Urs Fischer                               CISA, CRISC, CIA, CPA (Swiss)                               Switzerland         ...
ComplianceResilience                                              Evidence gathering Forensics Confidence           User Ac...
What is Cloud?The biggest evolution in technology that can have an impactsimilar to the birth of the InternetNumber 1 on t...
What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure             20...
Definition of the model            2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   5
Cloud domains                                 Cloud Architecture                                                          ...
Cloud drivers  Optimized server utilization  Cost savings  Dynamic scalability  Shortened development lifecycle  Reduced t...
Cloud Computing Challenges  Data location  Commingled data  Security policy/procedure transparency  Cloud data ownership  ...
ISACA’s GEIT and Management Frameworks              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   9
ISACA’s GEIT and Management Frameworks              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   10
ISACA’s GEIT and Management Frameworks              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   11
ISACA’s GEIT and Management Frameworks              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   12
ISACA’s GEIT and Management Frameworks              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   13
Business drives IT... and Cloud           2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   14
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   15
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   16
Linking Business Goals to IT Goals            2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   17
Assurance in the Cloud  COBIT  AICPA Service Organization Control (SOC) Report  AICPA Trust Services (SysTrust and WebTrus...
Assurance in the Cloud          2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   19
Resources available          2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   20
THANK YOU                            Urs Fischer                            CISA, CRISC, CIA, CPA (Swiss)                 ...
Upcoming SlideShare
Loading in …5
×

IT Controls Cloud Webinar - ISACA

2,078 views

Published on

Published in: Technology, Business
  • Be the first to comment

IT Controls Cloud Webinar - ISACA

  1. 1. Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
  2. 2. ComplianceResilience Evidence gathering Forensics Confidence User Access Data Segregation VirtualizationArchitectures Identity Emerging Recovery Surety Isolation Right to AuditTrust Privacy Web 2.0 Workflow Dispute resolution Traceability Competitive Advantage Data Location Metrics Maturity Models Web Services Incident handling 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 2
  3. 3. What is Cloud?The biggest evolution in technology that can have an impactsimilar to the birth of the InternetNumber 1 on the list of ‘10 strategic technologies’ of all theanalysts‘Unless you’ve been under a rock recently, you’ve probably heardCloud Computing as the next revolution in IT’ - CFO Magazine 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 3
  4. 4. What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 4
  5. 5. Definition of the model 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 5
  6. 6. Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 6
  7. 7. Cloud drivers Optimized server utilization Cost savings Dynamic scalability Shortened development lifecycle Reduced time for implementation 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 7
  8. 8. Cloud Computing Challenges Data location Commingled data Security policy/procedure transparency Cloud data ownership Lock-in with CSP’s propietary APIs Record protection for forensic audits Identity & Access Management Screening of other cloud computing clients Compliance requirements Data erasure for current SaaS or PaaS applications 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 8
  9. 9. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 9
  10. 10. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 10
  11. 11. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 11
  12. 12. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 12
  13. 13. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 13
  14. 14. Business drives IT... and Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 14
  15. 15. 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 15
  16. 16. 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 16
  17. 17. Linking Business Goals to IT Goals 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 17
  18. 18. Assurance in the Cloud COBIT AICPA Service Organization Control (SOC) Report AICPA Trust Services (SysTrust and WebTrust) ISO2700x FedRAMP NIST SP 800-53 Health Information Trust Alliance (HITRUST) BITS 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 18
  19. 19. Assurance in the Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 19
  20. 20. Resources available 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 20
  21. 21. THANK YOU Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.

×