Ramsés Gallego, profile picture
Uploaded byRamsés Gallego
1,838 views

IT Controls Cloud Webinar - ISACA

The document discusses cloud computing. It defines cloud computing as a pay-as-you-go model for using applications, development platforms, and IT infrastructure. It outlines some of the key domains in cloud computing including architecture, governance, compliance, security, and operations. It also discusses some of the key drivers and challenges of cloud computing. Finally, it discusses frameworks that can be used for assurance in the cloud such as COBIT, SOC reports, ISO27001, and others.

Embed presentation

Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
Compliance Resilience Evidence gathering Forensics Confidence User Access Data Segregation Virtualization Architectures Identity Emerging Recovery Surety Isolation Right to AuditTrust Privacy Web 2.0 Workflow Dispute resolution Traceability Competitive Advantage Data Location Metrics Maturity Models Web Services Incident handling 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 2
What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts ‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 3
What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 4
Definition of the model 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 5
Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 6
Cloud drivers Optimized server utilization Cost savings Dynamic scalability Shortened development lifecycle Reduced time for implementation 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 7
Cloud Computing Challenges Data location Commingled data Security policy/procedure transparency Cloud data ownership Lock-in with CSP’s propietary APIs Record protection for forensic audits Identity & Access Management Screening of other cloud computing clients Compliance requirements Data erasure for current SaaS or PaaS applications 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 8
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 9
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 10
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 11
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 12
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 13
Business drives IT... and Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 14
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 15
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 16
Linking Business Goals to IT Goals 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 17
Assurance in the Cloud COBIT AICPA Service Organization Control (SOC) Report AICPA Trust Services (SysTrust and WebTrust) ISO2700x FedRAMP NIST SP 800-53 Health Information Trust Alliance (HITRUST) BITS 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 18
Assurance in the Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 19
Resources available 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 20
THANK YOU Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.

More Related Content

PDF
The Perfect Storm
byRamsés Gallego
 
PDF
Dataplex Company Overview
bydataplex systems limited
 
PPTX
Cloud Is Built, Now Who's Managing It?
bydoan_slideshares
 
PDF
dataplex company presentation
bydataplex systems limited
 
PDF
Culture structure strategy_for_a_grc_program
byRamsés Gallego
 
PDF
Accelerating the Speed of Innovation - Jason Waxman, Intel
byOpen Data Center Alliance
 
PDF
From technology risk_to_enterprise_risk_the_new_frontier
byRamsés Gallego
 
PDF
Strategic governance performance_management_systems
byRamsés Gallego
 
The Perfect Storm
byRamsés Gallego
 
Dataplex Company Overview
bydataplex systems limited
 
Cloud Is Built, Now Who's Managing It?
bydoan_slideshares
 
dataplex company presentation
bydataplex systems limited
 
Culture structure strategy_for_a_grc_program
byRamsés Gallego
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
byOpen Data Center Alliance
 
From technology risk_to_enterprise_risk_the_new_frontier
byRamsés Gallego
 
Strategic governance performance_management_systems
byRamsés Gallego
 

What's hot

PDF
Day 3 p3 - xs and ec
byLilian Schaffer
 
PPTX
System Center 2012 - IT GRC
byNorman Mayes
 
PPTX
Introduction to RESILIA and Cyber Resilience
byChristian F. Nissen
 
PDF
MitKat Ad
bymanojajgaonkar
 
PDF
The Cloud according to VMware
byOpSource
 
PDF
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
byHyTrust
 
PPT
Unleash Business Innovation with the Next Generation of Cloud Computing
bySam Garforth
 
PDF
Sukhbir jasuja digital_trends_11
byHellenic Professionals Informatics Society
 
PDF
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
byIBM Sverige
 
PDF
NJVC Brochure
bySpencer Nelson
 
DOCX
Umesh R Sharma
byUmesh Sharma
 
PPTX
Veeras_Infotek_Corporate (2)
byRakesh Kumar
 
PPTX
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
byBhavesh Bhagat, CGEIT, CISM (LION)
 
PDF
Avensus Corporate Presentation
byParth Agrawal
 
PPTX
A better waytosecureapps-finalv1
byOracleIDM
 
PDF
Centuric Overview
byCenturic
 
PDF
Fix nix Pitch
byAshok Dandu
 
Day 3 p3 - xs and ec
byLilian Schaffer
 
System Center 2012 - IT GRC
byNorman Mayes
 
Introduction to RESILIA and Cyber Resilience
byChristian F. Nissen
 
MitKat Ad
bymanojajgaonkar
 
The Cloud according to VMware
byOpSource
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
byHyTrust
 
Unleash Business Innovation with the Next Generation of Cloud Computing
bySam Garforth
 
Sukhbir jasuja digital_trends_11
byHellenic Professionals Informatics Society
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
byIBM Sverige
 
NJVC Brochure
bySpencer Nelson
 
Umesh R Sharma
byUmesh Sharma
 
Veeras_Infotek_Corporate (2)
byRakesh Kumar
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
byBhavesh Bhagat, CGEIT, CISM (LION)
 
Avensus Corporate Presentation
byParth Agrawal
 
A better waytosecureapps-finalv1
byOracleIDM
 
Centuric Overview
byCenturic
 
Fix nix Pitch
byAshok Dandu
 

Similar to IT Controls Cloud Webinar - ISACA

PPTX
Enterprise Security in Hybrid Cloud ISACA-SV 2012
bySymosis Security (Previously C-Level Security)
 
PPTX
Enterprise Security in Cloud
byLenin Aboagye
 
PDF
IBM Point of View: Security and Cloud Computing
byIBM India Smarter Computing
 
PDF
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
byptaglephd
 
PDF
110307 cloud security requirements gourley
byGovCloud Network
 
PDF
Cloud Computing 4 Accounting Firms
byDavid Blumentals
 
PPT
Cloud Computing and Records Management
bygbroadbent67
 
PDF
Cloud security and cyber security v 3.1
byCloudExpoEurope
 
PDF
Intel Cloud Summit ODCA - NAB Customer presentation
byIntelAPAC
 
PDF
Build 4 The Cloud By Cisco V Mware2
byAzlan NL
 
PPTX
2012-01 How to Secure a Cloud Identity Roadmap
byRaleigh ISSA
 
PDF
Open Group Conference Csi V5.1
byEnrico Boverino
 
PDF
Cloud Computing 28 Oct09 Research
byRugby7277
 
PPTX
The mobile workforce – A real IT challenge
byExponential_e
 
PDF
ON event - May 2010
byBen Kepes
 
PDF
IBM Point of view -- Security and Cloud Computing (Tivoli)
byIBM India Smarter Computing
 
PDF
MS TechDays 2011 - Generate Revenue on Azure
bySpiffy
 
PPT
Contrast cbt cloud computing - v.2
bycontrastcbt
 
PPTX
Riaan Van Nierkirk, CIO at Mc Gregor - Can business transformation be success...
byGlobal Business Events
 
PDF
How to handle multilayered IT security today
byMarc Vael
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
bySymosis Security (Previously C-Level Security)
 
Enterprise Security in Cloud
byLenin Aboagye
 
IBM Point of View: Security and Cloud Computing
byIBM India Smarter Computing
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
byptaglephd
 
110307 cloud security requirements gourley
byGovCloud Network
 
Cloud Computing 4 Accounting Firms
byDavid Blumentals
 
Cloud Computing and Records Management
bygbroadbent67
 
Cloud security and cyber security v 3.1
byCloudExpoEurope
 
Intel Cloud Summit ODCA - NAB Customer presentation
byIntelAPAC
 
Build 4 The Cloud By Cisco V Mware2
byAzlan NL
 
2012-01 How to Secure a Cloud Identity Roadmap
byRaleigh ISSA
 
Open Group Conference Csi V5.1
byEnrico Boverino
 
Cloud Computing 28 Oct09 Research
byRugby7277
 
The mobile workforce – A real IT challenge
byExponential_e
 
ON event - May 2010
byBen Kepes
 
IBM Point of view -- Security and Cloud Computing (Tivoli)
byIBM India Smarter Computing
 
MS TechDays 2011 - Generate Revenue on Azure
bySpiffy
 
Contrast cbt cloud computing - v.2
bycontrastcbt
 
Riaan Van Nierkirk, CIO at Mc Gregor - Can business transformation be success...
byGlobal Business Events
 
How to handle multilayered IT security today
byMarc Vael
 

More from Ramsés Gallego

PDF
Entel DLP
byRamsés Gallego
 
KEY
Malware mitigation
byRamsés Gallego
 
PPT
Entel SSO
byRamsés Gallego
 
PPT
Entel Service Management
byRamsés Gallego
 
KEY
ISACA Barcelona Chapter Congress - July 2011
byRamsés Gallego
 
PDF
Entel S&RM
byRamsés Gallego
 
KEY
DLP - Network Security Conference_ Ramsés Gallego
byRamsés Gallego
 
PPT
e-Symposium_ISACA_Ramsés_Gallego
byRamsés Gallego
 
KEY
Metrics, measures & Myths
byRamsés Gallego
 
PDF
Modern cyber threats_and_how_to_combat_them_panel
byRamsés Gallego
 
Entel DLP
byRamsés Gallego
 
Malware mitigation
byRamsés Gallego
 
Entel SSO
byRamsés Gallego
 
Entel Service Management
byRamsés Gallego
 
ISACA Barcelona Chapter Congress - July 2011
byRamsés Gallego
 
Entel S&RM
byRamsés Gallego
 
DLP - Network Security Conference_ Ramsés Gallego
byRamsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
byRamsés Gallego
 
Metrics, measures & Myths
byRamsés Gallego
 
Modern cyber threats_and_how_to_combat_them_panel
byRamsés Gallego
 

Recently uploaded

PPTX
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
PDF
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
January Patch Tuesday
byIvanti
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
KM World 2025 Enterprises, KM, & Agentic AI
byEnterprise Knowledge
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PDF
XonTel Plus IP-PBX Business Phone System
byXonTel Technology
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
January Patch Tuesday
byIvanti
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
KM World 2025 Enterprises, KM, & Agentic AI
byEnterprise Knowledge
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
XonTel Plus IP-PBX Business Phone System
byXonTel Technology
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 

IT Controls Cloud Webinar - ISACA

  • 1.
    Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
  • 2.
    Compliance Resilience Evidence gathering Forensics Confidence User Access Data Segregation Virtualization Architectures Identity Emerging Recovery Surety Isolation Right to AuditTrust Privacy Web 2.0 Workflow Dispute resolution Traceability Competitive Advantage Data Location Metrics Maturity Models Web Services Incident handling 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 2
  • 3.
    What is Cloud? Thebiggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts ‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 3
  • 4.
    What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 4
  • 5.
    Definition of themodel 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 5
  • 6.
    Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 6
  • 7.
    Cloud drivers Optimized server utilization Cost savings Dynamic scalability Shortened development lifecycle Reduced time for implementation 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 7
  • 8.
    Cloud Computing Challenges Data location Commingled data Security policy/procedure transparency Cloud data ownership Lock-in with CSP’s propietary APIs Record protection for forensic audits Identity & Access Management Screening of other cloud computing clients Compliance requirements Data erasure for current SaaS or PaaS applications 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 8
  • 9.
    ISACA’s GEIT andManagement Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 9
  • 10.
    ISACA’s GEIT andManagement Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 10
  • 11.
    ISACA’s GEIT andManagement Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 11
  • 12.
    ISACA’s GEIT andManagement Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 12
  • 13.
    ISACA’s GEIT andManagement Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 13
  • 14.
    Business drives IT...and Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 14
  • 15.
    2011 ISACA WebinarProgram. © 2011 ISACA. All rights reserved. 15
  • 16.
    2011 ISACA WebinarProgram. © 2011 ISACA. All rights reserved. 16
  • 17.
    Linking Business Goalsto IT Goals 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 17
  • 18.
    Assurance in theCloud COBIT AICPA Service Organization Control (SOC) Report AICPA Trust Services (SysTrust and WebTrust) ISO2700x FedRAMP NIST SP 800-53 Health Information Trust Alliance (HITRUST) BITS 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 18
  • 19.
    Assurance in theCloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 19
  • 20.
    Resources available 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 20
  • 21.
    THANK YOU Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.