Secure Cloud Solutions Open Government Forum Abu Dhabi 28-30 April 2014 Karl Chambers CISSP PMP President/CEO Diligent eSecurity International.

Slides:

Advertisements

Similar presentations

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.

A Federated Approach to Systems Management Todd Nugent Mike Huffstatler Sr. Product Specialist Systems Engineer.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Capabilities Briefing

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.

Nathan Lasnoski. This roadmap will suggest significant changes for Johnson Controls in the forms of process and technology deliverables. The key deliverables.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Dell Connected Security Solutions Simplify & unify.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Time lag between discovering issue and resolving Difficult to find solutions and patches that can help resolve issue Service outages expensive and.

Infrastructure Security Leveraging the ITS Experience Base Presented at ITS America Commercial Vehicle and Mobility Forum K.K Saxena, CCP Principal Kimley-Horn.

State Data Center Oregon Consumer Identity Theft Protection Act Information Forum October 31, 2007.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Network security Product Group 2 McAfee Network Security Platform.

© 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security Worldgate Drive, Suite 500 Herndon, Virginia

APolicy EASy Security Project Analysis and Recommendations for TJX Companies, Inc.

1 What does Cybersecurity Risk Management at UW-Madison look like? Initiate DesignImplement Operate & Maintain Operate it Securely Build it Right RMF Categorize.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ John Crupi, CTO Rick Smith, Cyber Consultant.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Kevin Watson and Ammar Ammar IT Asset Visibility.

Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

Tool Support for Testing

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Your Partner for Superior Cybersecurity

Agenda Enterprise Situational Awareness Active Defense

Your security risk is higher than ever.

Automating Security Frameworks

Hybrid Management and Security

Leverage What’s Out There

Reduce Security Risks to Protect Your Network

I have many checklists: how do I get started with cyber security?

Securing Your Digital Transformation

Healthcare Cloud Security Stack for Microsoft Azure

Shifting from “Incident” to “Continuous” Response

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

An Urgent National Imperative

Healthcare Cloud Security Stack for Microsoft Azure

Healthcare Cloud Security Stack for Microsoft Azure

Healthcare Cloud Security Stack for Microsoft Azure

TrinityIoT Premises Monitoring.

Nenad Stefanovic and Danijela Milosevic

Healthcare Cloud Security Stack for Microsoft Azure

Healthcare Cloud Security Stack for Microsoft Azure

Remedy Integration Strategy Leverage the power of the industry’s leading service management solution via open APIs February 2018.

IT Management Services Infrastructure Services

Presentation transcript:

Secure Cloud Solutions Open Government Forum Abu Dhabi April 2014 Karl Chambers CISSP PMP President/CEO Diligent eSecurity International

The e-Government Challenge Securely delivering high-quality digital government information and services utilizing cloud IT solutions: Anywhere Anytime On any device

Three Key Principles to a Secure Cloud Solution Design and Build it Securely Operate it Securely Always Encrypted Data

Design and Build it Securely Using Cloud Risk Management Framework (CRMF) Federal Risk and Authorization Management Program (FedRAMP)

Design and Build it Securely Using Cloud Risk Management Framework (CRMF) Step 1:Categorize the Cloud Solution Step 2: Identify Security Controls to Protect the Cloud Solution Step 3: Implement the Selected Security Controls in the Cloud Security Architecture Step 4: Assess the Security Controls of the Cloud Solution using the FedRAMP process Step 5: Authorize the use of the Cloud Solution Step 6: Monitor the Cloud Solution Continually

Design and Build it Securely Using Federal Risk and Authorization Management Program (FedRAMP)

Three Key Principles to a Secure Cloud Solution Design and Build it Securely Operate it Securely Always Encrypted Data

Operate it Securely Using Automated Continuous Security Monitoring Automated Continuous Security Monitoring is a risk management approach to Cybersecurity that: Maintains a picture of an organization’s security posture Provides continuous visibility into information assets Leverages use of automated data feeds and data analytics Monitors effectiveness of security controls Enable prioritization of remedies.

Automated Continuous Security Monitoring (ACSM) Case Study – US Department of State ACSM Tool: Analytics and Continuous monitoring Engine (ACE) solution from Virtustream ACE receives and analyzes continuous inputs from: Asset Management Vulnerability Scanners Patch Management Event Management Incident Management Malware Detection Configuration Management Network Management License Management Information Management Software Management ACE provides continuous risk updates to management dashboard.

Three Key Principles to a Secure Cloud Solution Design and Build it Securely Operate it Securely Always Encrypted Data

In transit between systems and locations Stored in the cloud

Questions Karl Chambers PMP CISSP President/CEO Diligent eSecurity International, Inc Airport Road Suite 233 Atlanta, Ga