SlideShare a Scribd company logo
Managing risks in the supply chain19 June, 2011Common Assurance Maturity Model Common-Assurance.com1Vladimir JirasekCAMM Steering GroupTwitter @vjirasek
People do not fully trust  The CloudPeople say that they are concerned that their information is not secure in The Cloud
Is the Cloud Secure?19 June, 2011Common Assurance Maturity Model Common-Assurance.com3Can be as secure as any  other IT system Depends on the  model chosenUnderstand the responsibilities All eggs in one basket  is the real questionImplicit trust on providerExit and lock-in
Problem to be solved – trust in the supply chain19 June, 2011Common Assurance Maturity Model Common-Assurance.com4Suppliers for the cloud providerYour businessYour cloud providerEnd to end assurance
What a CIO want19 June, 2011Common Assurance Maturity Model Common-Assurance.com5Provider AProvider BMaturity levels feed into a supplier selection process
19 June, 2011Common Assurance Maturity Model Common-Assurance.com6CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
Overall structure of CAMM components19 June, 2011Common Assurance Maturity Model Common-Assurance.com7TPACFinal maturity scoresMapping to other standardsFree GRC appScoring modelNon CAMM audit resultsMaturityscoresWeightingframeworkWorkBenchAppAudited controlsControls frameworkAuditors
Utilize your current investmentto an another standard e.g. ISOThe Statement Of Applicability (SOA) of source standard is used as a baseline for translationCAMM Guidance documents will help auditors with ”yellow” area intepretations19 June, 2011Common Assurance Maturity Model Common-Assurance.com8Souce standardTarget standarde.g. ISO 2700x SOACAMMTranslateNot implemented > to be CAMM auditedAuditor intepretation of applicability1=1 applicable, no need of intepretation
StakeholdersConsumers – Can form trust relationship based on understantable factsCompanies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customersGovernents – Canhavemore confidence in corporategovernance to remove barriers from global single e-marketsService Providers & Consultancies – Can buildcompetences to achieve the targetIndustry Associations – can excel in defining harmonized model implementations ConsumerGovernmentCAM Commitee
ProgressIt is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011.  The following details the key milestones:Major client, standards and service provider organisations engagedDevelopment of framework and appropriate weighting mechanism underway Development of the framework Control framework created and reviewed Scoring model createdDevelopment of the guidance Guidance material to be completed by end of October 2011Pilot Pilot with major organisation planned for summer 2011 Development of Free GRC tool Major GRC vendor engaged to ad CAMM module

More Related Content

Viewers also liked

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
Vladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Vladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
Vladimir Jirasek
 
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationSolent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Nine23Ltd
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
Vladimir Jirasek
 
Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)
3G4G
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
Positive Hack Days
 
Hotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesHotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and Challenges
Dr. Mazlan Abbas
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
aliirfan04
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

Viewers also liked (13)

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008  Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
 
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationSolent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
 
Hotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesHotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and Challenges
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to CAMM presentation for Cyber Security Gas and Oil june 2011

[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
Assespro Nacional
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
Christophe Monnier
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment Overview
Alan McSweeney
 
Cloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsCloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projects
IBM India Smarter Computing
 
Scalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and complianceScalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and compliance
Peter HJ van Eijk
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
EuroCloud
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
EuroCloud
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]
Scott Satterwhite
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
IBM
 
Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014
GBX Summits
 
SLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 IntroductionSLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 Introduction
Oliver Barreto Rodríguez
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
CloudHesive
 
A perspective on the future of cloud market interxion
A perspective on the future of cloud market   interxionA perspective on the future of cloud market   interxion
A perspective on the future of cloud market interxion
David Terrar
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Databricks
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
Cognizant
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
Christophe Monnier
 
Requirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutionsRequirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutions
IBM Rational software
 
Xuber4London
Xuber4LondonXuber4London
Xuber4London
Xuber
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
Shane Coughlan
 
Business Model Transformation
Business Model TransformationBusiness Model Transformation
Business Model Transformation
Lakshmi Salelkar
 

Similar to CAMM presentation for Cyber Security Gas and Oil june 2011 (20)

[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment Overview
 
Cloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsCloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projects
 
Scalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and complianceScalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and compliance
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
 
Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014
 
SLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 IntroductionSLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 Introduction
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
A perspective on the future of cloud market interxion
A perspective on the future of cloud market   interxionA perspective on the future of cloud market   interxion
A perspective on the future of cloud market interxion
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
Requirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutionsRequirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutions
 
Xuber4London
Xuber4LondonXuber4London
Xuber4London
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
 
Business Model Transformation
Business Model TransformationBusiness Model Transformation
Business Model Transformation
 

More from Vladimir Jirasek

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
Vladimir Jirasek
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
Vladimir Jirasek
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
Vladimir Jirasek
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
Vladimir Jirasek
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
Vladimir Jirasek
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
Vladimir Jirasek
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
Vladimir Jirasek
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
Vladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud  Opportunities For A Single IdentityFederation For The Cloud  Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
Vladimir Jirasek
 

More from Vladimir Jirasek (11)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud  Opportunities For A Single IdentityFederation For The Cloud  Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 

Recently uploaded

Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
Enterprise Knowledge
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
janagijoythi
 
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdfLeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
SelfMade bd
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
KIRAN KV
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
AmandaCheung15
 
Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024
siddu769252
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
FIDO Alliance
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
OnBoard
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 

Recently uploaded (20)

Improving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning ContentImproving Learning Content Efficiency with Reusable Learning Content
Improving Learning Content Efficiency with Reusable Learning Content
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
 
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdfLeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
 
Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 

CAMM presentation for Cyber Security Gas and Oil june 2011

  • 1. Managing risks in the supply chain19 June, 2011Common Assurance Maturity Model Common-Assurance.com1Vladimir JirasekCAMM Steering GroupTwitter @vjirasek
  • 2. People do not fully trust The CloudPeople say that they are concerned that their information is not secure in The Cloud
  • 3. Is the Cloud Secure?19 June, 2011Common Assurance Maturity Model Common-Assurance.com3Can be as secure as any other IT system Depends on the model chosenUnderstand the responsibilities All eggs in one basket is the real questionImplicit trust on providerExit and lock-in
  • 4. Problem to be solved – trust in the supply chain19 June, 2011Common Assurance Maturity Model Common-Assurance.com4Suppliers for the cloud providerYour businessYour cloud providerEnd to end assurance
  • 5. What a CIO want19 June, 2011Common Assurance Maturity Model Common-Assurance.com5Provider AProvider BMaturity levels feed into a supplier selection process
  • 6. 19 June, 2011Common Assurance Maturity Model Common-Assurance.com6CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
  • 7. Overall structure of CAMM components19 June, 2011Common Assurance Maturity Model Common-Assurance.com7TPACFinal maturity scoresMapping to other standardsFree GRC appScoring modelNon CAMM audit resultsMaturityscoresWeightingframeworkWorkBenchAppAudited controlsControls frameworkAuditors
  • 8. Utilize your current investmentto an another standard e.g. ISOThe Statement Of Applicability (SOA) of source standard is used as a baseline for translationCAMM Guidance documents will help auditors with ”yellow” area intepretations19 June, 2011Common Assurance Maturity Model Common-Assurance.com8Souce standardTarget standarde.g. ISO 2700x SOACAMMTranslateNot implemented > to be CAMM auditedAuditor intepretation of applicability1=1 applicable, no need of intepretation
  • 9. StakeholdersConsumers – Can form trust relationship based on understantable factsCompanies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customersGovernents – Canhavemore confidence in corporategovernance to remove barriers from global single e-marketsService Providers & Consultancies – Can buildcompetences to achieve the targetIndustry Associations – can excel in defining harmonized model implementations ConsumerGovernmentCAM Commitee
  • 10. ProgressIt is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011. The following details the key milestones:Major client, standards and service provider organisations engagedDevelopment of framework and appropriate weighting mechanism underway Development of the framework Control framework created and reviewed Scoring model createdDevelopment of the guidance Guidance material to be completed by end of October 2011Pilot Pilot with major organisation planned for summer 2011 Development of Free GRC tool Major GRC vendor engaged to ad CAMM module

Editor's Notes

  1. Security very important issue to peopleBut look at other areas – vendor lock-inAt the same time business teams (marketing) go to cloud services with their credit cards – as IT is tooooo slow
  2. Picture kindly taken from a Microsoft presentationProbably more secure than your local IT – but how to measure thatRisk cannot be outsourced to cloud – so how to measure what the riks with the cloud provider, type and delivery model isIf I use IaaS I still am responsibel for application mangement and potentially OS management