SlideShare uma empresa Scribd logo

IT Controls Cloud Webinar - ISACA

Ramsés Gallego
Ramsés Gallego

The document discusses cloud computing. It defines cloud computing as a pay-as-you-go model for using applications, development platforms, and IT infrastructure. It outlines some of the key domains in cloud computing including architecture, governance, compliance, security, and operations. It also discusses some of the key drivers and challenges of cloud computing. Finally, it discusses frameworks that can be used for assurance in the cloud such as COBIT, SOC reports, ISO27001, and others.

TecnologiaNegócios
1 de 21
Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
Compliance Resilience Evidence gathering Forensics Confidence User Access Data Segregation Virtualization Architectures Identity Emerging Recovery Surety Isolation Right to AuditTrust Privacy Web 2.0 Workflow Dispute resolution Traceability Competitive Advantage Data Location Metrics Maturity Models Web Services Incident handling 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 2
What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts ‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 3
What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 4
Definition of the model 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 5
Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 6
Cloud drivers Optimized server utilization Cost savings Dynamic scalability Shortened development lifecycle Reduced time for implementation 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 7
Cloud Computing Challenges Data location Commingled data Security policy/procedure transparency Cloud data ownership Lock-in with CSP’s propietary APIs Record protection for forensic audits Identity & Access Management Screening of other cloud computing clients Compliance requirements Data erasure for current SaaS or PaaS applications 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 8
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 9
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 10
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 11
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 12
ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 13
Business drives IT... and Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 14
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 15
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 16
Linking Business Goals to IT Goals 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 17
Assurance in the Cloud COBIT AICPA Service Organization Control (SOC) Report AICPA Trust Services (SysTrust and WebTrust) ISO2700x FedRAMP NIST SP 800-53 Health Information Trust Alliance (HITRUST) BITS 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 18
Assurance in the Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 19
Resources available 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 20
THANK YOU Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.

Recomendados

The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect StormRamsés Gallego
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overviewdataplex systems limited
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
dataplex company presentation
dataplex company presentationdataplex company presentation
dataplex company presentationdataplex systems limited
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelOpen Data Center Alliance
 

Recomendados

The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect StormRamsés Gallego
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
Dataplex Company Overview
Dataplex Company OverviewDataplex Company Overview
Dataplex Company Overviewdataplex systems limited
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
dataplex company presentation
dataplex company presentationdataplex company presentation
dataplex company presentationdataplex systems limited
 
Accelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelAccelerating the Speed of Innovation - Jason Waxman, Intel
Accelerating the Speed of Innovation - Jason Waxman, IntelOpen Data Center Alliance
 
Umesh R Sharma
Umesh R SharmaUmesh R Sharma
Umesh R SharmaUmesh Sharma
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011IBM Sverige
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesBhavesh Bhagat, CGEIT, CISM (LION)
 
NJVC Brochure
NJVC BrochureNJVC Brochure
NJVC BrochureSpencer Nelson
 
Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Hellenic Professionals Informatics Society
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ecLilian Schaffer
 
Get your house on order
Get your house on orderGet your house on order
Get your house on orderDekkinga, Ewout
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
 
MitKat Ad
MitKat AdMitKat Ad
MitKat Admanojajgaonkar
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate PresentationParth Agrawal
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix PitchAshok Dandu
 
Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Rakesh Kumar
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric OverviewCenturic
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1CloudExpoEurope
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 

Mais conteúdo relacionado

Mais procurados

The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011IBM Sverige
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingSam Garforth
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesBhavesh Bhagat, CGEIT, CISM (LION)
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:HyTrust
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate PresentationParth Agrawal
 
Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Rakesh Kumar
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric OverviewCenturic
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 

Mais procurados (19)

Umesh R Sharma
Umesh R SharmaUmesh R Sharma
Umesh R Sharma
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRC
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
 
Unleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud ComputingUnleash Business Innovation with the Next Generation of Cloud Computing
Unleash Business Innovation with the Next Generation of Cloud Computing
 
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar SeriesDemystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
Demystifying Cloud Contracts And SLAs- ConfidentNOW Webinar Series
 
NJVC Brochure
NJVC BrochureNJVC Brochure
NJVC Brochure
 
Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11Sukhbir jasuja digital_trends_11
Sukhbir jasuja digital_trends_11
 
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ec
 
Get your house on order
Get your house on orderGet your house on order
Get your house on order
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
 
MitKat Ad
MitKat AdMitKat Ad
MitKat Ad
 
Avensus Corporate Presentation
Avensus Corporate PresentationAvensus Corporate Presentation
Avensus Corporate Presentation
 
Fix nix Pitch
Fix nix PitchFix nix Pitch
Fix nix Pitch
 
Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)Veeras_Infotek_Corporate (2)
Veeras_Infotek_Corporate (2)
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric Overview
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 

Semelhante a IT Controls Cloud Webinar - ISACA

Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1CloudExpoEurope
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printMarc Vael
 
Cloud conference & expo presentation
Cloud conference & expo presentationCloud conference & expo presentation
Cloud conference & expo presentationTelstra
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Netapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your CloudNetapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your CloudGlobal Business Events
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextMicrosoft Norge AS
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco Public Relations
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)Cloudera, Inc.
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in CloudLenin Aboagye
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntelAPAC
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 

Semelhante a IT Controls Cloud Webinar - ISACA (20)

Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Isaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) printIsaca india trust & value from cloud computing (aug 2011) print
Isaca india trust & value from cloud computing (aug 2011) print
 
Antonio piraino v1
Antonio piraino v1Antonio piraino v1
Antonio piraino v1
 
Cloud conference & expo presentation
Cloud conference & expo presentationCloud conference & expo presentation
Cloud conference & expo presentation
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Netapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your CloudNetapp - An Agile Data Infrastructure to Power Your Cloud
Netapp - An Agile Data Infrastructure to Power Your Cloud
 
Service Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustextService Manager Cloud Seminar introcustext
Service Manager Cloud Seminar introcustext
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)The Vortex of Change - Digital Transformation (Presented by Intel)
The Vortex of Change - Digital Transformation (Presented by Intel)
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Enterprise Security in Cloud
Enterprise Security in CloudEnterprise Security in Cloud
Enterprise Security in Cloud
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
Intel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentationIntel Cloud Summit ODCA - NAB Customer presentation
Intel Cloud Summit ODCA - NAB Customer presentation
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 

Mais de Ramsés Gallego

ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011Ramsés Gallego
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service ManagementRamsés Gallego
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & MythsRamsés Gallego
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoRamsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_GallegoRamsés Gallego
 

Mais de Ramsés Gallego (10)

ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service Management
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & Myths
 
Malware mitigation
Malware mitigationMalware mitigation
Malware mitigation
 
DLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés GallegoDLP - Network Security Conference_ Ramsés Gallego
DLP - Network Security Conference_ Ramsés Gallego
 
e-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallegoe-Symposium_ISACA_Ramsés_Gallego
e-Symposium_ISACA_Ramsés_Gallego
 
Entel SSO
Entel SSOEntel SSO
Entel SSO
 
Entel DLP
Entel DLPEntel DLP
Entel DLP
 
Entel S&RM
Entel S&RMEntel S&RM
Entel S&RM
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

IT Controls Cloud Webinar - ISACA

  • 1. Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
  • 2. Compliance Resilience Evidence gathering Forensics Confidence User Access Data Segregation Virtualization Architectures Identity Emerging Recovery Surety Isolation Right to AuditTrust Privacy Web 2.0 Workflow Dispute resolution Traceability Competitive Advantage Data Location Metrics Maturity Models Web Services Incident handling 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 2
  • 3. What is Cloud? The biggest evolution in technology that can have an impact similar to the birth of the Internet Number 1 on the list of ‘10 strategic technologies’ of all the analysts ‘Unless you’ve been under a rock recently, you’ve probably heard Cloud Computing as the next revolution in IT’ - CFO Magazine 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 3
  • 4. What is Cloud? A pay-as-you-go model for using applications, development platforms and/or IT infrastructure 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 4
  • 5. Definition of the model 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 5
  • 6. Cloud domains Cloud Architecture Governing the Cloud Governance and Enterprise Risk Management Legal and Electronic Discovery Compliance and Audit Information Lifecycle Management Portability and Interoperability Security, Business Continuity and Disaster Recovery Operating in the Cloud Data Center Operations Incident Response, Notification, Remediation Application Security Encryption and Key Management Identity and Access Management Virtualization 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 6
  • 7. Cloud drivers Optimized server utilization Cost savings Dynamic scalability Shortened development lifecycle Reduced time for implementation 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 7
  • 8. Cloud Computing Challenges Data location Commingled data Security policy/procedure transparency Cloud data ownership Lock-in with CSP’s propietary APIs Record protection for forensic audits Identity & Access Management Screening of other cloud computing clients Compliance requirements Data erasure for current SaaS or PaaS applications 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 8
  • 9. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 9
  • 10. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 10
  • 11. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 11
  • 12. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 12
  • 13. ISACA’s GEIT and Management Frameworks 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 13
  • 14. Business drives IT... and Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 14
  • 15. 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 15
  • 16. 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 16
  • 17. Linking Business Goals to IT Goals 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 17
  • 18. Assurance in the Cloud COBIT AICPA Service Organization Control (SOC) Report AICPA Trust Services (SysTrust and WebTrust) ISO2700x FedRAMP NIST SP 800-53 Health Information Trust Alliance (HITRUST) BITS 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 18
  • 19. Assurance in the Cloud 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 19
  • 20. Resources available 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 20
  • 21. THANK YOU Urs Fischer CISA, CRISC, CIA, CPA (Swiss) Switzerland Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, Six Sigma Black Belt Chief Strategy Officer Entelgy Security practice 2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.