SlideShare a Scribd company logo

7-Cloudy with a chance of digitalization.pdf

Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

about cloud controls

Technology
1 of 23
Download to read offline
1 w w w . m e n a i s c . c o m CLOUDY WITH A CHANCE OF DIGITISATION SCOTT MANSON MANAGING DIRECTOR-MIDDLE EAST & TURKEY
Eradicating the fantasy of a Magic Silver bullet past 112 years. 79%
PHILOSOPHY: AGGREGATION OF MARGINAL GAINS IMPROVING EVERYTHING BY 1-2% … LITTLE IMPROVEMENTS FOR TODAY VERSUS BEING UNBEATABLE SOMEDAY …
PHILOSOPHY: AGGREGATION OF MARGINAL GAINS
… Focus on being a little safer everyday Versus Being perfectly unhackable someday …
10 What is stopping us going faster?
• To Clouds • From Clouds • Between Clouds
STRIKE THE CLOUD BALANCE DATA SOVEREIGNTY CONTROL SPEED AND SCALE ECONOMICS AND VALUE $
The Kingdom of Saudi Arabia’s NCA published the Essential Cybersecurity Controls in 2018.
14 The National Cybersecurity Authority established the Essential Cybersecurity Controls (ECC 2018: 1) National Cybersecurity Authority - Essential Cybersecurity Controls Consists of:  5 Main Domains for Cybersecurity ​​Controls  29 Subdomains for Cybersecurity ​​Controls  114 Cybersecurity ​​Controls Applies to  Government entities in the Kingdom of Saudi Arabia (including ministries, agencies, institutions, etc.),  Government affiliates  Private sector entities that have or operate or host national critical infrastructures (CNI)
15 Mapping ECC To Cloud Computing • Domain 4 Specifically Covers Cloud Computing • You Need Control of Data • To Clouds • From Clouds • Between Clouds • Cloud Configuration • Cloud Security Is A Shared Responsibility
16 Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Security Network Control Host Infrastructure Physical Security & Connectivity SaaS PaaS IaaS Cloud 3600 Shared Responsibility Model Service Provider Responsibility Service Provider feature, enterprise configuration Enterprise Responsibility User Responsibility User/Device/Data control Collaboration control © McAfee 2019. OK for reuse if unedited
17 Example: Identity & Access Management • Check all cloud applications • Communicate to all owners • Are they integrated with SSO? Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Security Network Control Host Infrastructure Physical Security & Connectivity SaaS PaaS IaaS Service Provider Responsibility Service Provider feature, enterprise configuration Enterprise Responsibility User Responsibility User/Device/Data control Collaboration control © McAfee 2019. OK for reuse if unedited
18 How To Map ECC To Cloud Computing
19 Mapping ECC To Cloud Computing: Paper Available
20 Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security SaaS PaaS IaaS Technologies Required Cloud 3600 Shared Model Link control, domain check, email controls, encryption User/Device/Data control Collaboration control User Behavior analytics, user & device policies DLP, on demand scan Compromised account detection, malware scanning SSO integration Configuration audit Audit of cloud configurations CIS benchmarking © McAfee 2019. OK for reuse if unedited
21 Approaching NCA ECC Compliance Timeline Implement Critical Security Controls Formalize Security Organization Develop Governance Framework Short to Long term Initiatives Develop Cyber Risk Management Framework Risk Based Control Deployment Embed Review and Improvement Cycle Initial Assessment Develop Standards and Guidelines
McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice at McAfee’s sole discretion. Contact your McAfee representative to obtain the latest forecast, schedule, specifications, and roadmaps. McAfee, the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC.
McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice at McAfee’s sole discretion. Contact your McAfee representative to obtain the latest forecast, schedule, specifications, and roadmaps. McAfee, the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC.

Recommended

mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfAndreBolo1
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk
 

Recommended

mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfAndreBolo1
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Amazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and ControlWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and ControlDavid Etue
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudCapgemini
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summits
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Amazon Web Services
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec investor presentation august 2016
Symantec investor presentation august 2016Symantec investor presentation august 2016
Symantec investor presentation august 2016InvestorSymantec
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...Amazon Web Services
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 
Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxEng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptxEng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 

More Related Content

Similar to 7-Cloudy with a chance of digitalization.pdf

Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and ControlWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and ControlDavid Etue
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudCapgemini
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summits
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Amazon Web Services
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec investor presentation august 2016
Symantec investor presentation august 2016Symantec investor presentation august 2016
Symantec investor presentation august 2016InvestorSymantec
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...Amazon Web Services
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNAMatteo Masi
 

Similar to 7-Cloudy with a chance of digitalization.pdf (20)

Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and ControlWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec investor presentation august 2016
Symantec investor presentation august 2016Symantec investor presentation august 2016
Symantec investor presentation august 2016
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNA
 

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP (10)

Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptx
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
 
slide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdfslide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdf
 
Privacy Risk Study 2023 – Executive Summary.pdf
Privacy Risk Study 2023 – Executive Summary.pdfPrivacy Risk Study 2023 – Executive Summary.pdf
Privacy Risk Study 2023 – Executive Summary.pdf
 
لعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdfلعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdf
 
Endpoint Protection Comparison.pdf
Endpoint Protection Comparison.pdfEndpoint Protection Comparison.pdf
Endpoint Protection Comparison.pdf
 
Ali Ababneh-CV.pdf
Ali Ababneh-CV.pdfAli Ababneh-CV.pdf
Ali Ababneh-CV.pdf
 
اداره 3.ppt
اداره 3.pptاداره 3.ppt
اداره 3.ppt
 
Privacy (1).pptx
Privacy (1).pptxPrivacy (1).pptx
Privacy (1).pptx
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 

Recently uploaded

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

7-Cloudy with a chance of digitalization.pdf

  • 1. 1 w w w . m e n a i s c . c o m CLOUDY WITH A CHANCE OF DIGITISATION SCOTT MANSON MANAGING DIRECTOR-MIDDLE EAST & TURKEY
  • 2.
  • 3.
  • 4. Eradicating the fantasy of a Magic Silver bullet past 112 years. 79%
  • 5. PHILOSOPHY: AGGREGATION OF MARGINAL GAINS IMPROVING EVERYTHING BY 1-2% … LITTLE IMPROVEMENTS FOR TODAY VERSUS BEING UNBEATABLE SOMEDAY …
  • 7.
  • 8. … Focus on being a little safer everyday Versus Being perfectly unhackable someday …
  • 9.
  • 10. 10 What is stopping us going faster?
  • 11. • To Clouds • From Clouds • Between Clouds
  • 12. STRIKE THE CLOUD BALANCE DATA SOVEREIGNTY CONTROL SPEED AND SCALE ECONOMICS AND VALUE $
  • 13. The Kingdom of Saudi Arabia’s NCA published the Essential Cybersecurity Controls in 2018.
  • 14. 14 The National Cybersecurity Authority established the Essential Cybersecurity Controls (ECC 2018: 1) National Cybersecurity Authority - Essential Cybersecurity Controls Consists of:  5 Main Domains for Cybersecurity ​​Controls  29 Subdomains for Cybersecurity ​​Controls  114 Cybersecurity ​​Controls Applies to  Government entities in the Kingdom of Saudi Arabia (including ministries, agencies, institutions, etc.),  Government affiliates  Private sector entities that have or operate or host national critical infrastructures (CNI)
  • 15. 15 Mapping ECC To Cloud Computing • Domain 4 Specifically Covers Cloud Computing • You Need Control of Data • To Clouds • From Clouds • Between Clouds • Cloud Configuration • Cloud Security Is A Shared Responsibility
  • 16. 16 Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Security Network Control Host Infrastructure Physical Security & Connectivity SaaS PaaS IaaS Cloud 3600 Shared Responsibility Model Service Provider Responsibility Service Provider feature, enterprise configuration Enterprise Responsibility User Responsibility User/Device/Data control Collaboration control © McAfee 2019. OK for reuse if unedited
  • 17. 17 Example: Identity & Access Management • Check all cloud applications • Communicate to all owners • Are they integrated with SSO? Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Security Network Control Host Infrastructure Physical Security & Connectivity SaaS PaaS IaaS Service Provider Responsibility Service Provider feature, enterprise configuration Enterprise Responsibility User Responsibility User/Device/Data control Collaboration control © McAfee 2019. OK for reuse if unedited
  • 18. 18 How To Map ECC To Cloud Computing
  • 19. 19 Mapping ECC To Cloud Computing: Paper Available
  • 20. 20 Data Classification & Accountability End-Point Protection Identity & Access Management Application Level Controls Network Control Host Infrastructure Physical Security SaaS PaaS IaaS Technologies Required Cloud 3600 Shared Model Link control, domain check, email controls, encryption User/Device/Data control Collaboration control User Behavior analytics, user & device policies DLP, on demand scan Compromised account detection, malware scanning SSO integration Configuration audit Audit of cloud configurations CIS benchmarking © McAfee 2019. OK for reuse if unedited
  • 21. 21 Approaching NCA ECC Compliance Timeline Implement Critical Security Controls Formalize Security Organization Develop Governance Framework Short to Long term Initiatives Develop Cyber Risk Management Framework Risk Based Control Deployment Embed Review and Improvement Cycle Initial Assessment Develop Standards and Guidelines
  • 22. McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice at McAfee’s sole discretion. Contact your McAfee representative to obtain the latest forecast, schedule, specifications, and roadmaps. McAfee, the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC.
  • 23. McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice at McAfee’s sole discretion. Contact your McAfee representative to obtain the latest forecast, schedule, specifications, and roadmaps. McAfee, the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC.