Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Management Services Infrastructure Services

Published byAnni-Kristiina Saaristo Modified over 5 years ago

Similar presentations

Presentation on theme: "IT Management Services Infrastructure Services"— Presentation transcript:

1 IT Management Services Infrastructure Services
Controls Wells Fargo Technology Controls Cube Security Controls Business Controls Regulatory Controls The Technology Controls Cube defines controls across three dimensions to establish clear accountability and ensure completeness of coverage Controls – Defines the requirement Operations – Defines how the control is implemented and who is responsible for implementing the control Technology Stack – Defines where the control is implemented in the technology stack Applications Data Services Security Services IT Management Services Platform Services Infrastructure Services Operations Tech Stack

2 Full Stack Automation (FSA) Scope for DevSecOps
Controls deployed in a uniform manner across the technology stack by leveraging Full Stack Automation Cross-organizational, engineering practice and capability that breaks down barriers and establishes collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production Encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort – from Sunrise to Sunset Provides built-in security controls through automation of the software development lifecycle along with enablement of security monitoring and integration with cyber threat management

3 Full Stack Automation (FSA) for DevSecOps
IT Management Servceis Supply Chain / Vendor Management Change Management Asset/ Configuration Management Incident, Event/ Problem Management Knowledge Management Release/ Deploy Management IT Financial Management Full Stack Automation Artifact Repository Environment App Infrastructure Platform (middleware) Security Accounts, sub- nets, network isolation, Encryption, IAM IaaS PaaS Virtual Perimeter App CI CD Testing Orchestrator VCS Images Libraries Templates Configs Security Services Application Information Security Cyber Defense Management Center Identity / Access Management Information Security Risk Management Infrastructure Information Security Third Party Information Security Vulnerability Management Workforce Accountability

4 Controls Security Controls Business Controls Regulatory Controls
The Security Controls are a baseline of the FedRAMP controls in NIST SP tailored to Wells Fargo’s environment, standards, and responsibilities in developing and maintaining our cloud services. FedRAMP is a highly regarded controls framework in the security and risk community that allows for traceability to our various regulatory requirements and industry-recognized risk management frameworks. The Security Controls form the baseline of controls from which business controls and regulatory controls can be layered. Security Controls Business Controls Regulatory Controls Technical, operational, and managerial controls to identify, mitigate, and manage security risks. Process-oriented controls to ensure the enterprise actualizes the benefits of technology and optimizes costs Industry and regional requirements for conducting certain types of business in certain regions Access Control Audit and Accountability Awareness and Training Security Assessment and Authorization Configuration Management Contingency Planning Identification and Authentication Incident Response Maintenance Media Protection Physical and Environmental Security Planning Personnel Security Risk Assessment System and Services Acquisition System and Communications Protection System and Information Integrity Financial Management and Cost Optimization Customer Engagement and Business Alignment Business Continuity Data Governance GDPR FFIEC PCI SOX

5 Technology Stack and Operations
The “Technology” and “Operations” components of the Technology Controls Cube are in alignment with the services and capabilities outlined in the Wells Fargo IT Service Model and the Wells Fargo IT Capability Model Technology Stack Operations Infrastructure Services Platform Services Applications IT Management Services Security Services Data Services Data Center Data Center Network Physical Compute Virtual Compute Storage End User Devices Logical Network Configuration Operating System Middleware Database Runtime API Custom Applications COTS and Open Source Applications Cloud Service Configuration Collaboration Tools Supply Chain / Vendor Management Change Management Asset and Configuration Management Incident, Event, and Problem Management Knowledge Management Release and Deployment Management Facilities Management IT Financial Management Application Information Security Cyber Defense Management Identity and Access Management Information Protection Information Security Risk Management Infrastructure Information Security Third Party Information Security Vulnerability Management Workforce Accountability Data Governance Data Architecture Transaction Processing Data Integration and Management

6 Cost of Fixing Defects Across the Lifecycle

Download ppt "IT Management Services Infrastructure Services"

Similar presentations

Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Controls – What Works

Security Controls – What Works
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Cloud Usability Framework

Cloud Usability Framework
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Similar presentations

Ads by Google