processes are centralized, controlled and measured Undefined data management policies Ad hoc processes / per data management Value of Security Risk Management AD HOC MANAGEDDEFINEDPROACTIVEOPTIMIZING Value driven Quantitative management of data Real-time analysis and resolution Continuous process improvements – way of life Stages

1 Exploring Toolsets for Cloud Data Governance Steps

Contribute LinkedIn Group Consider joining us on LinkedIn: CSA Cloud Data Governance Working Group CSA Cloud Data Governance Working Group Mailing List Our mailing list is hosted on the Cloud Security Alliance listserv: nance nance

References & Links Geospatial datalifecycle of-geospatial-data-lifecycle-a16.pdf of-geospatial-data-lifecycle-a16.pdf CCAQIS

? ? ? ? © Cloud Security Alliance, 2015