SlideShare a Scribd company logo

CAMM presentation for Cyber Security Gas and Oil june 2011

Download as PPTX, PDF
Vladimir Jirasek
Vladimir Jirasek

Let's talk about Cloud security, its challenges and how CAMM can help in managing supply chain assurance.

TechnologyBusiness
1 of 10
Managing risks in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 1 Vladimir Jirasek CAMM Steering Group Twitter @vjirasek
People do not fully trust The Cloud People say that they are concerned that their information is not secure in The Cloud
Is the Cloud Secure? 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 3 Can be as secure as any other IT system Depends on the model chosen Understand the responsibilities All eggs in one basket is the real question Implicit trust on provider Exit and lock-in
Problem to be solved – trust in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 4 Suppliers for the cloud provider Your business Your cloud provider End to end assurance
What a CIO want 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 5 Provider A Provider B Maturity levels feed into a supplier selection process
19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 6 CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
Overall structure of CAMM components 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 7 TPAC Final maturity scores Mapping to other standards Free GRC app Scoring model Non CAMM audit results Maturityscores Weightingframework WorkBench App Audited controls Controls framework Auditors
Utilize your current investmentto an another standard e.g. ISO The Statement Of Applicability (SOA) of source standard is used as a baseline for translation CAMM Guidance documents will help auditors with ”yellow” area intepretations 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 8 Souce standard Target standard e.g. ISO 2700x SOA CAMM Translate Not implemented > to be CAMM audited Auditor intepretation of applicability 1=1 applicable, no need of intepretation
Stakeholders Consumers – Can form trust relationship based on understantable facts Companies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customers Governents – Canhavemore confidence in corporategovernance to remove barriers from global single e-markets Service Providers & Consultancies – Can buildcompetences to achieve the target Industry Associations – can excel in defining harmonized model implementations Consumer Government CAM Commitee
Progress It is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011. The following details the key milestones: Major client, standards and service provider organisations engaged Development of framework and appropriate weighting mechanism underway Development of the framework Control framework created and reviewed Scoring model created Development of the guidance Guidance material to be completed by end of October 2011 Pilot Pilot with major organisation planned for summer 2011 Development of Free GRC tool Major GRC vendor engaged to ad CAMM module

Recommended

Evolution of Corporate Access Technologies
Evolution of Corporate Access TechnologiesEvolution of Corporate Access Technologies
Evolution of Corporate Access TechnologiesJeffrey Tha
 
Evolution of Corporate Access Technology
Evolution of Corporate Access TechnologyEvolution of Corporate Access Technology
Evolution of Corporate Access TechnologyMoriah Shilton
 
UK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin ThompsonUK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin ThompsonVictoria Kealy
 
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...OECD Directorate for Financial and Enterprise Affairs
 
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...OECD Directorate for Financial and Enterprise Affairs
 
Data Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionData Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionOECD Directorate for Financial and Enterprise Affairs
 
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...OECD Directorate for Financial and Enterprise Affairs
 
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...Funseam - Fundación para la Sostenibilidad Energética y Ambiental
 

Recommended

Evolution of Corporate Access Technologies
Evolution of Corporate Access TechnologiesEvolution of Corporate Access Technologies
Evolution of Corporate Access TechnologiesJeffrey Tha
 
Evolution of Corporate Access Technology
Evolution of Corporate Access TechnologyEvolution of Corporate Access Technology
Evolution of Corporate Access TechnologyMoriah Shilton
 
UK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin ThompsonUK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin ThompsonVictoria Kealy
 
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...OECD Directorate for Financial and Enterprise Affairs
 
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...OECD Directorate for Financial and Enterprise Affairs
 
Data Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionData Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionOECD Directorate for Financial and Enterprise Affairs
 
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...OECD Directorate for Financial and Enterprise Affairs
 
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...Funseam - Fundación para la Sostenibilidad Energética y Ambiental
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekVladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Vladimir Jirasek
 
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationSolent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationNine23Ltd
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)3G4G
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
 
Hotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesHotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesDr. Mazlan Abbas
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full ReportAssespro Nacional
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Christophe Monnier
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewAlan McSweeney
 
Cloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsCloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsIBM India Smarter Computing
 
Scalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and complianceScalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and compliancePeter HJ van Eijk
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful cloudsEuroCloud
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful cloudsEuroCloud
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Scott Satterwhite
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM
 

More Related Content

Viewers also liked

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekVladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationSolent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationNine23Ltd
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)3G4G
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
 
Hotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesHotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesDr. Mazlan Abbas
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (13)

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
 
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationSolent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
 
Hotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesHotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and Challenges
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to CAMM presentation for Cyber Security Gas and Oil june 2011

[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full ReportAssespro Nacional
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Christophe Monnier
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewAlan McSweeney
 
Cloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsCloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsIBM India Smarter Computing
 
Scalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and complianceScalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and compliancePeter HJ van Eijk
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful cloudsEuroCloud
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful cloudsEuroCloud
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Scott Satterwhite
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM
 
Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014GBX Summits
 
SLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 IntroductionSLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 IntroductionOliver Barreto Rodríguez
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicCloudHesive
 
A perspective on the future of cloud market interxion
A perspective on the future of cloud market interxionA perspective on the future of cloud market interxion
A perspective on the future of cloud market interxionDavid Terrar
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Databricks
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCognizant
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Christophe Monnier
 
Requirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutionsRequirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutionsIBM Rational software
 
Xuber4London
Xuber4LondonXuber4London
Xuber4LondonXuber
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14Shane Coughlan
 
Business Model Transformation
Business Model TransformationBusiness Model Transformation
Business Model TransformationLakshmi Salelkar
 

Similar to CAMM presentation for Cyber Security Gas and Oil june 2011 (20)

[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment Overview
 
Cloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsCloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projects
 
Scalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and complianceScalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and compliance
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
 
Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014
 
SLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 IntroductionSLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 Introduction
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
A perspective on the future of cloud market interxion
A perspective on the future of cloud market interxionA perspective on the future of cloud market interxion
A perspective on the future of cloud market interxion
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
Requirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutionsRequirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutions
 
Xuber4London
Xuber4LondonXuber4London
Xuber4London
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
 
Business Model Transformation
Business Model TransformationBusiness Model Transformation
Business Model Transformation
 

More from Vladimir Jirasek

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVladimir Jirasek
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009Vladimir Jirasek
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metricsVladimir Jirasek
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White HatsVladimir Jirasek
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityVladimir Jirasek
 

More from Vladimir Jirasek (11)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

CAMM presentation for Cyber Security Gas and Oil june 2011

  • 1. Managing risks in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 1 Vladimir Jirasek CAMM Steering Group Twitter @vjirasek
  • 2. People do not fully trust The Cloud People say that they are concerned that their information is not secure in The Cloud
  • 3. Is the Cloud Secure? 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 3 Can be as secure as any other IT system Depends on the model chosen Understand the responsibilities All eggs in one basket is the real question Implicit trust on provider Exit and lock-in
  • 4. Problem to be solved – trust in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 4 Suppliers for the cloud provider Your business Your cloud provider End to end assurance
  • 5. What a CIO want 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 5 Provider A Provider B Maturity levels feed into a supplier selection process
  • 6. 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 6 CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
  • 7. Overall structure of CAMM components 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 7 TPAC Final maturity scores Mapping to other standards Free GRC app Scoring model Non CAMM audit results Maturityscores Weightingframework WorkBench App Audited controls Controls framework Auditors
  • 8. Utilize your current investmentto an another standard e.g. ISO The Statement Of Applicability (SOA) of source standard is used as a baseline for translation CAMM Guidance documents will help auditors with ”yellow” area intepretations 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 8 Souce standard Target standard e.g. ISO 2700x SOA CAMM Translate Not implemented > to be CAMM audited Auditor intepretation of applicability 1=1 applicable, no need of intepretation
  • 9. Stakeholders Consumers – Can form trust relationship based on understantable facts Companies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customers Governents – Canhavemore confidence in corporategovernance to remove barriers from global single e-markets Service Providers & Consultancies – Can buildcompetences to achieve the target Industry Associations – can excel in defining harmonized model implementations Consumer Government CAM Commitee
  • 10. Progress It is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011. The following details the key milestones: Major client, standards and service provider organisations engaged Development of framework and appropriate weighting mechanism underway Development of the framework Control framework created and reviewed Scoring model created Development of the guidance Guidance material to be completed by end of October 2011 Pilot Pilot with major organisation planned for summer 2011 Development of Free GRC tool Major GRC vendor engaged to ad CAMM module

Editor's Notes

  1. Security very important issue to peopleBut look at other areas – vendor lock-inAt the same time business teams (marketing) go to cloud services with their credit cards – as IT is tooooo slow
  2. Picture kindly taken from a Microsoft presentationProbably more secure than your local IT – but how to measure thatRisk cannot be outsourced to cloud – so how to measure what the riks with the cloud provider, type and delivery model isIf I use IaaS I still am responsibel for application mangement and potentially OS management