SlideShare une entreprise Scribd logo

CAMM presentation for Cyber Security Gas and Oil june 2011

Télécharger en tant que PPTX, PDF
Vladimir Jirasek
Vladimir Jirasek

Let's talk about Cloud security, its challenges and how CAMM can help in managing supply chain assurance.

TechnologieBusiness
1  sur  10
Managing risks in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 1 Vladimir Jirasek CAMM Steering Group Twitter @vjirasek
People do not fully trust The Cloud People say that they are concerned that their information is not secure in The Cloud
Is the Cloud Secure? 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 3 Can be as secure as any other IT system Depends on the model chosen Understand the responsibilities All eggs in one basket is the real question Implicit trust on provider Exit and lock-in
Problem to be solved – trust in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 4 Suppliers for the cloud provider Your business Your cloud provider End to end assurance
What a CIO want 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 5 Provider A Provider B Maturity levels feed into a supplier selection process
19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 6 CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
Overall structure of CAMM components 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 7 TPAC Final maturity scores Mapping to other standards Free GRC app Scoring model Non CAMM audit results Maturityscores Weightingframework WorkBench App Audited controls Controls framework Auditors
Utilize your current investmentto an another standard e.g. ISO The Statement Of Applicability (SOA) of source standard is used as a baseline for translation CAMM Guidance documents will help auditors with ”yellow” area intepretations 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 8 Souce standard Target standard e.g. ISO 2700x SOA CAMM Translate Not implemented > to be CAMM audited Auditor intepretation of applicability 1=1 applicable, no need of intepretation
Stakeholders Consumers – Can form trust relationship based on understantable facts Companies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customers Governents – Canhavemore confidence in corporategovernance to remove barriers from global single e-markets Service Providers & Consultancies – Can buildcompetences to achieve the target Industry Associations – can excel in defining harmonized model implementations Consumer Government CAM Commitee
Progress It is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011. The following details the key milestones: Major client, standards and service provider organisations engaged Development of framework and appropriate weighting mechanism underway Development of the framework Control framework created and reviewed Scoring model created Development of the guidance Guidance material to be completed by end of October 2011 Pilot Pilot with major organisation planned for summer 2011 Development of Free GRC tool Major GRC vendor engaged to ad CAMM module

Recommandé

Evolution of Corporate Access Technologies
Evolution of Corporate Access TechnologiesEvolution of Corporate Access Technologies
Evolution of Corporate Access Technologies
Jeffrey Tha
 
Evolution of Corporate Access Technology
Evolution of Corporate Access TechnologyEvolution of Corporate Access Technology
Evolution of Corporate Access Technology
Moriah Shilton
 
UK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin ThompsonUK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin Thompson
Victoria Kealy
 
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Directorate for Financial and Enterprise Affairs
 
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
OECD Directorate for Financial and Enterprise Affairs
 
Data Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionData Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
OECD Directorate for Financial and Enterprise Affairs
 
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Funseam - Fundación para la Sostenibilidad Energética y Ambiental
 

Recommandé

Evolution of Corporate Access Technologies
Evolution of Corporate Access TechnologiesEvolution of Corporate Access Technologies
Evolution of Corporate Access Technologies
Jeffrey Tha
 
Evolution of Corporate Access Technology
Evolution of Corporate Access TechnologyEvolution of Corporate Access Technology
Evolution of Corporate Access Technology
Moriah Shilton
 
UK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin ThompsonUK Conference 2018_Software support and maintenance survey - Martin Thompson
UK Conference 2018_Software support and maintenance survey - Martin Thompson
Victoria Kealy
 
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Corporate Anti-Corruption Compliance Drivers, Ideas, and Mechanisms for ...
OECD Directorate for Financial and Enterprise Affairs
 
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
Radical Innovation in the Electricity Sector – UK CMA – June 2017 OECD discus...
OECD Directorate for Financial and Enterprise Affairs
 
Data Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionData Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
News Media and Digital Platforms – OECD Secretariat – December 2021 OECD disc...
OECD Directorate for Financial and Enterprise Affairs
 
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Smart Regulation for the Energy Sector Challenges - 6th World Forum on Energy...
Funseam - Fundación para la Sostenibilidad Energética y Ambiental
 
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
Vladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
Vladimir Jirasek
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
Vladimir Jirasek
 
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationSolent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Nine23Ltd
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
Vladimir Jirasek
 
Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)
3G4G
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
Positive Hack Days
 
Hotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesHotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and Challenges
Dr. Mazlan Abbas
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
aliirfan04
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
Assespro Nacional
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
Christophe Monnier
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment Overview
Alan McSweeney
 
Cloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsCloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projects
IBM India Smarter Computing
 
Scalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and complianceScalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and compliance
Peter HJ van Eijk
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
EuroCloud
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
EuroCloud
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]
Scott Satterwhite
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
IBM
 

Contenu connexe

En vedette

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
Vladimir Jirasek
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
Vladimir Jirasek
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
Positive Hack Days
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

En vedette (13)

ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir JirasekISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
ISE UK&Ireland 2008 Showcase Nominee Presentation Vladimir Jirasek
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
 
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS PresentationSolent Cyber Security Cluster Event 2, ACE/UoS Presentation
Solent Cyber Security Cluster Event 2, ACE/UoS Presentation
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)Summary of Network Security Conference (#NetworkSecurity)
Summary of Network Security Conference (#NetworkSecurity)
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
 
Hotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and ChallengesHotspot 2.0 - Concept and Challenges
Hotspot 2.0 - Concept and Challenges
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similaire à CAMM presentation for Cyber Security Gas and Oil june 2011

[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
Assespro Nacional
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment Overview
Alan McSweeney
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
EuroCloud
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
EuroCloud
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
Christophe Monnier
 
Xuber4London
Xuber4LondonXuber4London
Xuber4London
Xuber
 

Similaire à CAMM presentation for Cyber Security Gas and Oil june 2011 (20)

[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
[CompTIA] 4th Annual Trends in Cloud Computing - Full Report
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
Pmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment OverviewPmi, Opm3 And Cmmi Assessment Overview
Pmi, Opm3 And Cmmi Assessment Overview
 
Cloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projectsCloud computing insights from110 implementation projects
Cloud computing insights from110 implementation projects
 
Scalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and complianceScalable cloud governance, risk management and compliance
Scalable cloud governance, risk management and compliance
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
 
Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014Qumas Collaboration to Innovation Quality QMS PIMS 2014
Qumas Collaboration to Innovation Quality QMS PIMS 2014
 
SLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 IntroductionSLALOM Project Legal Webinar Introduction 20151019 Introduction
SLALOM Project Legal Webinar Introduction 20151019 Introduction
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
A perspective on the future of cloud market interxion
A perspective on the future of cloud market interxionA perspective on the future of cloud market interxion
A perspective on the future of cloud market interxion
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
 
Cloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A PerspectiveCloud Adoption in Capital Markets: A Perspective
Cloud Adoption in Capital Markets: A Perspective
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
Requirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutionsRequirements management and IBM Rational Jazz solutions
Requirements management and IBM Rational Jazz solutions
 
Xuber4London
Xuber4LondonXuber4London
Xuber4London
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
 
Business Model Transformation
Business Model TransformationBusiness Model Transformation
Business Model Transformation
 

Plus de Vladimir Jirasek

2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
Vladimir Jirasek
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
Vladimir Jirasek
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
Vladimir Jirasek
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
Vladimir Jirasek
 

Plus de Vladimir Jirasek (11)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Vulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London GatheringVulnerability Management @ DevSecOps London Gathering
Vulnerability Management @ DevSecOps London Gathering
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
Security architecture for LSE 2009
Security architecture for LSE 2009Security architecture for LSE 2009
Security architecture for LSE 2009
 
Information Risk Security model and metrics
Information Risk Security model and metricsInformation Risk Security model and metrics
Information Risk Security model and metrics
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Securing mobile population for White Hats
Securing mobile population for White HatsSecuring mobile population for White Hats
Securing mobile population for White Hats
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Federation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single IdentityFederation For The Cloud Opportunities For A Single Identity
Federation For The Cloud Opportunities For A Single Identity
 

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

CAMM presentation for Cyber Security Gas and Oil june 2011

  • 1. Managing risks in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 1 Vladimir Jirasek CAMM Steering Group Twitter @vjirasek
  • 2. People do not fully trust The Cloud People say that they are concerned that their information is not secure in The Cloud
  • 3. Is the Cloud Secure? 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 3 Can be as secure as any other IT system Depends on the model chosen Understand the responsibilities All eggs in one basket is the real question Implicit trust on provider Exit and lock-in
  • 4. Problem to be solved – trust in the supply chain 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 4 Suppliers for the cloud provider Your business Your cloud provider End to end assurance
  • 5. What a CIO want 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 5 Provider A Provider B Maturity levels feed into a supplier selection process
  • 6. 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 6 CAMM MISSIONProvide an objective framework to transparently rate and benchmark the capability of a selected solution to deliver information assurance maturity across the supply chain
  • 7. Overall structure of CAMM components 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 7 TPAC Final maturity scores Mapping to other standards Free GRC app Scoring model Non CAMM audit results Maturityscores Weightingframework WorkBench App Audited controls Controls framework Auditors
  • 8. Utilize your current investmentto an another standard e.g. ISO The Statement Of Applicability (SOA) of source standard is used as a baseline for translation CAMM Guidance documents will help auditors with ”yellow” area intepretations 19 June, 2011 Common Assurance Maturity Model Common-Assurance.com 8 Souce standard Target standard e.g. ISO 2700x SOA CAMM Translate Not implemented > to be CAMM audited Auditor intepretation of applicability 1=1 applicable, no need of intepretation
  • 9. Stakeholders Consumers – Can form trust relationship based on understantable facts Companies – Can form trustworthy supply chains to provide real trustworthiness to consumers & other customers Governents – Canhavemore confidence in corporategovernance to remove barriers from global single e-markets Service Providers & Consultancies – Can buildcompetences to achieve the target Industry Associations – can excel in defining harmonized model implementations Consumer Government CAM Commitee
  • 10. Progress It is anticipated for the initial set of COMMON controls and associated guidance to be completed by Q4 2011. The following details the key milestones: Major client, standards and service provider organisations engaged Development of framework and appropriate weighting mechanism underway Development of the framework Control framework created and reviewed Scoring model created Development of the guidance Guidance material to be completed by end of October 2011 Pilot Pilot with major organisation planned for summer 2011 Development of Free GRC tool Major GRC vendor engaged to ad CAMM module

Notes de l'éditeur

  1. Security very important issue to peopleBut look at other areas – vendor lock-inAt the same time business teams (marketing) go to cloud services with their credit cards – as IT is tooooo slow
  2. Picture kindly taken from a Microsoft presentationProbably more secure than your local IT – but how to measure thatRisk cannot be outsourced to cloud – so how to measure what the riks with the cloud provider, type and delivery model isIf I use IaaS I still am responsibel for application mangement and potentially OS management