Cyber Security in Real-Time Systems CSIRS David Spinks - ChairmanFebruary 2011
Quote by : Sun TzuAs Sun Tzu, the military theoretician and strategist extraordinaire ofancient China, wrote in his seminal work "The Art of War", "The skilfulleader subdues the enemy’s troops without any fighting; he captures theircities without laying siege to them; he overthrows their kingdom withoutlengthy operations in the field.” Lush Stuxnet LSE NYSE E-Trading RBS ATM
Into the (Cloud) Futurewith hp SERVICES ECOSYSTEM SYSTEMS INTEGRATION TECHNOLOGY ISLAND ADVANCEDAGILITY CLOUD ENTERPRISE CLOUD SERVICES UTILITY AUTOMATED SERVICES MANAGED HOSTING HOSTING TRADITIONAL CONFIGURED SERVICES SOURCING MODELS 8
So what are the security hot buttons?Robust acceptable pan-client Information Security policies and procedures.One single independent assurance certificate - no your auditors and willnot be allowed access.Identity and access management need to get this working anyway!Business continuity and IT DR acceptance of standard RTO and RPO.Encryption (key management) will be a client responsibility this issue isrelated to IdM!Flexibility in contracts and please kill off the “old school” purchasing andcontracts departments!
Cloud Computing Security Assessment Process Flow Week 1 Week 2 Week 21 2 3 Review InfoSec Program Documentation Interview Subject Matter Experts (SME) Inspect Infrastructure & Controls Week 2 Week 2 Week 34 5 6 Complete Security/Continuity Checklists Cloud Computing Readiness Workshop Analyze Data & Determine Gaps Week 4 Week 4 Week 47 8 9 Cloud Computing Security Roadmap Workshop Create Service Improvement Plan (SIP) Create Remediation Roadmap Confidential & Proprietary11 April 20th, 2010 - v1 Information of Hewlett-Packard Company
ConclusionsAdoption of Cloud lessons leant not availableImplementation experiences limitedSecurity and risk management methods immatureBest practice evolving but gaps exist stillViews of regulators and auditors still not clearLegal and regulatory issues (e-Discovery Jury is still out!)Watch this space ....
FinallyLinkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430David.email@example.com://www.cloudsecurityalliance.org/http://www.hp.com/hpinfo/newsroom/press/2009/090331xa.html Q and A