SlideShare a Scribd company logo

Cómo AWS lo ayuda a cumplir con requisitos regulatorios

Download as PPTX, PDF
Amazon Web Services LATAM
Amazon Web Services LATAM

Marco Souza, FSI Compliance Specialist & Mauricio Muñoz, AWS Sr Manager Specialists | AWS.

Technology
1 of 30
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Regulatory & Compliance Chile March 11th 2020
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS brinda la infraestructura para que las instituciones financieras en Chile puedan cumplir holgadamente con los requerimientos regulatorios, de una forma más eficiente a nivel de costos y esfuerzos.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Modelo de responsabilidad compartida
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud Governance Customer risk appetite and desired control environment Shared Responsibility Model 3.1 3.2
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Regulatory Introduction
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compliance Center – ATLAS (www.atlas.aws)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gestión de Acceso y Identidad Controles de Detección Seguridad de Infraestructura Respuesta a Incidentes Protección de Datos Soluciones de seguridad de AWS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What regulations apply to FI in Chile using AWS? Financial institutions in Chile may be subject to a number of different legal and regulatory requirements when they use cloud services. Relevant regulations include: RAN 20-7 Externalización de Servicios (Outsourcing) establishes requirements for financial institutions (AFI) regulated by the (SBIF) for outsourcing, including requirements for Cloud services. RAN 1-13 Clasificación de Gestión y Solvencia (Classification of Management and Solvency) and RAN 20-8 Información de Incidentes Operacionales (Operational Incident Information) contain guidelines and good practices applicable to cybersecurity management. RAN 20-9 Gestión de la Continuidad de Negocio (Business Continuity Management) set the requirements for data processing sites and technological infrastructure, including cloud services.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What regulations apply to FI in Chile using AWS? RAN 20-7 Externalización de Servicios (Outsourcing) establishes requirements for financial institutions (FI) regulated by the (SBIF) for outsourcing, including requirements for Cloud services. I. ÁMBITO DE APLICACIÓN II. PRINCIPALES RIESGOS DE LA EXTERNALIZACIÓN DE SERVICIOS III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS IV. FACTORES A CONSIDERAR ERVICIOS DE PROCESAMIENTO DE DATOS V. DILIGENCIA REFORZADA PARA SERVICIOS EN LA NUBE VI. REVISIONES DE ESTA COMISIÓN ANEXO N° 1: ASPECTOS MÍNIMOS PARA LA EXTERNALIZACION DE SERVICIOS ANEXO N° 2: ADICIONALES PARA LA EXTERNALIZACIÓN DE SERVICIOS DE PROCESAMIENTO DE DATOS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 1. Condiciones generales 2. Política de contratación y gestión de actividades relativas a la externalización de servicios 3. Continuidad del negocio. 4. Seguridad de la información propia y de sus clientes, en los casos que corresponda 5. Riesgo país 6. Responsabilidad por la gestión. 7. Acceso a la información por parte del supervisor
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 1. Condiciones generales • a. Risk Assessment for Outsourced services • b. Third Party Management Policy • c. Logical Segregation and Access Management (AWS IAM) • d. Selection Criteria and Monitoring for CSP (AWS Personal Health Dashboard) • e. Vendor Management (Contract) and Certifications (AWS Certifications) • f. System/Application inventory and procedures (AWS Config) • g. Service Level Agreements (AWS SLA)     
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 1. Condiciones generales (Cont.) • h. Independent Audit for auditing Third Party Risks • i. AWS Certifications (ISO/PCI) and Audit Reports (SOC) • j. Information Access by the Regulator/Supervisor (Artifact) • k. Risks for subcontractors by CSP • l. Adding Risk assessment for Outsourced Services • m. Data Residency: AWS Region Selection   
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Programas de Conformidad AWS • 203 certificaciones y acreditaciones • + 2.600 controles auditados anualmente. • Informes de auditoría y conformidad disponibles para los clientes en el portal de servicios - AWS Artifact.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 2. Política de contratación y gestión de actividades relativas a la externalización de servicios • a. Organization, Roles and Responsibilities • b. Risk Management Process and Procedures • c. Risk Management KPIs • d. Vendor Selection Criteria • e. Risk Classification
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 2. Política de contratación y gestión de actividades relativas a la externalización de servicios (cont.) • f. Authorization Process for Critical Services/Applications • g. Policy and Procedure Update • h. CSP Contract terms • i. Bank Secrecy Authorization (Ley General de Bancos – article 154) • j. Risk Management for non strategic services 
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 3. Continuidad del negocio. • AWS Continuity Plan – Certification ISO and SOC Report • Financial Institutions Exit Plan • AWS Global Infraestructure • More Info: • https://aws.amazon.com/compliance/ • https://aws.amazon.com/compliance/data-center/ • https://aws.amazon.com/disaster-recovery/ • https://aws.amazon.com/legal/service-level-agreements/ • https://aws.amazon.com/about-aws/global-infrastructure/  
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 The AWS global infrastructure is built for resiliency 22Geographic Regions – 69Availability Zones – 216 Points of Presence* • Regions are autonomous and isolated • Availability Zones are physically separated and independent • Points of presence securely deliver data, videos, and APIs globally with low latency To avoid single points of failure, AWS minimizes interconnectedness within our global infrastructure:
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 Environmental Perimeter Infrastructure Data Hardware TheAWS global infrastructure is built on Amazon hardware and provides customers with the highest levels of reliability AWS protects the data layer by maintaining a separation of privilege for each layer and deploying threat detection devices and system protocols AWS monitors equipment and performs preventative maintenance to maintain continued operability Data center access is granted only to employees and third-parties with a valid business justification AWS data centers are secure by design Data center locations are selected to mitigate environmental risk and AvailabilityZones are independent and physically separated
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 4. Seguridad de la información propia y de sus clientes, en los casos que corresponda. • Certifications (ISO 27017/18) and Audit Reports (SOC) • AWS Identity and Access Management (IAM) and AWS CloudTrail • Encrypted Communication Channels (TLS/VPN/IPsec) • Services Monitoring (AWS Personal Health Dashboard) • Pen Test: Certifications (ISO) and Audit Report (SOC) • Data Encryption: Transit and Rest (KMS/CloudHSM) • Physical Documentation: N/A      
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 5. Riesgo País: Investment Grade ó Ley de Privacidad de datos 6. Responsabilidad por la gestión: Gestión en Chile. Organizaciones globales pueden tener gestión descentralizada. 7. Acceso a la información por parte del supervisor.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 IV. FACTORES A CONSIDERAR AL EXTERNALIZAR SERVICIOS DE PROCESAMIENTO DE DATOS 1. Ubicación geográfica del proveedor: Servicios realizados en el extranjero • Certifications (ISO 27017/18) and Audit Reports (SOC) • CSP Contract, including subcontrators • Contingency in Chile(*): http://www.cmfchile.cl/portal/prensa/604/w3-article- 28049.html. "Las modificaciones flexibilizan la exigencia de mantener un sitio de procesamiento de datos en Chile para los servicios que se externalizan fuera del país y que afectan actividades consideradas críticas o estratégicas." Dec 26th 2019. • Services Monitoring (AWS Personal Health Dashboard)   
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 V. DILIGENCIA REFORZADA PARA SERVICIOS EN LA NUBE. • Annual Risk Assessment for Cloud • Certifications (ISO 27017/18) and Audit Reports (SOC) – Artifact • Contract between FI and CSP • Data Privacy Law: Data Processing and Residency • AWS Global Infrastructure: Data Center Controls (https://aws.amazon.com/compliance/data-center/controls/) • Data Classification (Macie) • Data Encryption (KMS/CloudHSM) VI. REVISIONES DE ESTA COMISIÓN      
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 ANEXO N° 1: ASPECTOS MÍNIMOS QUE DEBEN CONSIDERARSE PARA LA EXTERNALIZACION DE SERVICIOS. 1. Evaluación del riesgo.: Risk Assessment 2. Selección del proveedor de servicios: CSP Selection Criteria 3. Contrato: Roles and Responsibilities, SLA, Exit Terms, Pricing(*). 4. Control Permanente: • Services Monitoring: SLA • Change Management • KPI Managemnet (*)AWS ofrece un marco contractual que ayuda a que las instituciones financieras que se encuentran reguladas por la CMF para dar cumplimiento a la regulación.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 ANEXO N° 2: ANTECEDENTES ADICIONALES PARA LA EXTERNALIZACIÓN DE SERVICIOS DE PROCESAMIENTO DE DATOS I. Información general: Organizational Management and Cost analysis II. Información del Proyecto: I. Risk Assessment II. Selection Criteria III. Contract IV. Technical documentation (System, Architecture, Tools) V. Process and Procedures for the Project VI. Contingency Plan Documentation
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • AWS Identity & Access Management (IAM) • AWS Config • AWS CloudTrail • AWS Key Management Service (KMS) • AWS CloudHSM • AWS Certificate Manager • Amazon Macie • Reglas AWS Config • AWS Personal Health Dashboard Gestión de Acceso y Identidad Controles de Detección Seguridad de Infraestructura Respuesta a Incidentes Protección de Datos Soluciones de seguridad de AWS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS brinda la infraestructura para que las instituciones financieras en Chile puedan cumplir holgadamente con los requerimientos regulatorios, de una forma más eficiente a nivel de costos y esfuerzos.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gracias Mauricio Munoz maumunoz@amazon.com Marco Souza masouza@amazon.com

Recommended

ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Mikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar AzwirMikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar AzwirAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 

Recommended

ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Mikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar AzwirMikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar AzwirAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESSylvain Martinez
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?PECB
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
NIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterNIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterMark Stafford
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdfJoniGarcia9
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAmazon Web Services
 

More Related Content

What's hot

Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESSylvain Martinez
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?PECB
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
NIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterNIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterMark Stafford
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdfJoniGarcia9
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 

What's hot (20)

Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft Defender
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLES
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
NIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram PosterNIST Cyber Security Framework V1.1 - Infogram Poster
NIST Cyber Security Framework V1.1 - Infogram Poster
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdf
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 

Similar to Cómo AWS lo ayuda a cumplir con requisitos regulatorios

How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAmazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS CloudAWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS CloudAmazon Web Services
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureAmazon Web Services
 
DevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as CodeDevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as Codejeromevdl
 
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAmazon Web Services
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Amazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Flink Forward
 
20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCUMarcia Villalba
 
클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발
클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발
클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발Amazon Web Services Korea
 
2022 AWS NPO General Overview Presentation_Ezlyn.pptx
2022 AWS NPO General Overview Presentation_Ezlyn.pptx2022 AWS NPO General Overview Presentation_Ezlyn.pptx
2022 AWS NPO General Overview Presentation_Ezlyn.pptxsibongoliphant
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
 
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Amazon Web Services
 
customerBuilding a Customer Obsessed Business in a Regulated Industry
customerBuilding a Customer Obsessed Business in a Regulated IndustrycustomerBuilding a Customer Obsessed Business in a Regulated Industry
customerBuilding a Customer Obsessed Business in a Regulated IndustryAmazon Web Services
 

Similar to Cómo AWS lo ayuda a cumplir con requisitos regulatorios (20)

How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
 
AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS CloudAWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
AWSome Day Online 2020_Module 1: Introduction to the AWS Cloud
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To Insure
 
DevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as CodeDevopsDays Geneva 2020 - Compliance & Governance as Code
DevopsDays Geneva 2020 - Compliance & Governance as Code
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
 
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
 
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
Virtual Flink Forward 2020: Lessons learned on Apache Flink application avail...
 
20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCU
 
클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발
클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발
클라우드 기반 앱 현대화를 위한 5가지 체크리스트 - 윤석찬 :: AWS 현대적 애플리케이션 개발
 
2022 AWS NPO General Overview Presentation_Ezlyn.pptx
2022 AWS NPO General Overview Presentation_Ezlyn.pptx2022 AWS NPO General Overview Presentation_Ezlyn.pptx
2022 AWS NPO General Overview Presentation_Ezlyn.pptx
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
 
customerBuilding a Customer Obsessed Business in a Regulated Industry
customerBuilding a Customer Obsessed Business in a Regulated IndustrycustomerBuilding a Customer Obsessed Business in a Regulated Industry
customerBuilding a Customer Obsessed Business in a Regulated Industry
 

More from Amazon Web Services LATAM

AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAmazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.Amazon Web Services LATAM
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAmazon Web Services LATAM
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAmazon Web Services LATAM
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSAmazon Web Services LATAM
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSAmazon Web Services LATAM
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAmazon Web Services LATAM
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAmazon Web Services LATAM
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosAmazon Web Services LATAM
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSAmazon Web Services LATAM
 

More from Amazon Web Services LATAM (20)

AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWS
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
 
Como começar com Amazon EKS
Como começar com Amazon EKSComo começar com Amazon EKS
Como começar com Amazon EKS
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWS
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWS
 
Ransomware: Estratégias de Mitigação
Ransomware: Estratégias de MitigaçãoRansomware: Estratégias de Mitigação
Ransomware: Estratégias de Mitigação
 
Ransomware: Estratégias de Mitigación
Ransomware: Estratégias de MitigaciónRansomware: Estratégias de Mitigación
Ransomware: Estratégias de Mitigación
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWS
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
 
Simplifique o seu BI com a AWS
Simplifique o seu BI com a AWSSimplifique o seu BI com a AWS
Simplifique o seu BI com a AWS
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWS
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Cómo AWS lo ayuda a cumplir con requisitos regulatorios

  • 1. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Regulatory & Compliance Chile March 11th 2020
  • 2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS brinda la infraestructura para que las instituciones financieras en Chile puedan cumplir holgadamente con los requerimientos regulatorios, de una forma más eficiente a nivel de costos y esfuerzos.
  • 3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Modelo de responsabilidad compartida
  • 4. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud Governance Customer risk appetite and desired control environment Shared Responsibility Model 3.1 3.2
  • 5. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Regulatory Introduction
  • 6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compliance Center – ATLAS (www.atlas.aws)
  • 7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gestión de Acceso y Identidad Controles de Detección Seguridad de Infraestructura Respuesta a Incidentes Protección de Datos Soluciones de seguridad de AWS
  • 8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What regulations apply to FI in Chile using AWS? Financial institutions in Chile may be subject to a number of different legal and regulatory requirements when they use cloud services. Relevant regulations include: RAN 20-7 Externalización de Servicios (Outsourcing) establishes requirements for financial institutions (AFI) regulated by the (SBIF) for outsourcing, including requirements for Cloud services. RAN 1-13 Clasificación de Gestión y Solvencia (Classification of Management and Solvency) and RAN 20-8 Información de Incidentes Operacionales (Operational Incident Information) contain guidelines and good practices applicable to cybersecurity management. RAN 20-9 Gestión de la Continuidad de Negocio (Business Continuity Management) set the requirements for data processing sites and technological infrastructure, including cloud services.
  • 9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What regulations apply to FI in Chile using AWS? RAN 20-7 Externalización de Servicios (Outsourcing) establishes requirements for financial institutions (FI) regulated by the (SBIF) for outsourcing, including requirements for Cloud services. I. ÁMBITO DE APLICACIÓN II. PRINCIPALES RIESGOS DE LA EXTERNALIZACIÓN DE SERVICIOS III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS IV. FACTORES A CONSIDERAR ERVICIOS DE PROCESAMIENTO DE DATOS V. DILIGENCIA REFORZADA PARA SERVICIOS EN LA NUBE VI. REVISIONES DE ESTA COMISIÓN ANEXO N° 1: ASPECTOS MÍNIMOS PARA LA EXTERNALIZACION DE SERVICIOS ANEXO N° 2: ADICIONALES PARA LA EXTERNALIZACIÓN DE SERVICIOS DE PROCESAMIENTO DE DATOS
  • 10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 1. Condiciones generales 2. Política de contratación y gestión de actividades relativas a la externalización de servicios 3. Continuidad del negocio. 4. Seguridad de la información propia y de sus clientes, en los casos que corresponda 5. Riesgo país 6. Responsabilidad por la gestión. 7. Acceso a la información por parte del supervisor
  • 11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 1. Condiciones generales • a. Risk Assessment for Outsourced services • b. Third Party Management Policy • c. Logical Segregation and Access Management (AWS IAM) • d. Selection Criteria and Monitoring for CSP (AWS Personal Health Dashboard) • e. Vendor Management (Contract) and Certifications (AWS Certifications) • f. System/Application inventory and procedures (AWS Config) • g. Service Level Agreements (AWS SLA)     
  • 12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 1. Condiciones generales (Cont.) • h. Independent Audit for auditing Third Party Risks • i. AWS Certifications (ISO/PCI) and Audit Reports (SOC) • j. Information Access by the Regulator/Supervisor (Artifact) • k. Risks for subcontractors by CSP • l. Adding Risk assessment for Outsourced Services • m. Data Residency: AWS Region Selection   
  • 14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Programas de Conformidad AWS • 203 certificaciones y acreditaciones • + 2.600 controles auditados anualmente. • Informes de auditoría y conformidad disponibles para los clientes en el portal de servicios - AWS Artifact.
  • 15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 2. Política de contratación y gestión de actividades relativas a la externalización de servicios • a. Organization, Roles and Responsibilities • b. Risk Management Process and Procedures • c. Risk Management KPIs • d. Vendor Selection Criteria • e. Risk Classification
  • 16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 2. Política de contratación y gestión de actividades relativas a la externalización de servicios (cont.) • f. Authorization Process for Critical Services/Applications • g. Policy and Procedure Update • h. CSP Contract terms • i. Bank Secrecy Authorization (Ley General de Bancos – article 154) • j. Risk Management for non strategic services 
  • 17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 3. Continuidad del negocio. • AWS Continuity Plan – Certification ISO and SOC Report • Financial Institutions Exit Plan • AWS Global Infraestructure • More Info: • https://aws.amazon.com/compliance/ • https://aws.amazon.com/compliance/data-center/ • https://aws.amazon.com/disaster-recovery/ • https://aws.amazon.com/legal/service-level-agreements/ • https://aws.amazon.com/about-aws/global-infrastructure/  
  • 18. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 The AWS global infrastructure is built for resiliency 22Geographic Regions – 69Availability Zones – 216 Points of Presence* • Regions are autonomous and isolated • Availability Zones are physically separated and independent • Points of presence securely deliver data, videos, and APIs globally with low latency To avoid single points of failure, AWS minimizes interconnectedness within our global infrastructure:
  • 19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 Environmental Perimeter Infrastructure Data Hardware TheAWS global infrastructure is built on Amazon hardware and provides customers with the highest levels of reliability AWS protects the data layer by maintaining a separation of privilege for each layer and deploying threat detection devices and system protocols AWS monitors equipment and performs preventative maintenance to maintain continued operability Data center access is granted only to employees and third-parties with a valid business justification AWS data centers are secure by design Data center locations are selected to mitigate environmental risk and AvailabilityZones are independent and physically separated
  • 20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 4. Seguridad de la información propia y de sus clientes, en los casos que corresponda. • Certifications (ISO 27017/18) and Audit Reports (SOC) • AWS Identity and Access Management (IAM) and AWS CloudTrail • Encrypted Communication Channels (TLS/VPN/IPsec) • Services Monitoring (AWS Personal Health Dashboard) • Pen Test: Certifications (ISO) and Audit Report (SOC) • Data Encryption: Transit and Rest (KMS/CloudHSM) • Physical Documentation: N/A      
  • 21. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 22. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 III. CONDICIONES EN LA EXTERNALIZACIÓN DE SERVICIOS 5. Riesgo País: Investment Grade ó Ley de Privacidad de datos 6. Responsabilidad por la gestión: Gestión en Chile. Organizaciones globales pueden tener gestión descentralizada. 7. Acceso a la información por parte del supervisor.
  • 23. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 IV. FACTORES A CONSIDERAR AL EXTERNALIZAR SERVICIOS DE PROCESAMIENTO DE DATOS 1. Ubicación geográfica del proveedor: Servicios realizados en el extranjero • Certifications (ISO 27017/18) and Audit Reports (SOC) • CSP Contract, including subcontrators • Contingency in Chile(*): http://www.cmfchile.cl/portal/prensa/604/w3-article- 28049.html. "Las modificaciones flexibilizan la exigencia de mantener un sitio de procesamiento de datos en Chile para los servicios que se externalizan fuera del país y que afectan actividades consideradas críticas o estratégicas." Dec 26th 2019. • Services Monitoring (AWS Personal Health Dashboard)   
  • 24. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 V. DILIGENCIA REFORZADA PARA SERVICIOS EN LA NUBE. • Annual Risk Assessment for Cloud • Certifications (ISO 27017/18) and Audit Reports (SOC) – Artifact • Contract between FI and CSP • Data Privacy Law: Data Processing and Residency • AWS Global Infrastructure: Data Center Controls (https://aws.amazon.com/compliance/data-center/controls/) • Data Classification (Macie) • Data Encryption (KMS/CloudHSM) VI. REVISIONES DE ESTA COMISIÓN      
  • 25. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 26. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 ANEXO N° 1: ASPECTOS MÍNIMOS QUE DEBEN CONSIDERARSE PARA LA EXTERNALIZACION DE SERVICIOS. 1. Evaluación del riesgo.: Risk Assessment 2. Selección del proveedor de servicios: CSP Selection Criteria 3. Contrato: Roles and Responsibilities, SLA, Exit Terms, Pricing(*). 4. Control Permanente: • Services Monitoring: SLA • Change Management • KPI Managemnet (*)AWS ofrece un marco contractual que ayuda a que las instituciones financieras que se encuentran reguladas por la CMF para dar cumplimiento a la regulación.
  • 27. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RAN 20-7 ANEXO N° 2: ANTECEDENTES ADICIONALES PARA LA EXTERNALIZACIÓN DE SERVICIOS DE PROCESAMIENTO DE DATOS I. Información general: Organizational Management and Cost analysis II. Información del Proyecto: I. Risk Assessment II. Selection Criteria III. Contract IV. Technical documentation (System, Architecture, Tools) V. Process and Procedures for the Project VI. Contingency Plan Documentation
  • 28. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • AWS Identity & Access Management (IAM) • AWS Config • AWS CloudTrail • AWS Key Management Service (KMS) • AWS CloudHSM • AWS Certificate Manager • Amazon Macie • Reglas AWS Config • AWS Personal Health Dashboard Gestión de Acceso y Identidad Controles de Detección Seguridad de Infraestructura Respuesta a Incidentes Protección de Datos Soluciones de seguridad de AWS
  • 29. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS brinda la infraestructura para que las instituciones financieras en Chile puedan cumplir holgadamente con los requerimientos regulatorios, de una forma más eficiente a nivel de costos y esfuerzos.
  • 30. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gracias Mauricio Munoz maumunoz@amazon.com Marco Souza masouza@amazon.com

Editor's Notes

  1. Customer Responsibility: Due Diligence on AWS Review information available from AWS together with other information to understand as much of the entire IT environment as possible, and then document all compliance requirements. Design and implement control objectives to meet the enterprise compliance requirements. Identify and document controls required by outside parties and map them to current internal controls. Verify that all control objectives are met and all key controls are designed and operating effectively. Design a testing and validation program that demonstrates how compliance is achieved for both AWS and customer controls. Develop a regulatory and customer audit response program as application are migrated to the cloud. Create as you go.
  2. Alineamos los servicios de seguridad de AWS con las 5 epopeyas del Security Cloud Adoption Framework (CAF). El orden de las epopeyas cuenta una historia. https://d0.awsstatic.com/whitepapers/AWS_CAF_Security_Perspective.pdf https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf
  3. 1. ÁMBITO DE APLICACIÓN Las entidades sometidas a la inspección y vigilancia de la Superintendencia Financiera de Colombia (SFC) pueden soportar todos sus procesos y actividades en servicios computacionales en la nube. Cuando se trate de la operación de sus procesos misionales o de gestión contable y financiera deben cumplir las instrucciones de las que trata este Capítulo. También pueden hacerlo los operadores de información de la Planilla Integrada de Liquidación de Aportes (PILA) respecto de la actividad del Operador de Información de la Planilla definida en el artículo 2° del Decreto 1465 de 2005 y los Institutos de Fomento y Desarrollo de las entidades territoriales 2. DEFINICIONES Las siguientes definiciones se deben tener en cuenta para los fines del presente Capítulo.
  4. IAM Artifact Config SLA
  5. Certifications Programas de Conformidad AWS EA Data Residency
  6. Possuímos mais + 58 CERTIFICACOES / Acreditações de Segurança. São mais de + 2600 controles auditados anualmente. Implementamos controles, criamos sistemas automatizados e nos submetemos a auditorias de terceiros para validar nossa segurança e a conformidade. GRANDE FOCO TAMBEM EM EM PRIVACIDADE – JA ESTAMOS EM CONFORMIDADE COM GDPR mesmo meses antes da sua aplicabilidade (25 de Maio). QUEM TEM MAIS CERTIFICADOS POR DEMANDA DE CLIENTES – CUSTOMER SECURITY OBESSION. AWS Dispobiniliza diversos serviços e guias de boas práticas de Segurança que podem ser usados pelos clientes para aumentar a sua maturidade em segurança e acelerar o atendimento regulatório nos mais diversos setores. MANTEMOS TRANSPARENCIA DOS RELATORIOS DE CERTIFICACOES E AUDITORIAS QUE PODEM SER ACESSADOS E AVALIADOS PELO CLIENTE EM NOSSO PORTAL (FALAREMOS EM DETALHES MAIS A FRENTE) PRIMEIRA A OBTER 27017 (CLOUD) e 2017 (Privacidade).
  7. Cloud Trail Service Health Dash Encryption: Transit: TLS/VPN Rest: KMS/CloudHSM
  8. Cloud Trail Service Health Dash Encryption: Transit: TLS/VPN Rest: KMS/CloudHSM
  9. Macie
  10. Macie
  11. Alineamos los servicios de seguridad de AWS con las 5 epopeyas del Security Cloud Adoption Framework (CAF). El orden de las epopeyas cuenta una historia. https://d0.awsstatic.com/whitepapers/AWS_CAF_Security_Perspective.pdf https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf