Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP.

Published byMelanie Knight Modified over 8 years ago

Similar presentations

Presentation on theme: "Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP."— Presentation transcript:

1 Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP

2 About Me … Jason Smith, CISSP IT Security and Compliance Consultant Internetwork Engineering Dutch Oven Cobbler maker

3 What is this “Cloud” that you speak of? http://www.contrib.andrew.cmu.edu/~aishah/CC.html

4 Cloud Benefits $$$$$ http://www.outsidethebeltway.com/

5 Cloud Risks $$$$$$

6

7 What is the new “Normal”? Your network has changed! Has your regulatory scope changed? Who has responsibility for the network? Does your documentation reflect the “new normal”? How about access control?

8 Mitigate Early! Reference your last audit or assessment and work with the solution provider or a 3 rd party specialist to understand what if anything may have changed or will change. Perform a risk assessment against the Pre-Build documents from the solution provider. Plan for a Penetration Test Will the provider have access to the data or the systems? What are their processes and procedures? Do you now have web facing servers?

9 Trust, but verify. Risk and Vulnerability assessment. Do a Vulnerability Assessment Do a Risk Assessment Discuss the patching and mitigation responsibilities with your cloud provider. Penetration Testing Required for PCI and some other regulations Should be conducted at least annually Liability and Legality

10 Time to get some help Consider engaging a 3 rd party consultant to assist with compliance and security concerns. Budget for 3 rd party professional services in the transition project Know what you need: Assessments Routine Process development Road Map

11 Questions? Jason Smith, CISSP IT Security and Compliance Consultant Internetwork Engineering jsmith@ineteng.com

Download ppt "Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP."

Similar presentations

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.

.. PCI Payment Card Industry Compliance October 2012 Presented By: Jason P. Rusch.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
The FireHost Payment Island ™ A Layered Explanation.

The FireHost Payment Island ™ A Layered Explanation.
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
Module 2 – PenTest Overview

Module 2 – PenTest Overview
Audit file reviews ordered by ACCA Audit file review orders Key features Basis of ACCA’s audit file assessment Guidance for firms (and “hot” reviewers)

Audit file reviews ordered by ACCA Audit file review orders Key features Basis of ACCA’s audit file assessment Guidance for firms (and “hot” reviewers)
EMS Auditing Definitions

EMS Auditing Definitions
NAIC Review of ERM & Internal Controls David Altmaier Florida Office of Insurance Regulation.

NAIC Review of ERM & Internal Controls David Altmaier Florida Office of Insurance Regulation.
The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1.

The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1.
MasterCard Site Data Protection Program Program Alignment.

MasterCard Site Data Protection Program Program Alignment.
Measure what matters – to build stronger financial performance and to achieve financial stability under OFR Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

Measure what matters – to build stronger financial performance and to achieve financial stability under OFR Peter Scott Peter Scott Consulting
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.
How to Gain Comfort in Losing Control to the Cloud Randolph Barr CSO - Qualys, Inc SourceBoston, 23. April 2010.

How to Gain Comfort in Losing Control to the Cloud Randolph Barr CSO - Qualys, Inc SourceBoston, 23. April 2010.
Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.

Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Fundamental Auditing Concepts. Materiality Evidence Independence Audit risk IS and general audit responsibilities for fraud Assurance.

Fundamental Auditing Concepts. Materiality Evidence Independence Audit risk IS and general audit responsibilities for fraud Assurance.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA 20170-4227 Phone: (703)742-8877 | FAX: (703)742-7200 www.systemsandsoftware.org Best.

Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.

Similar presentations

Ads by Google