We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDaniela Follett
Modified over 2 years ago
Cloud Risk Management 2012 October 3© Penelope Gordon 2012 Mary Beth Borgwing, Standish Risk Management Penelope Everall Gordon, 1Plug Corporation John Howie, Cloud Security Alliance Virginia “Ginny” Lee, Intel Corporation
2 Why Cloud Risk Management? Cloud Applications to reach $150B by 2013 Data Privacy and Security top risk for 21 st Century Enterprise needs remediation for loss of investment for stakeholders & partners Financial risk of data loss & security of intrusion need mitigation beyond SLA’s SEC and other regulation will require disclosure of loss and description of relevant insurance coverage by Enterprises into 2013 Risk Transfer Solutions and the race to provide them will be the next instantiation of the commerce of Cloud 2012 October 3© Penelope Gordon 2012
3 Identify: Look beyond the technology Assess: Determine costs of mitigating and not mitigating Balance: Weigh mitigation costs against benefits Mitigate: Implement risk reduction measures Risk Management Process 2012 October 3© Penelope Gordon 2012
4 What’s at risk? Where should we look for risk? Who’s responsible for identifying risks? How do the risks differ between private and public cloud? Are some forms of cloud riskier than others? How do the risks differ between traditional outsourcing / out-tasking and public cloud? Risk Not Just a Tech Issue 2012 October 3© Penelope Gordon 2012
5 What is threat and risk assessment? How do cloud and non-cloud IT risk assessment differ? Who should assess and how? What are common mistakes? How do you convince LoB execs and investors of assessment accuracy? Not All Outages Are Equal 2012 October 3© Penelope Gordon 2012
6 What are the most common methods for buyers to mitigate risk? The most promising? What are the most common methods for vendors and providers to mitigate risk? The most promising? How do you evaluate the costs of mitigation? How should you account for your supplier’s mitigation costs? TCO of Security 2012 October 3© Penelope Gordon 2012
7 What should you consider in prioritizing risks? What is “acceptable risk” and how do you sell that to your stakeholders and/or buyers? How can you create a mutually beneficial transaction between buyer/consumer and vendor/provider? Do You Really Want 5 9s? 2012 October 3© Penelope Gordon 2012
8 Who should monitor and report on realized threats and/or mitigation outcomes? What should trigger a report? What do you need to do to get compensated for a realized threat? How and when should you refine your risk management strategy? Monitoring Risk Mitigation 2012 October 3© Penelope Gordon 2012
9 Contacts Mary Beth Borgwing, Standish Risk Management MaryBeth.Borgwing@StandishCorp.com Katalin Bartfai-Walcott, Intel Corporation email@example.com Penelope Everall Gordon, 1Plug Corporation firstname.lastname@example.org John Howie, Cloud Security Alliance email@example.com Virginia “Ginny” Lee, Intel Corporation firstname.lastname@example.org 2012 October 3© Penelope Gordon 2012
10 Backup 2012 October 3© Penelope Gordon 2012
11 A patchwork of agreements necessary to cover risk Terms of Service, SLAs, etc. Depends on the Service model and type of application Data location and Global Implications Transferring data internationally has obligations Cyber Risk Insurance – one size does not fit all Data Breach coverage Legal Risk Mitigation 2012 October 3© Penelope Gordon 2012
12 2012 October 3© Penelope Gordon 2012
Mark Estberg, John Howie Senior Directors Microsoft Corporation SESSION CODE: SIA317.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Options appraisal, the business case & procurement
Risk Management for Small & Medium Sized Enterprises
AUGUST 25, 2015 Cyber Insurance:
© 2012 Northern Trust Corporation Presented by: The Northern Trust Company Elizabeth V. Hasten,CTP Windy City Summit CTP Review Chapter 11 ServiceExpertiseIntegrity.
THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.
WORLD BANK AMFA – Investors Fair Good Practices for Consumer Protection in Financial Services Baku, 7 October 2009 Juan Carlos Izaguirre Consultant Consumer.
Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP.
Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data Landscape has Changed Attitudes about Big Data PII, Anonymous,
The printing drain… 60% of SMBs rely on printing 50% say colour volumes growing 60% say consumables expenditure growing.
Page 1 Recording of this session via any media type is strictly prohibited. Page 1 The Cloud: A Necessary Risk for Business.
Robert Gregg CEO ID Experts
Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.
Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.
Hot Topics in Technology Transactions Presented by: Robert J. Scott
10/19/2015 / 1 Electronic Commerce Branch UNCTAD - United Nations Conference on Trade and Development Dr. Susanne Teltscher United.
Emerging Issues in Board Evaluation Calvin Nyachoti Institute of Certified Public Secretaries of Kenya.
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
© 2003 DelCreo, Inc. All rights reserved. | U.S. Toll-free 866.DELCREO | International 001/ |
New A.M. Best Cyber Questionnaire
Citi REO Strategy & Community Relations September 15, 2009.
Workshop on Pensions April 22-24,2013 in Canberra Sayako Konno Financial Statistics Group Economic Statistics Division Research and Statistics Department.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Route to Buyout – Preparation is Key MetLife Assurance Limited – A specialist in pension risk management.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Business Case Template for Significant In-Housing of CSS CSS Market Development Team, Feb 2014.
Chapter 13: Data Security & Disaster Recovery Database Management Systems.
©2009, The McGraw-Hill Companies, All Rights Reserved Chapter One Introduction.
Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
New Product Innovation National Correctional Industries Association Enterprise 2004 March 23, 2004.
Lecture 31. Chapter 20 Understanding Financial And Risk Management.
Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Business insurance. Risk management Who is a key person ? What is business succession planning ? What role does your financial adviser play ?
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
©CourseCollege.com 1 16 Long Term Debt Long term debt - liabilities with due dates greater than one year. Learning Objectives 1.Explain accounting for.
Learn with us. Improve with us. Influence with us | Social sector size criteria Supporting tenants who want to move.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.
Chapter 16: Managing Risk in an Organization
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
UN Guiding Principles on Business and Human Rights
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Chapter 11: Financial Markets Section 1
Cyber Risk Management and Insurance Risks and Rewards Presented by – Jennifer Soper, National Casualty Director, Northbridge.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
© 2017 SlidePlayer.com Inc. All rights reserved.