SlideShare a Scribd company logo
1 of 21
Urs Fischer
                               CISA, CRISC, CIA, CPA (Swiss)
                               Switzerland


                               Ramsés Gallego
                               CISM, CGEIT, CISSP, SCPM, CCSK, ITIL,
                               Six Sigma Black Belt
                               Chief Strategy Officer
                               Entelgy Security practice




2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
Compliance
Resilience                                              Evidence gathering

 Forensics Confidence
           User Access Data Segregation
                                                              Virtualization
Architectures


                                                   Identity
       Emerging
                   Recovery
   Surety                            Isolation

 Right to AuditTrust                            Privacy Web 2.0
                                                            Workflow
                                                                   Dispute resolution
       Traceability
     Competitive Advantage
                                          Data Location
                    Metrics                             Maturity Models
                                                   Web Services

        Incident handling
             2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.             2
What is Cloud?

The biggest evolution in technology that can have an impact
similar to the birth of the Internet


Number 1 on the list of ‘10 strategic technologies’ of all the
analysts


‘Unless you’ve been under a rock recently, you’ve probably heard
Cloud Computing as the next revolution in IT’ - CFO Magazine




                  2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   3
What is Cloud?

 A pay-as-you-go model for using applications,
 development platforms and/or IT infrastructure




             2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   4
Definition of the model




            2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   5
Cloud domains
                                 Cloud Architecture




                                                                                                  Governing the Cloud
                                 Governance and Enterprise Risk Management

                                 Legal and Electronic Discovery

                                 Compliance and Audit

                                 Information Lifecycle Management

                                 Portability and Interoperability

                                 Security, Business Continuity and Disaster Recovery
        Operating in the Cloud




                                 Data Center Operations

                                 Incident Response, Notification, Remediation

                                 Application Security

                                 Encryption and Key Management

                                 Identity and Access Management

                                 Virtualization

                                 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.                         6
Cloud drivers

  Optimized server utilization
  Cost savings
  Dynamic scalability
  Shortened development lifecycle
  Reduced time for implementation


           2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   7
Cloud Computing Challenges
  Data location
  Commingled data
  Security policy/procedure transparency
  Cloud data ownership
  Lock-in with CSP’s propietary APIs
  Record protection for forensic audits
  Identity & Access Management
  Screening of other cloud computing clients
  Compliance requirements
  Data erasure for current SaaS or PaaS applications

                  2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   8
ISACA’s GEIT and Management Frameworks




              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   9
ISACA’s GEIT and Management Frameworks




              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   10
ISACA’s GEIT and Management Frameworks




              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   11
ISACA’s GEIT and Management Frameworks




              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   12
ISACA’s GEIT and Management Frameworks




              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   13
Business drives IT... and Cloud




           2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   14
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   15
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   16
Linking Business Goals to IT Goals




            2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   17
Assurance in the Cloud
  COBIT

  AICPA Service Organization Control (SOC) Report

  AICPA Trust Services (SysTrust and WebTrust)

  ISO2700x

  FedRAMP

  NIST SP 800-53

  Health Information Trust Alliance (HITRUST)

  BITS
              2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   18
Assurance in the Cloud




          2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   19
Resources available




          2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.   20
THANK YOU
                            Urs Fischer
                            CISA, CRISC, CIA, CPA (Swiss)
                            Switzerland

                            Ramsés Gallego
                            CISM, CGEIT, CISSP, SCPM, CCSK, ITIL,
                            Six Sigma Black Belt
                            Chief Strategy Officer
                            Entelgy Security practice

2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.

More Related Content

What's hot

The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011IBM Sverige
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesBhavesh Bhagat, CGEIT, CISM (LION)
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate PresentationParth Agrawal
 
Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Rakesh Kumar
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric OverviewCenturic
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 

What's hot (19)

Umesh R Sharma
Umesh R SharmaUmesh R Sharma
Umesh R Sharma
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRC
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud Computing
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
 
NJVC Brochure
NJVC BrochureNJVC Brochure
NJVC Brochure
 
Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
 
Day 3 p3 - xs and ec
Day 3   p3 - xs and ecDay 3   p3 - xs and ec
Day 3 p3 - xs and ec
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
 
MitKat Ad
MitKat AdMitKat Ad
MitKat Ad
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate Presentation
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix Pitch
 
Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric Overview
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 

Similar to IT Controls Cloud Webinar - ISACA

Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1CloudExpoEurope
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printMarc Vael
 
Cloud conference & expo presentation
Cloud conference & expo presentationCloud conference & expo presentation
Cloud conference & expo presentationTelstra
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Netapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your CloudNetapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your CloudGlobal Business Events
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextMicrosoft Norge AS
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Cisco tec chris young - security intelligence operations
Cisco tec   chris young - security intelligence operationsCisco tec   chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)Cloudera, Inc.
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntelAPAC
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 

Similar to IT Controls Cloud Webinar - ISACA (20)

Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) print
 
Antonio piraino v1
Antonio piraino v1Antonio piraino v1
Antonio piraino v1
 
Cloud conference & expo presentation
Cloud conference & expo presentationCloud conference & expo presentation
Cloud conference & expo presentation
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Netapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your CloudNetapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your Cloud
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustext
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Cisco tec chris young - security intelligence operations
Cisco tec   chris young - security intelligence operationsCisco tec   chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentation
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 

More from Ramsés Gallego

ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011Ramsés Gallego
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service ManagementRamsés Gallego
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & MythsRamsés Gallego
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoRamsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_GallegoRamsés Gallego
 

More from Ramsés Gallego (10)

ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service Management
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & Myths
 
Malware mitigation
Malware mitigationMalware mitigation
Malware mitigation
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallego
 
Entel SSO
Entel SSOEntel SSO
Entel SSO
 
Entel DLP
Entel DLPEntel DLP
Entel DLP
 
Entel S&RM
Entel S&RMEntel S&RM
Entel S&RM
 

Recently uploaded

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 

Recently uploaded (20)

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 

IT Controls Cloud Webinar - ISACA

  • 1. Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
  • 2. Compliance Resilience Evidence gathering Forensics Confidence User Access Data Segregation Virtualization Architectures Identity Emerging Recovery Surety Isolation Right to AuditTrust Privacy Web 2.0 Workflow Dispute resolution Traceability Competitive Advantage Data Location Metrics Maturity Models Web Services Incident handling 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 2
  • 3. What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts ‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 3
  • 4. What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 4
  • 5. Definition of the model 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 5
  • 6. Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 6
  • 7. Cloud drivers Optimized server utilization Cost savings Dynamic scalability Shortened development lifecycle Reduced time for implementation 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 7
  • 8. Cloud Computing Challenges Data location Commingled data Security policy/procedure transparency Cloud data ownership Lock-in with CSP’s propietary APIs Record protection for forensic audits Identity & Access Management Screening of other cloud computing clients Compliance requirements Data erasure for current SaaS or PaaS applications 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 8
  • 9. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 9
  • 10. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 10
  • 11. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 11
  • 12. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 12
  • 13. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 13
  • 14. Business drives IT... and Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 14
  • 15. 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 15
  • 16. 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 16
  • 17. Linking Business Goals to IT Goals 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 17
  • 18. Assurance in the Cloud COBIT AICPA Service Organization Control (SOC) Report AICPA Trust Services (SysTrust and WebTrust) ISO2700x FedRAMP NIST SP 800-53 Health Information Trust Alliance (HITRUST) BITS 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 18
  • 19. Assurance in the Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 19
  • 20. Resources available 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 20
  • 21. THANK YOU Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.