SlideShare a Scribd company logo

Making Sense of Security and Compliance

Armor
Armor

Kurt Hagerman, CISO of FireHost, gave a presentation on security and compliance. He discussed common myths and misperceptions around security and compliance, such as compliance covering all security needs or being a blueprint for a security program. Hagerman emphasized the importance of both security and compliance, especially in the cloud. He cautioned cloud consumers to evaluate what cloud providers actually do for security and compliance, not just what they say, through documentation of controls, independent audits, and mapping of controls to frameworks. Hagerman concluded by advising cloud consumers to work with transparent providers that can clearly explain how they assist with risk mitigation and compliance requirements.

TechnologyNews & Politics
1 of 14
28 April 2014 Making Sense of Security & Compliance Kurt Hagerman, CISO
Security vs. Compliance Today’s Speaker Kurt Hagerman Chief Information Security Officer Kurt Hagerman oversees all compliance related and security initiatives. He is responsible for leading FireHost in attaining ISO, PCI, HIPAA and other certifications which allow FireHost customers to more easily achieve their own compliance requirements. He regularly speaks and writes on information security topics in the payments and healthcare spaces, as well as on cloud security.
Agenda • Security & Compliance in the Cloud • Myths & Misperceptions • Beyond Compliance: Taking Security to the Next Level • Compliance and Your Provider • It’s Not What They Say – It’s What They Do • Be a Smarter Cloud Consumer • Questions & Answers Security vs. Compliance
• Security is vital for all clouds • Regulatory compliance is vital for sensitive data • Example: PCI is prescriptive • The cloud requires both components There is a lot of confusion around the relationship between security and compliance, and it’s especially true for the cloud. Security and Compliance in the Cloud Security vs. Compliance
Compliance and security are the same thing Security and compliance play different roles Myths & Misperceptions #1 Security vs. Compliance
Meeting compliance regulations covers all security needs Every organization has security needs beyond compliance requirements Myths & Misperceptions #2 Security vs. Compliance
Compliance requirements are a good blueprint for building a security program An effective security program should be built from the ground up based on the organization’s needs Myths & Misperceptions #3 Security vs. Compliance
• Beef up your security • Reduce your attack appeal • Pay attention to anomalous activities • Turn your data into your watchdog Beyond Compliance: Taking Security to the Next Level Security vs. Compliance
• There are pretty outrageous statements being made • Sounds good, but it’s kind of like the old Wendy’s commercial where Clara shouts out “Where’s the beef?” • What do they actually mean to you, the cloud consumer? Are you confused, frustrated? (I know I am) HITRUST 2014: PHI and the Cloud Compliance and Your Provider
It’s Not What They Say… It’s What They DO • Do you know what your vendor is really doing for you? • Do they provide information on the specific security controls that are included with their service? • Have they mapped their services and security controls to the HIPAA/HITECH requirements? • Does your vendor use third parties to provide services to you? • Have they, and their third parties, been independently assessed? • Do you know who to call when something goes wrong? • What about the privacy and breach rule? • How do I manage a compliance program with multiple vendors all providing my “cloud services”? HITRUST 2014: PHI and the Cloud
Be A Smarter Cloud Consumer HITRUST 2014: PHI and the Cloud Work with vendors that are transparent about how they directly assist you in mitigating risk & addressing your compliance requirements. Your vendor should……. • Provide a clear, concise explanation of the specific security controls they include and how these assist you • Articulate the boundaries between their responsibility and yours • Provide documentation that backs up any assertions about being “HIPAA Compliant” including: • Independent audit reports that clearly state the scope of the assessment • The controls framework used • How this compliance can be leveraged by YOU
Security vs. Compliance What’s Next • Documentation review • Evaluating policies and procedures • Risk assessment PCI 3.0: Getting Ready 6 Months Out May 20, 2014
Security vs. Compliance &Answers Questions
Security vs. Compliance Thank You Emai Kurt Hagerman Chief Information Security Officer kurt.hagerman@firehost.com

Recommended

HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDESplend
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebBoyd Neil
 
Information security
Information securityInformation security
Information securityakku12342006
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by DesignData Con LA
 
The Internet of Shit Goes to Court
The Internet of Shit Goes to CourtThe Internet of Shit Goes to Court
The Internet of Shit Goes to CourtFrederike Kaltheuner
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Sagara Gunathunga
 
3 dprinting @ sirris
3 dprinting @ sirris3 dprinting @ sirris
3 dprinting @ sirrisSirris
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital spaceYves Sinka
 

Recommended

HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDESplend
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebBoyd Neil
 
Information security
Information securityInformation security
Information securityakku12342006
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by DesignData Con LA
 
The Internet of Shit Goes to Court
The Internet of Shit Goes to CourtThe Internet of Shit Goes to Court
The Internet of Shit Goes to CourtFrederike Kaltheuner
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Sagara Gunathunga
 
3 dprinting @ sirris
3 dprinting @ sirris3 dprinting @ sirris
3 dprinting @ sirrisSirris
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital spaceYves Sinka
 
Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...
Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...
Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...Digiday
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updatedAdvent IM Ltd
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypresFairSay
 
Post-quantum cryptography: facts, myths, and business opportunity
Post-quantum cryptography: facts, myths, and business opportunityPost-quantum cryptography: facts, myths, and business opportunity
Post-quantum cryptography: facts, myths, and business opportunityTuanTrinh53
 
Gdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesGdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesSteven Meister
 
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveCybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveData Con LA
 
BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...
BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...
BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...Kurt Hagerman
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Cloud compliance test
Cloud compliance testCloud compliance test
Cloud compliance testPrancer Io
 
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
 
Keys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudKeys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudArmor
 
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Dana Gardner
 
pci compliance for dummies
pci compliance for dummiespci compliance for dummies
pci compliance for dummiesAmithap Krishnan
 
Moving to the Cloud: Client Communication Best Practices for Law Firms
Moving to the Cloud: Client Communication Best Practices for Law FirmsMoving to the Cloud: Client Communication Best Practices for Law Firms
Moving to the Cloud: Client Communication Best Practices for Law FirmsClio - Cloud-Based Legal Technology
 
200 IT Secutiry Job Interview Question
200 IT Secutiry Job Interview Question200 IT Secutiry Job Interview Question
200 IT Secutiry Job Interview QuestionPanji Ramadhan Hadjarati
 
SpeakBio
SpeakBioSpeakBio
SpeakBioCarrie Price
 
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactFirehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactArmor
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainShawn Brown
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 

More Related Content

What's hot

Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...
Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...
Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...Digiday
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updatedAdvent IM Ltd
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypresFairSay
 
Post-quantum cryptography: facts, myths, and business opportunity
Post-quantum cryptography: facts, myths, and business opportunityPost-quantum cryptography: facts, myths, and business opportunity
Post-quantum cryptography: facts, myths, and business opportunityTuanTrinh53
 
Gdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesGdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesSteven Meister
 
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveCybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveData Con LA
 

What's hot (8)

Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...
Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...
Trust :: Data: Beyond blockchain hype, Tradestreaming Money Conference, Novem...
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updated
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypres
 
Post-quantum cryptography: facts, myths, and business opportunity
Post-quantum cryptography: facts, myths, and business opportunityPost-quantum cryptography: facts, myths, and business opportunity
Post-quantum cryptography: facts, myths, and business opportunity
 
Gdpr questions for compliance difficulties
Gdpr questions for compliance difficultiesGdpr questions for compliance difficulties
Gdpr questions for compliance difficulties
 
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveCybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
 

Similar to Making Sense of Security and Compliance

BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...
BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...
BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...Kurt Hagerman
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Cloud compliance test
Cloud compliance testCloud compliance test
Cloud compliance testPrancer Io
 
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
 
Keys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudKeys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudArmor
 
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Dana Gardner
 
pci compliance for dummies
pci compliance for dummiespci compliance for dummies
pci compliance for dummiesAmithap Krishnan
 
Moving to the Cloud: Client Communication Best Practices for Law Firms
Moving to the Cloud: Client Communication Best Practices for Law FirmsMoving to the Cloud: Client Communication Best Practices for Law Firms
Moving to the Cloud: Client Communication Best Practices for Law FirmsClio - Cloud-Based Legal Technology
 
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactFirehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactArmor
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainShawn Brown
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
The Cloud Security Rules
The Cloud Security RulesThe Cloud Security Rules
The Cloud Security RulesKai Roer
 
Mork - CISO Summit USA 2016 - Security in an Outsourced World
Mork - CISO Summit USA 2016 - Security in an Outsourced WorldMork - CISO Summit USA 2016 - Security in an Outsourced World
Mork - CISO Summit USA 2016 - Security in an Outsourced WorldNothing Nowhere
 
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...Dana Gardner
 
lecture on cyber security_1234567890.ppt
lecture on cyber security_1234567890.pptlecture on cyber security_1234567890.ppt
lecture on cyber security_1234567890.pptVijayDSK1
 
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!Shelly Megan
 

Similar to Making Sense of Security and Compliance (20)

BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...
BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...
BECOME A SMARTER CLOUD CONSUMER - Ripping through the Rhetoric to Find Your C...
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Cloud compliance test
Cloud compliance testCloud compliance test
Cloud compliance test
 
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
Keys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudKeys To Better Data Security In the Cloud
Keys To Better Data Security In the Cloud
 
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
Right-Sizing the Security and Information Assurance for Companies, a Core-ver...
 
pci compliance for dummies
pci compliance for dummiespci compliance for dummies
pci compliance for dummies
 
Moving to the Cloud: Client Communication Best Practices for Law Firms
Moving to the Cloud: Client Communication Best Practices for Law FirmsMoving to the Cloud: Client Communication Best Practices for Law Firms
Moving to the Cloud: Client Communication Best Practices for Law Firms
 
200 IT Secutiry Job Interview Question
200 IT Secutiry Job Interview Question200 IT Secutiry Job Interview Question
200 IT Secutiry Job Interview Question
 
SpeakBio
SpeakBioSpeakBio
SpeakBio
 
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational ImpactFirehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychain
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
The Cloud Security Rules
The Cloud Security RulesThe Cloud Security Rules
The Cloud Security Rules
 
Mork - CISO Summit USA 2016 - Security in an Outsourced World
Mork - CISO Summit USA 2016 - Security in an Outsourced WorldMork - CISO Summit USA 2016 - Security in an Outsourced World
Mork - CISO Summit USA 2016 - Security in an Outsourced World
 
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...
How a Widely Distributed Dental Firm Protects Sensitive Data While Making It ...
 
lecture on cyber security_1234567890.ppt
lecture on cyber security_1234567890.pptlecture on cyber security_1234567890.ppt
lecture on cyber security_1234567890.ppt
 
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
 

More from Armor

The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0Armor
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the CloudArmor
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
With FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & SecurityWith FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & SecurityArmor
 
FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedArmor
 
FireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the CloudFireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the CloudArmor
 
Firehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers ApplicationsFirehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers ApplicationsArmor
 
Firehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data EnvirnmentFirehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data EnvirnmentArmor
 
Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is? Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is? Armor
 
Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0Armor
 
Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant Armor
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Armor
 
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...Armor
 
FireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityFireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityArmor
 
FireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster PreventionFireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster PreventionArmor
 
Cloud Computing Best Practices
Cloud Computing Best PracticesCloud Computing Best Practices
Cloud Computing Best PracticesArmor
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataArmor
 

More from Armor (20)

The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0Getting Ready for PCI DSS 3.0
Getting Ready for PCI DSS 3.0
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the Cloud
 
Ransomware
Ransomware Ransomware
Ransomware
 
With FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & SecurityWith FireHost You Can Have it All: Performance & Security
With FireHost You Can Have it All: Performance & Security
 
FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository Deconstructed
 
FireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the CloudFireHost Webinar: The Service You Should Expect in the Cloud
FireHost Webinar: The Service You Should Expect in the Cloud
 
Firehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers ApplicationsFirehost Webinar: How a Secure High Performance Cloud Powers Applications
Firehost Webinar: How a Secure High Performance Cloud Powers Applications
 
Firehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data EnvirnmentFirehost Webinar: Validating your Cardholder Data Envirnment
Firehost Webinar: Validating your Cardholder Data Envirnment
 
Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is? Firehost Webinar: Do you know where your Cardholder Data Environment is?
Firehost Webinar: Do you know where your Cardholder Data Environment is?
 
Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0Firehost Webinar: Getting Ready for PCI 3.0
Firehost Webinar: Getting Ready for PCI 3.0
 
Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant Firehost Webinar: Getting Hipaa Compliant
Firehost Webinar: Getting Hipaa Compliant
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1
 
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
FireHost Webinar: How a Secure High Performance Cloud Powers Critical Applica...
 
FireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent SecurityFireHost Webinar: Protect Your Application With Intelligent Security
FireHost Webinar: Protect Your Application With Intelligent Security
 
FireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster PreventionFireHost Webinar: 6 Must Have Tools For Disaster Prevention
FireHost Webinar: 6 Must Have Tools For Disaster Prevention
 
Cloud Computing Best Practices
Cloud Computing Best PracticesCloud Computing Best Practices
Cloud Computing Best Practices
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Making Sense of Security and Compliance

  • 1. 28 April 2014 Making Sense of Security & Compliance Kurt Hagerman, CISO
  • 2. Security vs. Compliance Today’s Speaker Kurt Hagerman Chief Information Security Officer Kurt Hagerman oversees all compliance related and security initiatives. He is responsible for leading FireHost in attaining ISO, PCI, HIPAA and other certifications which allow FireHost customers to more easily achieve their own compliance requirements. He regularly speaks and writes on information security topics in the payments and healthcare spaces, as well as on cloud security.
  • 3. Agenda • Security & Compliance in the Cloud • Myths & Misperceptions • Beyond Compliance: Taking Security to the Next Level • Compliance and Your Provider • It’s Not What They Say – It’s What They Do • Be a Smarter Cloud Consumer • Questions & Answers Security vs. Compliance
  • 4. • Security is vital for all clouds • Regulatory compliance is vital for sensitive data • Example: PCI is prescriptive • The cloud requires both components There is a lot of confusion around the relationship between security and compliance, and it’s especially true for the cloud. Security and Compliance in the Cloud Security vs. Compliance
  • 5. Compliance and security are the same thing Security and compliance play different roles Myths & Misperceptions #1 Security vs. Compliance
  • 6. Meeting compliance regulations covers all security needs Every organization has security needs beyond compliance requirements Myths & Misperceptions #2 Security vs. Compliance
  • 7. Compliance requirements are a good blueprint for building a security program An effective security program should be built from the ground up based on the organization’s needs Myths & Misperceptions #3 Security vs. Compliance
  • 8. • Beef up your security • Reduce your attack appeal • Pay attention to anomalous activities • Turn your data into your watchdog Beyond Compliance: Taking Security to the Next Level Security vs. Compliance
  • 9. • There are pretty outrageous statements being made • Sounds good, but it’s kind of like the old Wendy’s commercial where Clara shouts out “Where’s the beef?” • What do they actually mean to you, the cloud consumer? Are you confused, frustrated? (I know I am) HITRUST 2014: PHI and the Cloud Compliance and Your Provider
  • 10. It’s Not What They Say… It’s What They DO • Do you know what your vendor is really doing for you? • Do they provide information on the specific security controls that are included with their service? • Have they mapped their services and security controls to the HIPAA/HITECH requirements? • Does your vendor use third parties to provide services to you? • Have they, and their third parties, been independently assessed? • Do you know who to call when something goes wrong? • What about the privacy and breach rule? • How do I manage a compliance program with multiple vendors all providing my “cloud services”? HITRUST 2014: PHI and the Cloud
  • 11. Be A Smarter Cloud Consumer HITRUST 2014: PHI and the Cloud Work with vendors that are transparent about how they directly assist you in mitigating risk & addressing your compliance requirements. Your vendor should……. • Provide a clear, concise explanation of the specific security controls they include and how these assist you • Articulate the boundaries between their responsibility and yours • Provide documentation that backs up any assertions about being “HIPAA Compliant” including: • Independent audit reports that clearly state the scope of the assessment • The controls framework used • How this compliance can be leveraged by YOU
  • 12. Security vs. Compliance What’s Next • Documentation review • Evaluating policies and procedures • Risk assessment PCI 3.0: Getting Ready 6 Months Out May 20, 2014
  • 14. Security vs. Compliance Thank You Emai Kurt Hagerman Chief Information Security Officer kurt.hagerman@firehost.com

Editor's Notes

  1. Neil: Next month, we’ll have another webinar on PCI 3.0 - and this time we’ll go into more detail and talk about documentation review, evaluating policies and procedures and conducting a risk assessment.  
  2. Neil: Now that we’ve taken a look at the difference between compliance and security, let’s hear your questions. If you have any challenges that you’re facing, let us know and we’ll talk about the right actions to take. Just use the chat feature to submit your questions.
  3. Will: Thank you for joining us today. We hope you enjoyed learning more about security and compliance and that we answered all of your questions. Within a day or so, you’ll receive a recording of this webinar in an email. To learn more, please visit us at firehost.com – and don’t forget to attend our next webinar on <date> for <xx>. We look forward to seeing you again.