CAMM presentation for Cyber Security Gas and Oil june 2011
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

CAMM presentation for Cyber Security Gas and Oil june 2011

on

  • 923 views

Let's talk about Cloud security, its challenges and how CAMM can help in managing supply chain assurance.

Let's talk about Cloud security, its challenges and how CAMM can help in managing supply chain assurance.

Statistics

Views

Total Views
923
Views on SlideShare
922
Embed Views
1

Actions

Likes
0
Downloads
3
Comments
0

1 Embed 1

https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Security very important issue to peopleBut look at other areas – vendor lock-inAt the same time business teams (marketing) go to cloud services with their credit cards – as IT is tooooo slow
  • Picture kindly taken from a Microsoft presentationProbably more secure than your local IT – but how to measure thatRisk cannot be outsourced to cloud – so how to measure what the riks with the cloud provider, type and delivery model isIf I use IaaS I still am responsibel for application mangement and potentially OS management

CAMM presentation for Cyber Security Gas and Oil june 2011 Presentation Transcript

  • 1. Managing risks in the supply chain
    19 June, 2011
    Common Assurance Maturity Model Common-Assurance.com
    1
    Vladimir Jirasek
    CAMM Steering Group
    Twitter @vjirasek
  • 2. People do not fully trust The Cloud
    People say that they are concerned that their information is not secure in The Cloud
  • 3. Is the Cloud Secure?
    19 June, 2011
    Common Assurance Maturity Model Common-Assurance.com
    3
    Can be as secure as any other IT system
    Depends on the model chosen
    Understand the responsibilities
    All eggs in one basket is the real question
    Implicit trust on provider
    Exit and lock-in
  • 4. Problem to be solved – trust in the supply chain
    19 June, 2011
    Common Assurance Maturity Model Common-Assurance.com
    4
    Suppliers for the cloud provider
    Your business
    Your cloud provider
    End to end assurance
  • 5. What a CIO want
    19 June, 2011
    Common Assurance Maturity Model Common-Assurance.com
    5
    Provider A
    Provider B
    Maturity levels feed into a supplier selection process
  • 6. 19 June, 2011
    Common Assurance Maturity Model Common-Assurance.com
    6
    CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
  • 7. Overall structure of CAMM components
    19 June, 2011
    Common Assurance Maturity Model Common-Assurance.com
    7
    TPAC
    Final maturity scores
    Mapping to other standards
    Free GRC app
    Scoring model
    Non CAMM audit results
    Maturityscores
    Weightingframework
    WorkBench
    App
    Audited controls
    Controls framework
    Auditors
  • 8. Utilize your current investmentto an another standard e.g. ISO
    The Statement Of Applicability (SOA) of source standard is used as a baseline for translation
    CAMM Guidance documents will help auditors with ”yellow” area intepretations
    19 June, 2011
    Common Assurance Maturity Model Common-Assurance.com
    8
    Souce standard
    Target standard
    e.g. ISO 2700x SOA
    CAMM
    Translate
    Not implemented > to be CAMM audited
    Auditor intepretation of applicability
    1=1 applicable, no need of intepretation
  • 9. Stakeholders
    Consumers – Can form trust relationship based on understantable facts
    Companies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customers
    Governents – Canhavemore confidence in corporategovernance to remove barriers from global single e-markets
    Service Providers & Consultancies – Can buildcompetences to achieve the target
    Industry Associations – can excel in defining harmonized model implementations
    Consumer
    Government
    CAM Commitee
  • 10. Progress
    It is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011. The following details the key milestones:
    Major client, standards and service provider organisations engaged
    Development of framework and appropriate weighting mechanism underway
    Development of the framework
    Control framework created and reviewed
    Scoring model created
    Development of the guidance
    Guidance material to be completed by end of October 2011
    Pilot
    Pilot with major organisation planned for summer 2011
    Development of Free GRC tool
    Major GRC vendor engaged to ad CAMM module