OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory.

Slides:



Advertisements
Similar presentations
Driving Factors Security Risk Mgt Controls Compliance.
Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Security Controls – What Works
Information Security Policies and Standards
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
100 % UPTIME SLAs 27 | 8 DATA CLOUD CENTERSPODS SSAE-16, SOC 2 TYPE II, PCI-DSS, HIPAA, HITECH AT101, NIST , SAFE HARBOR COMPLIANT POWER INFRASTRUCTURE.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Buying factors – HP.
Information Security Update CTC 18 March 2015 Julianne Tolson.
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.
Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta ext 12 Third Workshop on Cyber Security & Global.
Idaho Cybersecurity Task Force Department of Administration 16 Sep 2015.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Daniel Cuschieri Information Security Distance Learning Weekend Conference August 2013.
CalCloud Government End-User Group November 4,
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
STANFORD UNIVERSITY RESEARCH COMPUTING Are we outliers? Institutional minimum security requirements RUTH MARINSHAW OCTOBER 14, 2015.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Enhancing Network Security
Presenter: Mohammed Jalaluddin
Dell Compellent and SafeNet KeySecure
Payment card industry data security standards
Team 1 – Incident Response
VIRTUALIZATION & CLOUD COMPUTING
Capabilities Matrix Access and Authentication
Secure & Unified Identity
CalCloud Government End-User Group
Developing a Baseline On Cloud Security Jim Reavis, Executive Director
NCHER Knowledge Symposium Federal Contractor/TPS Session
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Governance, Risk, and Compliance Systems in Higher Education
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
Compliance in the Cloud
IT Management Services Infrastructure Services
Presentation transcript:

OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory controls January 20, 2016

OTech CalCloud IaaS Security Policy Pyramid 2 CalCloud Standards Dept. of Technology Policy State Policy Data Center Standards Customer Policy Customer Policy CalCloud Customer Application January 20, 2016

OTech CalCloud IaaS Security Controls 3  A formal security control program is in place (FedRAMP V2)  ~325 FedRAMP controls assessed against 25+ domains  Compliance support to other authorities available; applicable to infrastructure controls only  CalCloud security controls can be shared with customer security personnel under strict controls and agreements January 20, 2016

OTech CalCloud IaaS Security Stack 4 IBM + California Dept of Technology Security Controls (ISeC) (CalCloud Information Security Controls) The Federal Risk and Authorization Management Program (FEDRAMP V2 – Includes NIST Rev 4) Workload Specific Security (HIPAA) Workload Specific Security (PCI DSS) Workload Specific Security (IRS 1075) Workload Specific Security (SSA) Workload Specific Security (other) Base Level Security Profile Hosted inside the California Department of Technology’s data centers and protected by firewall(s) CalCloud tiered security model January 20, 2016

OTech CalCloud IaaS Security Key Elements 5 Encrypted Two-Factor Authenticated Sessions Cloud Border Security Admin Access Only from Territorial U.S. Log of All Administrative Actions Least Privilege and Separation of Duties Practice Data are Property of the State Infrastructure Hardening Coordinated Security Incident Handling Vendor(s) Background Checked Encryption at Rest (Option) Coordinated Change Control Security Awareness Training Including IRS Disclosure Strong Tenant IsolationCoordinated OS PatchingNo Shared Credentials Isolated Security Tiers (network) Configuration and Vulnerability Monitoring Controlled Administrative Access January 20, 2016