Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP.

Slides:



Advertisements
Similar presentations
.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
The FireHost Payment Island ™ A Layered Explanation.
Bill McClanahan – Principal Business Consultant LPS Integration.
Module 2 – PenTest Overview
Audit file reviews ordered by ACCA Audit file review orders Key features Basis of ACCA’s audit file assessment Guidance for firms (and “hot” reviewers)
EMS Auditing Definitions
NAIC Review of ERM & Internal Controls David Altmaier Florida Office of Insurance Regulation.
The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1.
MasterCard Site Data Protection Program Program Alignment.
Measure what matters – to build stronger financial performance and to achieve financial stability under OFR Peter Scott Peter Scott Consulting
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.
How to Gain Comfort in Losing Control to the Cloud Randolph Barr CSO - Qualys, Inc SourceBoston, 23. April 2010.
Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.
Implementing and Auditing Ethics Programs
Fundamental Auditing Concepts. Materiality Evidence Independence Audit risk IS and general audit responsibilities for fraud Assurance.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
VULNERABILITY ASSESSMENT FOR THE POLICE DEPARTMENT’S NETWORK.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
5-1 Lesson 5 | Common Issues & Challenges. Describe how RSAs address project schedule (time), project cost, and agency liability concerns. Explain the.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Engineering Essential Characteristics Security Engineering Process Overview.
Forming a Cost Assignment/ Cost Recovery Team RMATS Steering Committee January 13, 2004.
Introduction to Information Security
6 November 2013 Created for IEA Conference Presented by: M. Cristina Ferrari NAVFAC SW Environmental Program Manager Naval Facilities Engineering Command.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Frontline Enterprise Security
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.
Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Compliance is Pretty Important, I Guess Florida Gulf Coast ARMA Meeting.
Tracking Assets Spot Audit Inventory Accounting The University of Texas at Austin.
CYBER SECURITY PRACTICES: AN EXPERT PANEL DISCUSSION February 12, 2015 Harvard Business School Association of Boston.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
IT Audit and Penetration Testing What’s the difference and why should I care?
School Readiness Components of a Mixed- delivery System Blended Classrooms Braided Funds Community Partners.
Security and resilience for Smart Hospitals Key findings
Michael Romeu-Lugo MBA, CISA March 27, 2017
Cyber Security for Building Management
Cybersecurity - What’s Next? June 2017
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Career Opportunities in Public Accounting
360 degrees on compliance Adrian Marlowe 8th March 2016.
Policies and Standards Governance
Hot Topics:Mobility in the Cloud
Implementing and Auditing Ethics Programs
Cloud Service Procurement: Engaging the CISO for a Risk Assessment
Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.
Analysis of the Final HIPAA Security Rule
CMGT 431 STUDY Education for Service- -cmgt431study.com.
General Counsel and Chief Privacy Officer
National Cyber Security
Canadian Auditing Standards (CAS)
IS4680 Security Auditing for Compliance
Bioprocess Engineer NOS Functional Map v4
Information Services Security Management
Managing IT Risk in a digital Transformation AGE
Compliance in the Cloud
Modern benefits administration and HR software, supported by us.
What you need to know about conducting a contract compliance audit Even small organizations may be hundreds or thousands of active contracts at any one.
Audit.
Cloud Computing for Wireless Networks
Presentation transcript:

Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP

About Me … Jason Smith, CISSP IT Security and Compliance Consultant Internetwork Engineering Dutch Oven Cobbler maker

What is this “Cloud” that you speak of?

Cloud Benefits $$$$$

Cloud Risks $$$$$$

What is the new “Normal”? Your network has changed! Has your regulatory scope changed? Who has responsibility for the network? Does your documentation reflect the “new normal”? How about access control?

Mitigate Early! Reference your last audit or assessment and work with the solution provider or a 3 rd party specialist to understand what if anything may have changed or will change. Perform a risk assessment against the Pre-Build documents from the solution provider. Plan for a Penetration Test Will the provider have access to the data or the systems? What are their processes and procedures? Do you now have web facing servers?

Trust, but verify. Risk and Vulnerability assessment. Do a Vulnerability Assessment Do a Risk Assessment Discuss the patching and mitigation responsibilities with your cloud provider. Penetration Testing Required for PCI and some other regulations Should be conducted at least annually Liability and Legality

Time to get some help Consider engaging a 3 rd party consultant to assist with compliance and security concerns. Budget for 3 rd party professional services in the transition project Know what you need: Assessments Routine Process development Road Map

Questions? Jason Smith, CISSP IT Security and Compliance Consultant Internetwork Engineering