Contenu connexe Similaire à IT Controls Cloud Webinar - ISACA (20) Plus de Ramsés Gallego (10) IT Controls Cloud Webinar - ISACA1. Urs Fischer
CISA, CRISC, CIA, CPA (Swiss)
Switzerland
Ramsés Gallego
CISM, CGEIT, CISSP, SCPM, CCSK, ITIL,
Six Sigma Black Belt
Chief Strategy Officer
Entelgy Security practice
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.
2. Compliance
Resilience Evidence gathering
Forensics Confidence
User Access Data Segregation
Virtualization
Architectures
Identity
Emerging
Recovery
Surety Isolation
Right to AuditTrust Privacy Web 2.0
Workflow
Dispute resolution
Traceability
Competitive Advantage
Data Location
Metrics Maturity Models
Web Services
Incident handling
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 2
3. What is Cloud?
The biggest evolution in technology that can have an impact
similar to the birth of the Internet
Number 1 on the list of ‘10 strategic technologies’ of all the
analysts
‘Unless you’ve been under a rock recently, you’ve probably heard
Cloud Computing as the next revolution in IT’ - CFO Magazine
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 3
4. What is Cloud?
A pay-as-you-go model for using applications,
development platforms and/or IT infrastructure
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 4
5. Definition of the model
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 5
6. Cloud domains
Cloud Architecture
Governing the Cloud
Governance and Enterprise Risk Management
Legal and Electronic Discovery
Compliance and Audit
Information Lifecycle Management
Portability and Interoperability
Security, Business Continuity and Disaster Recovery
Operating in the Cloud
Data Center Operations
Incident Response, Notification, Remediation
Application Security
Encryption and Key Management
Identity and Access Management
Virtualization
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 6
7. Cloud drivers
Optimized server utilization
Cost savings
Dynamic scalability
Shortened development lifecycle
Reduced time for implementation
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 7
8. Cloud Computing Challenges
Data location
Commingled data
Security policy/procedure transparency
Cloud data ownership
Lock-in with CSP’s propietary APIs
Record protection for forensic audits
Identity & Access Management
Screening of other cloud computing clients
Compliance requirements
Data erasure for current SaaS or PaaS applications
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 8
9. ISACA’s GEIT and Management Frameworks
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 9
10. ISACA’s GEIT and Management Frameworks
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 10
11. ISACA’s GEIT and Management Frameworks
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 11
12. ISACA’s GEIT and Management Frameworks
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 12
13. ISACA’s GEIT and Management Frameworks
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 13
18. Assurance in the Cloud
COBIT
AICPA Service Organization Control (SOC) Report
AICPA Trust Services (SysTrust and WebTrust)
ISO2700x
FedRAMP
NIST SP 800-53
Health Information Trust Alliance (HITRUST)
BITS
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 18
19. Assurance in the Cloud
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved. 19
21. THANK YOU
Urs Fischer
CISA, CRISC, CIA, CPA (Swiss)
Switzerland
Ramsés Gallego
CISM, CGEIT, CISSP, SCPM, CCSK, ITIL,
Six Sigma Black Belt
Chief Strategy Officer
Entelgy Security practice
2011 ISACA Webinar Program. © 2011 ISACA. All rights reserved.