Presentation is loading. Please wait.

Presentation is loading. Please wait.

Storm Clouds Kenneth R. Ledger Director, Risk Management.

Published byKory Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "Storm Clouds Kenneth R. Ledger Director, Risk Management."— Presentation transcript:

1 Storm Clouds Kenneth R. Ledger Director, Risk Management

2 Ken’s Top 5 Storm Clouds 1.Not knowing what you want 2.Misunderstanding standards 3.Not having a plan B 4.Trusting but not verifying 5.Governance and disclosure

3 1. Not Knowing What You Want Different needs have different challenges (SaaS, IaaS, mobility, cost) Understand the nature of the data in you are putting in the cloud Long term intent Security, disaster recovery, scheduled outages, QOS Are you okay if the provider accesses data if so, why/how/when

4 2. Misunderstanding standards Many providers will quote standards, know what they mean. Standards provide assurances of external audit SSAE 16 Type II - attestation CICA 9110 – audit standards ISO 27001 - security

5 3. Not having a plan B Can you recover your data if a supplier fails Can you recover the apps to use the data Services can start small and grow to become a key control Is there an alternate supplier

6 4. Trusting but not verifying Have a plan to audit SSAE16 provides independent assurance, but to specified control objectives Ensure control objectives align with internal control needs Consider potential for fraud

7 5. Governance & Disclosure Cloud solutions may become a material part of your business Material changes must be disclosed (NI 51-102) Potential to cause a material weakness in controls Know what to disclose and when

8 Defining leadership in global energy services through people, innovation, and technology —The path for others to follow.

Download ppt "Storm Clouds Kenneth R. Ledger Director, Risk Management."

Similar presentations

Prepared for [xxxx] – Commercial in Confidence connect transform protect A Cloudy Cyberspace? Tony Roadknight – Technical Architect.

Prepared for [xxxx] – Commercial in Confidence connect transform protect A Cloudy Cyberspace? Tony Roadknight – Technical Architect.
What In-house Counsel and the Business Really Want and Need from the Cloud LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH.

What In-house Counsel and the Business Really Want and Need from the Cloud LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
1 CLOUD AND SaaS-BASED PLATFORMS: ENSURING DATA PRIVACY May, 2011.

1 CLOUD AND SaaS-BASED PLATFORMS: ENSURING DATA PRIVACY May, 2011.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 12 The Social Audit. Copyright © Houghton Mifflin Company. All rights reserved.12–2 Social Auditing The process of assessing and reporting business.

Chapter 12 The Social Audit. Copyright © Houghton Mifflin Company. All rights reserved.12–2 Social Auditing The process of assessing and reporting business.
Security, Continuity & Compliance Gordon McKenzie Business Development Director, Syan Limited.

Security, Continuity & Compliance Gordon McKenzie Business Development Director, Syan Limited.
Measuring and Managing Operational Risk. 2 Assessing Operational Risk Exposure Required Process of Continuous Risk Assessment, Monitoring and Reporting.

Measuring and Managing Operational Risk. 2 Assessing Operational Risk Exposure Required Process of Continuous Risk Assessment, Monitoring and Reporting.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Security Governance Technology Executive Club

Security Governance Technology Executive Club
Moisés Navarro Director, Strategy & Services, Global Cloud Services Telefónica, S.A. Cloud computing: what does it mean for Europe? 1 st. Digital Agenda.

Moisés Navarro Director, Strategy & Services, Global Cloud Services Telefónica, S.A. Cloud computing: what does it mean for Europe? 1 st. Digital Agenda.
The ISO 9000 family of standards

The ISO 9000 family of standards
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
TOP 10 TECHNOLOGY INITIATIVES © 2013 - Robert G. Parker S-1 9. Preventing and Responding to Computer Fraud IT Security Ranked #2 Preventing and Responding.

TOP 10 TECHNOLOGY INITIATIVES © Robert G. Parker S-1 9. Preventing and Responding to Computer Fraud IT Security Ranked #2 Preventing and Responding.
SOC1 vs. SOC2 vs. SOC3 Source: ryServices/Pages/AICPASOC3Report.aspx.

SOC1 vs. SOC2 vs. SOC3 Source: ryServices/Pages/AICPASOC3Report.aspx.
Energy Ecosystem Overview David Miller Chief Security Officer.

Energy Ecosystem Overview David Miller Chief Security Officer.
Service Organization Control (SOC) Reporting Options and Information

Service Organization Control (SOC) Reporting Options and Information

Similar presentations

Ads by Google