Your SlideShare is downloading. ×
CAMM presentation for Cyber Security Gas and Oil june 2011
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CAMM presentation for Cyber Security Gas and Oil june 2011

671
views

Published on

Let's talk about Cloud security, its challenges and how CAMM can help in managing supply chain assurance.

Let's talk about Cloud security, its challenges and how CAMM can help in managing supply chain assurance.

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
671
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Security very important issue to peopleBut look at other areas – vendor lock-inAt the same time business teams (marketing) go to cloud services with their credit cards – as IT is tooooo slow
  • Picture kindly taken from a Microsoft presentationProbably more secure than your local IT – but how to measure thatRisk cannot be outsourced to cloud – so how to measure what the riks with the cloud provider, type and delivery model isIf I use IaaS I still am responsibel for application mangement and potentially OS management
  • Transcript

    • 1. Managing risks in the supply chain
      19 June, 2011
      Common Assurance Maturity Model Common-Assurance.com
      1
      Vladimir Jirasek
      CAMM Steering Group
      Twitter @vjirasek
    • 2. People do not fully trust The Cloud
      People say that they are concerned that their information is not secure in The Cloud
    • 3. Is the Cloud Secure?
      19 June, 2011
      Common Assurance Maturity Model Common-Assurance.com
      3
      Can be as secure as any other IT system
      Depends on the model chosen
      Understand the responsibilities
      All eggs in one basket is the real question
      Implicit trust on provider
      Exit and lock-in
    • 4. Problem to be solved – trust in the supply chain
      19 June, 2011
      Common Assurance Maturity Model Common-Assurance.com
      4
      Suppliers for the cloud provider
      Your business
      Your cloud provider
      End to end assurance
    • 5. What a CIO want
      19 June, 2011
      Common Assurance Maturity Model Common-Assurance.com
      5
      Provider A
      Provider B
      Maturity levels feed into a supplier selection process
    • 6. 19 June, 2011
      Common Assurance Maturity Model Common-Assurance.com
      6
      CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
    • 7. Overall structure of CAMM components
      19 June, 2011
      Common Assurance Maturity Model Common-Assurance.com
      7
      TPAC
      Final maturity scores
      Mapping to other standards
      Free GRC app
      Scoring model
      Non CAMM audit results
      Maturityscores
      Weightingframework
      WorkBench
      App
      Audited controls
      Controls framework
      Auditors
    • 8. Utilize your current investmentto an another standard e.g. ISO
      The Statement Of Applicability (SOA) of source standard is used as a baseline for translation
      CAMM Guidance documents will help auditors with ”yellow” area intepretations
      19 June, 2011
      Common Assurance Maturity Model Common-Assurance.com
      8
      Souce standard
      Target standard
      e.g. ISO 2700x SOA
      CAMM
      Translate
      Not implemented > to be CAMM audited
      Auditor intepretation of applicability
      1=1 applicable, no need of intepretation
    • 9. Stakeholders
      Consumers – Can form trust relationship based on understantable facts
      Companies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customers
      Governents – Canhavemore confidence in corporategovernance to remove barriers from global single e-markets
      Service Providers & Consultancies – Can buildcompetences to achieve the target
      Industry Associations – can excel in defining harmonized model implementations
      Consumer
      Government
      CAM Commitee
    • 10. Progress
      It is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011. The following details the key milestones:
      Major client, standards and service provider organisations engaged
      Development of framework and appropriate weighting mechanism underway
      Development of the framework
      Control framework created and reviewed
      Scoring model created
      Development of the guidance
      Guidance material to be completed by end of October 2011
      Pilot
      Pilot with major organisation planned for summer 2011
      Development of Free GRC tool
      Major GRC vendor engaged to ad CAMM module

    ×