Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology.

Slides:



Advertisements
Similar presentations
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Advertisements

Geneva, Switzerland, September 2012 m-Cloud for Homecare - Policy & Regulatory Challenges - Francesca Fontana, Associate at ICT Legal Consulting.
Cloud computing security related works in ITU-T SG17
International Standards for Software & Systems Documentation Ralph E. Robinson R 2 Innovations.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.
JTC 1 Strategic Advisory Committee Key Areas of Priority February 2014.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
ISO/IEC JTC1 SC37 Overview
SC38 Liaison Report to SC32 at SC32 meeting, Oct 24-28, 2011 Crete Baba Piprani/Canada SC38  SC32 Liaison 1 ISO/IEC JTC1/SC32/WG2 N1599.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Request for Study Period on Potential Standard Issues for Cloud Computing ISO/IEC JTC 1/SC 32/WG 2 Interim Meeting, Crete, Greece, October 2011 Sungjoon.
CS591 Troy Hutchison.  ISO series of standards have been specifically reserved by ISO for information security matters.  Health Insurance Portability.
Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.
Access to Medicine Index 3 rd International Conference for Improving the Use of Medicines Poster 599 Tuesday 15 th November 2011.
DOCUMENT #:GSC15-PLEN-64 FOR:Presentation or Information SOURCE:TTA AGENDA ITEM:Plenary 6.14 CONTACT(S):{kipark, chan, Kishik Park, Kangchan.
ITU Activities on Bridging the Standardization Gap (BSG) ITU Regional Standardization Forum for Africa (Kampala, Uganda, June 2014) Vijay Mauree,
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
Metadata for the Cloud Telco Motivation presentation to ISO/IEC JTC1 SC32 WG2 Ewelina Szczekocka, Orange Labs Poland, Telekomunikacja Polska S.A. 25th.
Defence and Security Division SC37 Paris status report CEN Biometric Focus Group Brussels January 26th 2005.
Evolving IT Framework Standards (Compliance and IT)
HL7 Webinar: Mobile Health Chuck Jaffe Austin Kreisler John Quinn 19 March 2012.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
DOCUMENT #:GSC15-PLEN-64 FOR:Presentation or Information SOURCE:TTA AGENDA ITEM:Plenary 6.14 CONTACT(S):{kipark, chan, Kishik Park, Kangchan.
Roles and Responsibilities
Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
Singapore: Benefits from Secure Clouds
INAC Support of Water and Wastewater in First Nation Communities Ontario First Nations Technical Services Corporation Water Symposium March 2010 CIDM#
National Science Foundation Directorate for Computer & Information Science & Engineering (CISE) Trustworthy Computing and Transition to Practice Secure.
SC38 Liaison Report for SC32 meetings Santa Fe, NM Baba Piprani Liaison Officer from SC32 to SC
Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” ​ Marco Carugi.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Cloud Computing in TTC Kazunori MATSUO, TTC Cloud Computing Advisory Group Document No: GSC16-PLEN-17.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
Potential standardization items for the cloud computing in SC32 1 WG2 N1665 ISO/IEC JTC 1/SC 32 Plenary Meeting, Berlin, Germany, June 2012 Sungjoon Lim,
Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP.
Committed to Connecting the World ITU-T Cloud Computing standardization activities Dr Chaesub Lee, SG13 Chairman ITU Workshop on "Cloud Computing Standards.
SC38 Liaison Report for SC32 meetings Gyeongju, Korea Baba Piprani Liaison Officer from SC32 to SC N2382.
ISO (C)SR Standard: Implications from a market access perspective Tom Rotherham International Institute for Sustainable Development (IISD)
SC 37 “Biometrics” and correlations with JTC1 Special Working Group on Accessibility Ing. Mario Savastano IBB (CNR) and DIEL (Federico II University of.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
SC38-SC32 Liaison Report Berlin SC32 Plenary, Baba Piprani SC32 N2235 Dated: R1.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Fostering worldwide interoperabilityGeneva, July 2009 IdM and Identification Systems Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration.
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
GSC-17, Jeju / Korea Standards for Shared ICT Standardization Activities on Cloud Computing in TTA, KOREA Eui-Nam Huh, TTA PG420 Chair Document No: GSC17-PLEN-17.
Privacy Protection Techniques & Security B. Claerhout.
Tunis, Tunisia, 28 April 2014 Cloud Computing Standardization Includes Security Ruan HE, Senior Expert, Orange, Verdana 24 2 nd SG 13.
Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016.
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
WG2 Roadmap Discussion Denise Warzel May 25, 2010 WG2 Convenor SC32 WG2N1424SC32 WG2N1424.
The InterNational Committee for Information Technology Standards INCITS Systems Integration: What/Why/How INCITS TC Officers Annual Symposium April 11-13,
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
Jeju, 13 – 16 May 2013Standards for Shared ICT Smart Grids activities in ETSI Presenter: Adrian Scrase ETSI Chief Technical Officer (CTO) Document No:
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
1 Other regulatory updates Town Hall Meeting June 2013 Adri Messerschmidt.
Cloud Computing: Legislative and Regulatory Frameworks Presentation to AREGNET Ria M. Thomas 29 April 2014 Occid-OrientStrategies.
ISO - Cloud Computing Standards 1 Cloud Computing Standards ISO Addresses the Challenge Cloud Computing Standards ISO Addresses the Challenge
eHealth Standards and Profiles in Action for Europe and Beyond
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Tutorials of Q.8: cloud security related works in SG17
ISO/IEC JTC 1/SC 7 Working Group 42 - Architecture Johan Bendz
Office of Nuclear Materials Safety and Safeguards
Kazunori MATSUO, TTC Cloud Computing Advisory Group
Data protection certification and cloud computing
GDPR & Accountability ISACA Ireland Annual Conference 2018
Joint meeting of WG’s DIKE, GES, POMESA 27 April 2017, Brussels
Recent Standardization Activities on Cloud Computing
Presentation transcript:

Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology Advisor Office of the Privacy Commissioner of Canada

Things We’ve Done Guidelines for Processing Personal Data Across Borders (January 2009) Cloud computing paper released early April 2010 Public consultations April – June 2010 Working on guidance for SMBs

Things We’ve Learned Privacy implications of cloud computing include: –Jurisdiction –Third party access –Security safeguards –Limitations on use and retention –Demonstrating/verifying compliance

How Standards Can Help To address new technology concerns (e.g. cloud computing) To address baseline issues such as limiting collection, data retention, safeguards, etc. Basis for Privacy Impact Assessments, Threat/Risk Assessments and Audits Basis for Systematic assessment of security requirements Basis for audit Basis for contractual agreements with cloud service providers

ISO Standards Development ISO/IEC JTC 1 SC7 (SSE) –Potential future work Cloud computing vocabulary Modeling cloud solutions Systems engineering of cloud-based solutions IT Service Management for Cloud Computing IS Governance Framework for Cloud Computing

ISO Standards Development ISO/IEC JTC 1 SC27 (IT Security) –Joint study period (WGs 1, 4, 5) –NWI proposal ISO (information security code of practice based on ISO 27002)(provisional) To be accompanied (eventually) by: – (requirements) – (legal and regulatory code of practice) – (service code of practice) – (audit guidelines)

ISO Standards Development ISO/IEC JTC 1 SC38 (DAPS) –WG 1 – Web Services –WG 2 – Service Oriented Architecture –Study Group on Cloud Computing Released a study report in June 2011

ISO Standards Development SGCC Report (June 2011) –Part 1: Concepts, Terms and Reference Model –Part 2: Standardization Requirements for Cloud Computing –Part 3: Standardization Initiatives for Cloud Computing –Part 4: Assessment of Areas for JTC1 Standardization

ISO Standards Development SGCC Report (June 2011) –Technical requirements Terms and definitions Interfaces Security technology Format and meaning of data –Management requirements Service provider qualification Service quality metrics, Service audit Service agreements

Other Efforts ITU-T Focus Group on Cloud Computing Open Grid Forum Cloud Computing Interoperability Forum Open Cloud Consortium Cloud Security Alliance ETSI OASIS …

Challenges for Regulators DPA mandate is enforcement/compliance Many DPAs are limited in resources Lack of appropriate expertise So many standards development activities underway –Where to focus our efforts? Difficulty in demonstrating ROI

Questions? Steven Johnston Senior Security and Technology Advisor Office of the Privacy Commissioner of Canada

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.