SlideShare uma empresa Scribd logo

Simplifying Security for Cloud Adoption - Defining your game plan

Securestorm
Securestorm

An approach to cloud adoption is a secure way. As security is a major concern for many organisations adopting cloud services, this is a way of starting the cloud adoption security strategy in a cost effective way. Basically leveraging existing standards and approaches.

Tecnologia
1 de 10
Baixar para ler offline
SIMPLIFYING SECURITY FOR CLOUD ADOPTION - DEFINING YOUR GAME PLAN With Mandeep Obhrai (CEO)
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM WHO ARE IACS? WE ARE SECURITY EXPERTS THAT UNDERSTAND AND ENHANCE BUSINESSES. WE WORK WITH UK GOV AND COMMERICAL ORGS ON THEIR CLOUD ADOPTION AND SECURITY INITIATIVES. WE SUPPORT THE CSA EMEA TEAM AND BOARD. WE ARE CSA CCSK AND STAR CERTIFIED. CLOUD SECURITY CYBER SECURITY SECURITY and COMPLIANCE THREAT and VULNERABILITY SERVICES
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM CHALLENGE AND RESPONSE CHALLENGE • Lots of guidance, advice, horror stories, reasons to move to the cloud and reasons not to move to the cloud! • Organisations get hung-up on myths, perception and other organisations’ stories, albeit good or bad. RESPONSE • Simple guidance to help you define YOUR ‘Game’ plan that fits your organisation to move to the cloud. • 10 simple and practical steps to ensure that you don’t overcomplicate the initiative.
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS 01 Scope 02 Why? 03 Why Not? 04 Review 05 Assess Criticality 06 80 / 20 Principle 07 Threat Modelling 08 Define Requirements 09 Choose Solutions 10 Engage and Demand
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS Next month at CSA Congress EMEA 2015, I’ll be explaining how to develop a winning cloud adoption game plan in detail and the checklist below highlights the key points forming the basis of my presentation. These ten steps will help you define your adoption strategy, highlight key require- ments and make the right decisions about processes and business and technical controls. Read on to discover if your organisation is match-fit for cloud adoption. Scope Start by determining the scope of the task ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. 01 Why? Ask yourself why you’re migrating your chosen ap- plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. 02 Why not? List your top five 03 Review Review steps 1 to 3 and 04 Next month at CSA Congress EMEA 2015, I’ll be explaining how to develop a winning cloud adoption game plan in detail and the checklist below highlights the key points forming the basis of my presentation. These ten steps will help you define your adoption strategy, highlight key require- ments and make the right decisions about processes and business and technical controls. Read on to discover if your organisation is match-fit for cloud adoption. Scope Start by determining the scope of the task ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. 01 Why? Ask yourself why you’re migrating your chosen ap- plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. 02 Why not? List your top five 03 Review Review steps 1 to 3 and 04Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. Why not? List your top five concerns in relation to the objectives you’ve chosen. It’s likely these will be predominately security-related, but also consider factors such as availability, cost of migration, and additional resource needed. 03 Review Review steps 1 to 3 and ensure the objectives and concerns you’ve examined are directly relevant to the project scope. This will help you retain focus on what’s critical to your organisation. 04 Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. Why not? List your top five concerns in relation to the objectives you’ve chosen. It’s likely these will be predominately security-related, but also consider factors such as availability, cost of migration, and additional resource needed. 03 Review Review steps 1 to 3 and ensure the objectives and concerns you’ve examined are directly relevant to the project scope. This will help you retain focus on what’s critical to your organisation. 04
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS SUMMARY - Don’t assess criticality in detail. Understand at a high level the different levels of data within the scope. Take the whole application environment and apply the same criticality to estate. Save time, money and reduce complexity in design, implementation and operations.Assess criticality Next, assess the criticality of your assets. We recom- mend implementing a 1 to 3 score based on low, medium or high criticality, then assigning it at an ap- plication estate level. This will enable you to cate- gorise assets in batches. For example, a market analysis application estate might include fifteen individual assets, all of which can be covered by assigning them the same level of criticality. 05 06 Apply the 80 / 20 Principle It’s likely that 80% of your risk is generic across your estate and therefore, as all assets have the same criticality, they should be treated similarly. The remaining 20% is specific and bespoke to your cloud migration and requires more time and effort. By segmenting your assets into these two groups and applying the same level of security to each, you can safeguard all of your assets efficient- ly and cost-effectively. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling. Your game plan for secure cloud adoption. • Understand your application data Assess what data resides in your application environment based on Confidentiality, Integrity and Availability ratings. Use a scoring system which will aid this analysis. • Understand your selected criticality level Aggregate the ratings (ratings equal L, M or H) to an overall average rating and ensure that you understand why you have come to the overall rating. Review this to ensure that you are comfortable with this. • Assign an applicationwide criticality Once you have an overall criticality rating you need to assign the whole application this criticality rating. For example, if the overall rating is high then you will be designing, implementing and operating this application to a high level of security.
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS TEN SIMPLE STEPS SUMMARY - The 80 / 20 principle (from the BSI-IT Grundschutz) is about accepting that 80% of your risks and/or threats are generic across the company and in most cases across industries. The 20% is specific to your organisation and/or application. So instead of spending money performing a detailed risk assessment across your environment, implement the generic controls that cover 80% of your risk. 06 Apply the 80 / 20 Principle It’s likely that 80% of your risk is generic across your estate and therefore, as all assets have the same criticality, they should be treated similarly. The remaining 20% is specific and bespoke to your cloud migration and requires more time and effort. By segmenting your assets into these two groups and applying the same level of security to each, you can safeguard all of your assets efficient- ly and cost-effectively. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling. lan for d adoption. • Group your assets by type Grouping your assets by type (i.e., Windows servers group and Unix server group, etc) enables you to generically review these assets saving time and effort. • Determine the generic threats that are applicable Generically determine the threats that your assets may be exposed to. This should be based on a standard threat/risk framework (Use BSI IT Grundschutz / CSA CCM). • Identify the generic controls that are applicable Generically identify the controls that must be applied based on a standard control framework (Use BSI IT Grundschutz / CSA CCM).
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS TEN SIMPLE STEPS SUMMARY – You have identified the generic threats and now need to focus on the assets that you identified as specific. These are the assets that you believe are different or core that you wish to protect further. Carry out a risk assessment from these assets to ensure that the threats and necessary control measures are appropriate. Doing a small risk assessment instead of a large one has again reduced complexity, time and cost. • Identify the specific assets that need more protection Identify the assets that you believe are different and are not generic. They may be normal assets that you believe are core to your business and need further protection. • Determine the specific threats through a risk assessment Carry out a risk assessment to identify the additional threats / risks that you believe that these assets may be exposed to. This risk assessment is focused on a smaller scope, therefore reducing the cost, time and complexity us such an assessment. • Identify the specific controls required Identify the additional controls that are appropriate from the control framework such as CSA CCM, a regulatory or industry standard framework. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling.
WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS Engage and demand Now you’ve got a game plan, you’re ready to kick-off your cloud migra- tion. Equipped with the knowledge gained over the course of this process, you’re prepared to engage cloud service providers and demand the technical and process controls that are right for your organisation. 10 Choose solutions Next, match specific controls to your requirement. Not all of these will be technical and you may be able to overcome challenges with existing or new processes. Equally, new hires may be necessary. Before investing in people or technology, ensure these will enable you to deliver the spe- cific benefits identified within the scope of your project. 09 Define requirements Define your key security requirements based on the output of the threat modelling you’ve conducted. Firstly, ensure you can mitigate the 80% of generic security risks, but concentrate time and re- sources on guarding against the 20% of cloud-specific threats. 08 Learn how to implement these steps effectively by attending my presentation at
QUESTIONS? WWW.IACS-LLP.COM

Recomendados

Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Information Security Risk Management Overview
Information Security Risk Management OverviewInformation Security Risk Management Overview
Information Security Risk Management OverviewWesley Moore
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
 

Recomendados

Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Information Security Risk Management Overview
Information Security Risk Management OverviewInformation Security Risk Management Overview
Information Security Risk Management OverviewWesley Moore
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-FundamentalsGary Hayslip CISSP, CISA, CRISC, CCSK
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAmazon Web Services
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessGary Hayslip CISSP, CISA, CRISC, CCSK
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014Aladdin Dandis
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 

Mais conteúdo relacionado

Mais procurados

The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAmazon Web Services
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 

Mais procurados (20)

The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk management
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 

Destaque

Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
 
Info tech membership overview
Info tech membership overviewInfo tech membership overview
Info tech membership overviewDavid Xing
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeDavid Ochel
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Maxime CARPENTIER
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapWAJAHAT IQBAL
 
Burberry, The Digital Enterprise
Burberry, The Digital EnterpriseBurberry, The Digital Enterprise
Burberry, The Digital EnterpriseHelixa
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Enterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignEnterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignJoseph Schwartz
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Craig Martin
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
CIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyCIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyDatto
 
Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...
Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...
Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...Dion Hinchcliffe
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 

Destaque (17)

Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - Checklist
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
 
Info tech membership overview
Info tech membership overviewInfo tech membership overview
Info tech membership overview
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best Practice
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
 
Burberry, The Digital Enterprise
Burberry, The Digital EnterpriseBurberry, The Digital Enterprise
Burberry, The Digital Enterprise
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
Enterprise Cloud Operating Model Design
Enterprise Cloud Operating Model DesignEnterprise Cloud Operating Model Design
Enterprise Cloud Operating Model Design
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
CIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyCIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupify
 
Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...
Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...
Building Blocks for the Enterprise of the Digital Age | Enterprise Digital Su...
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 

Semelhante a Simplifying Security for Cloud Adoption - Defining your game plan

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWshyamuop
 
CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWshyamuopfive
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfMetaorange
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Selling Infosec to the CSuite
Selling Infosec to the CSuiteSelling Infosec to the CSuite
Selling Infosec to the CSuiteDave R. Taylor
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnedMichael King
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 

Semelhante a Simplifying Security for Cloud Adoption - Defining your game plan (20)

Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEW
 
CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEW
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's Guide
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan
 
Selling Infosec to the CSuite
Selling Infosec to the CSuiteSelling Infosec to the CSuite
Selling Infosec to the CSuite
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons Learned
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Simplifying Security for Cloud Adoption - Defining your game plan

  • 1. SIMPLIFYING SECURITY FOR CLOUD ADOPTION - DEFINING YOUR GAME PLAN With Mandeep Obhrai (CEO)
  • 2. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM WHO ARE IACS? WE ARE SECURITY EXPERTS THAT UNDERSTAND AND ENHANCE BUSINESSES. WE WORK WITH UK GOV AND COMMERICAL ORGS ON THEIR CLOUD ADOPTION AND SECURITY INITIATIVES. WE SUPPORT THE CSA EMEA TEAM AND BOARD. WE ARE CSA CCSK AND STAR CERTIFIED. CLOUD SECURITY CYBER SECURITY SECURITY and COMPLIANCE THREAT and VULNERABILITY SERVICES
  • 3. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM CHALLENGE AND RESPONSE CHALLENGE • Lots of guidance, advice, horror stories, reasons to move to the cloud and reasons not to move to the cloud! • Organisations get hung-up on myths, perception and other organisations’ stories, albeit good or bad. RESPONSE • Simple guidance to help you define YOUR ‘Game’ plan that fits your organisation to move to the cloud. • 10 simple and practical steps to ensure that you don’t overcomplicate the initiative.
  • 4. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS 01 Scope 02 Why? 03 Why Not? 04 Review 05 Assess Criticality 06 80 / 20 Principle 07 Threat Modelling 08 Define Requirements 09 Choose Solutions 10 Engage and Demand
  • 5. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS Next month at CSA Congress EMEA 2015, I’ll be explaining how to develop a winning cloud adoption game plan in detail and the checklist below highlights the key points forming the basis of my presentation. These ten steps will help you define your adoption strategy, highlight key require- ments and make the right decisions about processes and business and technical controls. Read on to discover if your organisation is match-fit for cloud adoption. Scope Start by determining the scope of the task ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. 01 Why? Ask yourself why you’re migrating your chosen ap- plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. 02 Why not? List your top five 03 Review Review steps 1 to 3 and 04 Next month at CSA Congress EMEA 2015, I’ll be explaining how to develop a winning cloud adoption game plan in detail and the checklist below highlights the key points forming the basis of my presentation. These ten steps will help you define your adoption strategy, highlight key require- ments and make the right decisions about processes and business and technical controls. Read on to discover if your organisation is match-fit for cloud adoption. Scope Start by determining the scope of the task ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. 01 Why? Ask yourself why you’re migrating your chosen ap- plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. 02 Why not? List your top five 03 Review Review steps 1 to 3 and 04Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. Why not? List your top five concerns in relation to the objectives you’ve chosen. It’s likely these will be predominately security-related, but also consider factors such as availability, cost of migration, and additional resource needed. 03 Review Review steps 1 to 3 and ensure the objectives and concerns you’ve examined are directly relevant to the project scope. This will help you retain focus on what’s critical to your organisation. 04 Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. Why not? List your top five concerns in relation to the objectives you’ve chosen. It’s likely these will be predominately security-related, but also consider factors such as availability, cost of migration, and additional resource needed. 03 Review Review steps 1 to 3 and ensure the objectives and concerns you’ve examined are directly relevant to the project scope. This will help you retain focus on what’s critical to your organisation. 04
  • 6. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS SUMMARY - Don’t assess criticality in detail. Understand at a high level the different levels of data within the scope. Take the whole application environment and apply the same criticality to estate. Save time, money and reduce complexity in design, implementation and operations.Assess criticality Next, assess the criticality of your assets. We recom- mend implementing a 1 to 3 score based on low, medium or high criticality, then assigning it at an ap- plication estate level. This will enable you to cate- gorise assets in batches. For example, a market analysis application estate might include fifteen individual assets, all of which can be covered by assigning them the same level of criticality. 05 06 Apply the 80 / 20 Principle It’s likely that 80% of your risk is generic across your estate and therefore, as all assets have the same criticality, they should be treated similarly. The remaining 20% is specific and bespoke to your cloud migration and requires more time and effort. By segmenting your assets into these two groups and applying the same level of security to each, you can safeguard all of your assets efficient- ly and cost-effectively. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling. Your game plan for secure cloud adoption. • Understand your application data Assess what data resides in your application environment based on Confidentiality, Integrity and Availability ratings. Use a scoring system which will aid this analysis. • Understand your selected criticality level Aggregate the ratings (ratings equal L, M or H) to an overall average rating and ensure that you understand why you have come to the overall rating. Review this to ensure that you are comfortable with this. • Assign an applicationwide criticality Once you have an overall criticality rating you need to assign the whole application this criticality rating. For example, if the overall rating is high then you will be designing, implementing and operating this application to a high level of security.
  • 7. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS TEN SIMPLE STEPS SUMMARY - The 80 / 20 principle (from the BSI-IT Grundschutz) is about accepting that 80% of your risks and/or threats are generic across the company and in most cases across industries. The 20% is specific to your organisation and/or application. So instead of spending money performing a detailed risk assessment across your environment, implement the generic controls that cover 80% of your risk. 06 Apply the 80 / 20 Principle It’s likely that 80% of your risk is generic across your estate and therefore, as all assets have the same criticality, they should be treated similarly. The remaining 20% is specific and bespoke to your cloud migration and requires more time and effort. By segmenting your assets into these two groups and applying the same level of security to each, you can safeguard all of your assets efficient- ly and cost-effectively. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling. lan for d adoption. • Group your assets by type Grouping your assets by type (i.e., Windows servers group and Unix server group, etc) enables you to generically review these assets saving time and effort. • Determine the generic threats that are applicable Generically determine the threats that your assets may be exposed to. This should be based on a standard threat/risk framework (Use BSI IT Grundschutz / CSA CCM). • Identify the generic controls that are applicable Generically identify the controls that must be applied based on a standard control framework (Use BSI IT Grundschutz / CSA CCM).
  • 8. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS TEN SIMPLE STEPS SUMMARY – You have identified the generic threats and now need to focus on the assets that you identified as specific. These are the assets that you believe are different or core that you wish to protect further. Carry out a risk assessment from these assets to ensure that the threats and necessary control measures are appropriate. Doing a small risk assessment instead of a large one has again reduced complexity, time and cost. • Identify the specific assets that need more protection Identify the assets that you believe are different and are not generic. They may be normal assets that you believe are core to your business and need further protection. • Determine the specific threats through a risk assessment Carry out a risk assessment to identify the additional threats / risks that you believe that these assets may be exposed to. This risk assessment is focused on a smaller scope, therefore reducing the cost, time and complexity us such an assessment. • Identify the specific controls required Identify the additional controls that are appropriate from the control framework such as CSA CCM, a regulatory or industry standard framework. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling.
  • 9. WHO WE ARE THE EXPERT SECURITY ADVISORS WWW.IACS-LLP.COM TEN SIMPLE STEPS Engage and demand Now you’ve got a game plan, you’re ready to kick-off your cloud migra- tion. Equipped with the knowledge gained over the course of this process, you’re prepared to engage cloud service providers and demand the technical and process controls that are right for your organisation. 10 Choose solutions Next, match specific controls to your requirement. Not all of these will be technical and you may be able to overcome challenges with existing or new processes. Equally, new hires may be necessary. Before investing in people or technology, ensure these will enable you to deliver the spe- cific benefits identified within the scope of your project. 09 Define requirements Define your key security requirements based on the output of the threat modelling you’ve conducted. Firstly, ensure you can mitigate the 80% of generic security risks, but concentrate time and re- sources on guarding against the 20% of cloud-specific threats. 08 Learn how to implement these steps effectively by attending my presentation at