CSA NY Metro Inaugural Event 5 17 2011 Final


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • 6:00 – 6:15 Introductions and welcome Overview of NY Metro CSA Chapter: Pamela Fusco Chapter Chairman/Liaison, CSA Global: Dov Yoran Chapter CFO: Elad Yoran Chapter General Counsel: Peter Chapter Secretary: Jason Chapter Operations Chairman: Scott
  • We think that cloud is the third generation of computing, after mainframes and client server. It actually represents the maturation of the Internet. It is important to have a common definition of the cloud. CSA likes to point out key enablers of cloud: Moore’s law makes the raw MIPS and storage costs cheap Broadband connectivity provides flexibility to move data and applications to different locations SOA (Service Oriented Architecture) simplifies integrating multiple software applications Large Internet Companies have developed economies of scale in dealing with hundreds of millions of users, which allows them to provide cloud service more economically than what enterprises can provide We use NIST’s cloud definition as the standard. It is important to understand that there are many different types of clouds: SaaS, a full business application, PaaS, a rapid application development environment, IaaS, basic compute and storage. They can be deployed in different ways, but they are all characterized as resource pooling with elasticity, multi-tenancy and metered service
  • Scott to discuss his Role and mission Also show logo and website Discuss website development and future capabilities
  • Integral Event -PWC NYC Public Event - Summer Get together -NYC Public Event - Summer Get together - NJ Public Event -NYC Public Event -NJ Public Event -NYC Public Event -NJ Holiday Party-NYC Holiday Party – NJ 7/13/2011 7/14/2011 9/14/2011 9/15/2011 11/8/2011 11/9/2011 12/7/2011 12/8/2011
  • Do visit the website Do join the LinkedIn Groups – you will receive regular email updates
  • Do visit the website Do join the LinkedIn Groups – you will receive regular email updates
  • CSA NY Metro Inaugural Event 5 17 2011 Final

    1. 1. May 17, 2011
    2. 2. May 17, 2011 Agenda <ul><ul><li>6:00 – 6:20 Introductions, welcome and about NY Metro CSA Chapter </li></ul></ul><ul><li>6:20 – 6:30 A few words from our sponsor: PWC </li></ul><ul><li>6:30 – 6:45 About CSA Global: Dov Yoran </li></ul><ul><li>6:45 – 7:15 Committee Chair Overview(s) </li></ul><ul><li>7:15 – 7:30 Open Discussion, Membership Points of Interest </li></ul><ul><ul><ul><li>Upcoming meetings </li></ul></ul></ul><ul><ul><ul><li>Website developments </li></ul></ul></ul><ul><ul><ul><li>How to get involved with CSA </li></ul></ul></ul><ul><li>7:30 - Food Drinks and Networking </li></ul>
    3. 3. Introductory Comments and Welcome: Pamela Fusco <ul><ul><li>Welcome to the CSA NY Metro Chapter Kickoff </li></ul></ul><ul><ul><li>How and why about the Chapter </li></ul></ul><ul><ul><li>Founding members </li></ul></ul><ul><ul><li>Committees </li></ul></ul><ul><ul><li>CSA Global interaction </li></ul></ul><ul><ul><li>Future vision </li></ul></ul>
    4. 4. CSA NY Metro Chapter <ul><ul><li>New York, Connecticut and New Jersey </li></ul></ul><ul><ul><li>Mission – Cloud Risks and threats </li></ul></ul><ul><ul><li>To promote the use of best practices for </li></ul></ul><ul><ul><li>providing security assurance in reducing and </li></ul></ul><ul><ul><li>identifying threats and risks within Cloud Computing </li></ul></ul>
    5. 5. CSA NY Metro Board Members
    6. 6. Dov Yoran - Chairman  Role and Responsibility <ul><li>Background: </li></ul><ul><li>Partner, MetroSITE Group </li></ul><ul><li>Founding Member CSA, contributed to Guidance v1 and v2 </li></ul><ul><li>Focus: </li></ul><ul><li>Establish / maintain relationship with CSA Global </li></ul><ul><li>Ensure NY Metro meets chapter requirements </li></ul><ul><li>Communications to/from Global CSA and NY Metro Chapter </li></ul>
    7. 7. Elad Yoran – Finance Chairman <ul><li>Background: </li></ul><ul><li>Founder & CEO - Security Growth Partners </li></ul><ul><li>Wharton MBA (Truth is that no one else wanted this job) </li></ul><ul><li>Focus: </li></ul><ul><li>CSA NYMetro Chapter - Not for profit entity </li></ul><ul><li>Responsible for financial management of our chapter </li></ul><ul><li>Not chief fundraiser.  Fundraising is all of our responsibilities. Our chapter will be as successful as we enable it to be, i.e. we'll need funds for events, programs, educational and networking activities </li></ul><ul><li>Sponsorships - will put together a sponsorship program.  Looking for volunteers to help develop and manage . Other ideas? </li></ul>
    8. 8. Peter Laberee, Esq. – General Council <ul><li>Background: </li></ul><ul><li>B.A., J.D. – University of Pennsylvania </li></ul><ul><li>29 years of corporate law experience </li></ul><ul><li>Partner in several national law firms </li></ul><ul><li>Founder Laberee Law PC , a corporate law boutique </li></ul><ul><li>Focus: </li></ul><ul><li>Serve as general counsel – legal resource for chapter </li></ul><ul><li>Form CSA NY legal entity and manage books/records with corporate secretary and officers </li></ul><ul><li>Interested in chapter formulating a model form of cloud-based SLA </li></ul>
    9. 9. Jason Falciola – Secretary <ul><li>Background: </li></ul><ul><li>Previously Technical Security Practitioner with IBM MSS </li></ul><ul><li>Currently Technical Account Manager with Qualys - SaaS provider of security & compliance services </li></ul><ul><li>Board member of NJ Infragard chapter </li></ul><ul><li>Focus: </li></ul><ul><li>Ensuring proper documentation and communication of Board meetings and Chapter business/records. </li></ul><ul><li>Supporting relationship with CSA Global. </li></ul><ul><li>Participate in chapter development – It is what we all make of it! </li></ul><ul><li>Volunteer on Events committee (Others?). </li></ul>
    10. 10. About the Cloud Security Alliance: Dov Yoran <ul><ul><li>Global, not-for-profit organization </li></ul></ul><ul><ul><li>19,000+ individual members, 90+ corporate members </li></ul></ul><ul><ul><li>Building best practices and a trusted cloud ecosystem </li></ul></ul><ul><ul><li>Agile philosophy, rapid development of applied research </li></ul></ul><ul><ul><ul><ul><li>GRC: Balance compliance with risk management </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Reference models: build using existing standards </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Identity: a key foundation of a functioning cloud economy </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Champion interoperability </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Advocacy of prudent public policy </li></ul></ul></ul></ul><ul><li>  </li></ul><ul><li>“ To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” </li></ul>
    11. 11. What is Cloud Computing? <ul><ul><li>On demand provisioning </li></ul></ul><ul><ul><li>Elasticity </li></ul></ul><ul><ul><li>Multi-tenancy </li></ul></ul><ul><ul><li>Key types </li></ul></ul><ul><ul><ul><li>Infrastructure as a Service (IaaS): basic O/S & storage </li></ul></ul></ul><ul><ul><ul><li>Platform as a Service (PaaS): IaaS + rapid dev </li></ul></ul></ul><ul><ul><ul><li>Software as a Service (SaaS): complete application </li></ul></ul></ul><ul><ul><li>Public, Private, Community & Hybrid Cloud deployments </li></ul></ul>
    12. 12. <ul><ul><li>Industry leading practices for securing cloud computing. </li></ul></ul><ul><ul><li>14 Domains of concern – governing, operating groupings & Security as a Service (new Candidate!). </li></ul></ul><ul><ul><li>Version 2.1 Guidance already in Use </li></ul></ul><ul><ul><li>Version 3 of Guidance – Work in Progress </li></ul></ul>
    13. 13. Scott Saltz – Operations Chairman <ul><li>Committee Chair </li></ul><ul><ul><li>Scott Saltz </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>(212) 461-3322 x3007 </li></ul></ul><ul><li>Committee Members </li></ul><ul><ul><li>John Bertoli </li></ul></ul><ul><ul><li>Jordan Hadas </li></ul></ul><ul><ul><li>Sundar Narayanaswamy </li></ul></ul><ul><ul><li>Peter Nowak </li></ul></ul><ul><li>• Website - www.CSANYMetro.org </li></ul><ul><li>• LinkedIn - Cloud Security Alliance - New York Metro Chapter </li></ul><ul><li>• All events will be listed on both sites </li></ul><ul><li>• Registration will be through www.CSANYMetro.org </li></ul><ul><li>• Content - submit to info@csanymetro.org </li></ul><ul><li>• Blogs, events, articles, ideas, etc. </li></ul>
    14. 14. Brian Peister – Events Chairman <ul><li>Background </li></ul><ul><li>President & Owner – iSecure LLC –Info. Risk Consulting </li></ul><ul><li>Over 12+ Years of information Security Experience in Retail, Manufacturing, Healthcare, Financial, Insurance, telecom and Gov Sectors. </li></ul><ul><li>Built application security, data protection and incident response programs for Large Enterprises. </li></ul><ul><li>Former NY/ NJ OWASP Board Member. </li></ul><ul><li>Recently architected and implemented Cloud risk framework for large financial institution. </li></ul><ul><ul><li>Focus: </li></ul></ul><ul><ul><li>Facilitate cloud security events focused towards our memberships goals and pain points. </li></ul></ul>
    15. 15. Brian Peister – Events Chairman <ul><li>Locations : New York, New Jersey and Connecticut </li></ul><ul><li>Event Committees - Coordinating and Programming </li></ul><ul><ul><ul><li>Committee Leads - Jason Falciola and Israel Bryski </li></ul></ul></ul><ul><ul><ul><li>Coordinating encompasses, logistics, confirming event agenda, registration and ordering food </li></ul></ul></ul><ul><ul><ul><li>Programs will consist of choosing event topics, confirming speakers, audience focus (CSO, Architect, developer, etc.) and assisting with building event agenda. </li></ul></ul></ul><ul><li>Event Topics & Format – Broad Focus from Executive to Developers Level </li></ul><ul><ul><ul><li>Cloud Security Domains – 14 and counting! </li></ul></ul></ul><ul><ul><ul><li>Projects - GRC Stack, CloudSIRT, Security as a Service, Cloud Audit. </li></ul></ul></ul><ul><ul><ul><li>Various meeting formats: SME Presentations , Roundtables, Panels, Hands on events, Competitions. </li></ul></ul></ul>
    16. 16. Tim Lynam – Education Chairman <ul><ul><li>Develop &quot;Working Group Committees&quot; - Invite individuals to join the CSA NY Metro Chapter and encourage them to be members of Working Groups by: </li></ul></ul><ul><ul><ul><li>Contacting (NY/NJ/CT) (ISSA/ISC2/ISACA) Presidents to market CSA NY Metro Chapter in their respective organizations </li></ul></ul></ul><ul><ul><ul><li>Sending emails to CSA NY chapter member organizations socializing about the new CSA NY chapter </li></ul></ul></ul><ul><ul><ul><li>Documenting guidance on how to join the NY Metro CSA Chapter for new members (direct them to website and registration instructions) </li></ul></ul></ul><ul><ul><ul><li>Advertise (on the web site) committees inviting participation </li></ul></ul></ul>
    17. 17. Education Committee New Project Ideas <ul><ul><li>Prep program for the CCSK developed or guidance on vendors/personnel who offer it. Possibly for Prep program for the CCSK developed or guidance on vendors/personnel who offer it. Possibly for Q2/3 at CSA NY Metro Chapter </li></ul></ul><ul><ul><li>CSA framework aligned with other frameworks like ISO 27001/2, SafeHarbor, Cobit, etc., or repurposed as enhancing the CCM framework to align it with emerging regulatory trends to be determined </li></ul></ul><ul><ul><li>Security assessment in the cloud – guidelines to determine whether or not your vendor has placed you in the cloud without your knowledge. What mandatory controls are needed to be in place? </li></ul></ul><ul><ul><li>Privacy framework for an organization moving to the cloud - personal data in the cloud </li></ul></ul><ul><ul><li>Correlation between vendor risk management and cloud security – organizations typically have reasonably mature vendor risk management programs. We can look at how best to leverage this in a cloud scenario. What should be the approach and what are some of the additional processes and controls an organization would need to consider? </li></ul></ul>
    18. 18. Education Committee New Project Ideas (Continued….) <ul><ul><li>Cloud Assurance – approach & methodology (leverage some of the recent SOC reporting changes) </li></ul></ul><ul><ul><li>Cloud Provider Assessments: Questionnaire to be provided on Web Site by CSA NY Metro to meet the minimum CSA baseline </li></ul></ul><ul><ul><li>Identify the additional information security risks associated with the Cloud and what are the additional risks the Cloud Provider is going to introduce by hosting your environment </li></ul></ul><ul><ul><li>Possible working group for SAS70 processes to be updated for the Cloud </li></ul></ul><ul><ul><li>Benefits of using the Cloud for a cost, recourse, time, and security perspective . Kill” White Paper Development </li></ul></ul>
    19. 19. Education Committee New Project Ideas (Continued…) <ul><li>3-5 people per whitepaper working group review, 1 to chair/editor, others to research/review: </li></ul><ul><ul><ul><li>Domain 7 DR/BC review whitepaper – Tim: Q2/3 </li></ul></ul></ul><ul><ul><ul><li>Domain 4 Compliance and Audit whitepaper – Don, Karthik:Q3/4 </li></ul></ul></ul><ul><ul><ul><li>Domain 3 - All Domains Overview for Contract and SLA Negotiations – Tim, Karthik: Q4 </li></ul></ul></ul>
    20. 20. CCSK Training and Certification Support/Initiation <ul><ul><li>CSA CCSK Certificate versus a Certification: develop possible guidance for CSA to establish a certification program. (Right now, it is only a certificate after taking the test but input from our committee will be essential to determine the certification process with input from the other committees possibly) </li></ul></ul><ul><ul><ul><li>(For example: Could a CIA, CISA, CRISC, CGEIT CISSP or CISM along with the CCSK certificate and work experience be part of a certification process?) </li></ul></ul></ul><ul><ul><li>http://ccsk-training.eventbrite.com/ </li></ul></ul><ul><ul><li>How can we increase the marketability of the CCSK? What is its USP (unique selling proposition)? </li></ul></ul>
    21. 21. Membership Committee <ul><li>Developing our membership </li></ul><ul><li>Opportunities for members </li></ul><ul><li>How to get involved </li></ul><ul><li>Leveraging website for community and membership events, activities and committees </li></ul>
    22. 22. Proposed Meetings
    23. 23. Contact <ul><ul><li>To volunteer and get involved please contact us at: [email_address] </li></ul></ul><ul><li>Website: www.CSANYMetro.org </li></ul><ul><ul><li>Find us on LinkedIn: http://www.linkedin.com/groups?mostPopular=&gid=3606473 </li></ul></ul>
    24. 24. Thank You!