Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy - - PowerPoint PPT Presentation

vancouver secsig isc 2 and issa vancouver chapters it s a
SMART_READER_LITE
LIVE PREVIEW

Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy - - PowerPoint PPT Presentation

Mar 19, 2024 28 likes •180 views

Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy Day British Columbia January 2 1 , 2 0 1 5 Welcome Agenda Time Topic Speaker 8:30 8:45 Welcome & Review Days Agenda Glen Bruce 8:45 9:15 ISO 27000

slide-1
SLIDE 1

Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters It’s a Cloudy Day

January 2 1 , 2 0 1 5

British Columbia

slide-2
SLIDE 2

Welcome

slide-3
SLIDE 3

Agenda

3 Time Topic Speaker 8:30 – 8:45 Welcome & Review Day’s Agenda Glen Bruce 8:45 – 9:15 ISO 27000 standards overview and Update Glen Bruce 9:15 – 10:30 ISO Cloud Security Standards Eva Kuiper 10:30 – 11:00 Coffee Break 11:00 – 12:00 Cloud Security Certification Glen Bruce 12:00 – 1:00 Lunch Break – Sponsored by Deloitte 1:00 – 2:00 Feeling Security in the Cloud Alvin Madar 2:00 – 3:00 Cloud Considerations: A Developer’s Point of View Imraj Pasricha 3:00 – 3:30 Coffee Break 3:30 – 5:00 Panel Discussion – Current and Future State of Cloud Security Eric Paynter, Chester Wisniewski, Joost Houwen, Orvin Lau 5:00 Wrap up

slide-4
SLIDE 4

Agenda

4 Time Topic Speaker 8:30 – 8:45 Welcome & Review Day’s Agenda Glen Bruce 8:45 – 9:15 ISO 27000 standards overview and Update Glen Bruce 9:15 – 10:30 ISO Cloud Security Standards Eva Kuiper 10:30 – 11:00 Coffee Break 11:00 – 12:00 Cloud Security Certification Glen Bruce 12:00 – 1:00 Lunch Break – Sponsored by Deloitte 1:00 – 2:00 Feeling Security in the Cloud Alvin Madar 2:00 – 3:00 Cloud Considerations: A Developer’s Point of View Imraj Pasricha 3:00 – 3:30 Coffee Break 3:30 – 5:00 Panel Discussion – Current and Future State of Cloud Security Eric Paynter, Chester Wisniewski, Joost Houwen, Orvin Lau 5:00 Wrap up

slide-5
SLIDE 5

5 Vancouver SecSig Security Management

ISO Standards Overview and Updates

slide-6
SLIDE 6

6 Vancouver SecSig Security Management

I SO/ I EC 2 7 0 0 0 Fam ily Standards Process

International Organization for Standardization (ISO) International Electrotechnical Commission (IEC) Joint Technical Committee 1 (JTC1) Subcommittee 27 (SC 27) Security Techniques Working Group 1 (WG1) Information Security Management Systems ISO 27000 ISMS Family

  • 1. Development and

maintenance of the ISO/ IEC 27000 ISMS standards family

  • 2. Identification of requirements

for future ISMS standards and guidelines

  • 3. On-going maintenance of

WG1 standing document SD WG1/ 1 (WG1 Roadmap)

  • 4. Collaboration with other

working Groups in SC 27, in particular WG4 – Security Controls and Services

slide-7
SLIDE 7

7 Vancouver SecSig Security Management

Structure of ISO 27000 series

27000 Fundamentals & Vocabulary 27001:ISMS 27003 Implementation Guidance 27002 Code of Practice for ISM 27004 Metrics & Measurement 27005 Risk Management 27006 Guidelines on ISMS accreditation 27007 Guidelines for ISMS auditing 27008 Guidance for auditors on ISMS controls (TR) 27014 Information Security Governance

slide-8
SLIDE 8

8 Vancouver SecSig Security Management

The I SO 2 7 0 0 0 Standards Available Today

  • I SO 2 7 0 0 0 :2 0 1 4 – ISM - Overview and vocabulary
  • I SO 2 7 0 0 1 :2 0 1 3 – ISMS - Requirements
  • I SO 2 7 0 0 2 :2 0 1 3 – Code of practice for information security controls
  • I SO 2 7 0 0 3 :2 0 1 0 – ISMS - Implementation guidance
  • I SO 2 7 0 0 4 :2 0 0 9 – Information security management - Measurement
  • I SO 2 7 0 0 5 :2 0 1 1 – Information security risk management
  • I SO 2 7 0 0 6 :2 0 1 1 – Requirements for bodies providing audit and certification of the

ISMS

  • I SO 2 7 0 0 7 :2 0 1 1 – Guidelines for ISMS auditing
  • I SO TR 2 7 0 0 8 :2 0 1 1 – Guidelines for auditors on information security controls
  • I SO 2 7 0 1 0 :2 0 1 2 – ISM for inter-sector and inter-organisational communications
  • I SO 2 7 0 1 1 :2 0 0 8 – ISM Guidelines for telecommunications based on ISO/ IEC

27002

  • I SO 2 7 0 1 3 :2 0 1 2 – Guidance on integrated implementation of ISO/ IEC 27001 and

ISO/ IEC 20000-1

  • I SO 2 7 0 1 4 :2 0 1 3 – Governance of information security
  • I SO TR 2 7 0 1 5 :2 0 1 2 – Information security management guidelines for financial

services

  • I SO TR 2 7 0 1 6 :2 0 1 4 – ISM - Organizational economics
  • I SO 2 7 0 1 8 :2 0 1 4 – Code of practice for protection of personally identifiable

information (PII) in public clouds acting as PII processors

  • I SO TR 2 7 0 1 9 :2 0 1 3 – ISM Guidelines based on ISO/ IEC 27002 for process control

systems for the energy industry

  • I SO 2 7 0 3 1 :2 0 1 1 – Guidelines for ICT readiness for business continuity
slide-9
SLIDE 9

9 Vancouver SecSig Security Management

The I SO 2 7 0 0 0 Standards Available Today

  • I SO 2 7 0 3 2 :2 0 1 2 – Guidelines for cybersecurity
  • I SO 2 7 0 3 3 -1 :2 0 0 9 – Network security – Part 1: Overview and concepts
  • I SO 2 7 0 3 3 -2 :2 0 1 2 – Network security – Part 2: Guidelines for the design and

implementation of network security

  • I SO 2 7 0 3 3 -3 :2 0 1 0 – Network security – Part 3: Referencing network scenarios -

threats, design techniques and control issues

  • I SO 2 7 0 3 3 -4 :2 0 1 4 – Network security – Part 4: Securing communication between

networks using security gateways

  • I SO 2 7 0 3 3 -5 :2 0 1 3 – Network security – Part 5: Securing communication across

networks using Virtual Private Networks (VPNs)

  • I SO 2 7 0 3 4 -1 :2 0 1 1 - Application security - Overview and concepts
  • I SO 2 7 0 3 5 :2 0 1 1 – Information security incident management
  • I SO 2 7 0 3 6 -1 :2 0 1 4 – Information security for suppler relationships – Part 1:

Overview and concepts

  • I SO 2 7 0 3 6 -2 :2 0 1 4 – Information security for suppler relationships – Part 2:

Requirements

  • I SO 2 7 0 3 6 -3 :2 0 1 3 – Information security for suppler relationships – Part 3:

Guidelines for ICT supply chain security

  • I SO 2 7 0 3 7 :2 0 1 2 – Guidelines for identification, collection, acquisition and

preservation of digital evidence

  • I SO 2 7 0 3 8 :2 0 1 4 – Specification of digital redaction
  • I SO 2 7 0 4 0 :2 0 1 5 – Storage security
  • I SO 2 7 7 9 9 :2 0 0 8 – Security management in health using ISO/ IEC 27002
slide-10
SLIDE 10

1 0 Vancouver SecSig Security Management

The Rem aining I SO 2 7 0 0 0 I SMS Fam ily

  • I SO 2 7 0 0 9 – Application of ISO/ IEC 27001 - Requirements
  • I SO 2 7 0 1 7 - Security in cloud computing
  • I SO TR 2 7 0 2 1 – Competence requirements for information security management

professionals

  • I SO TR 2 7 0 2 3 – Mapping the revised editions of ISO 27001 and ISO 27002
  • I SO 2 7 0 3 3 -6 - Network Security – Part 6: Security wireless IP network access
  • I SO 2 7 0 3 4 ( Parts 2 -8 ) – Application Security
  • I SO 2 7 0 3 6 -4 – Information security for supplier relationships – Part 4:

Guidelines for security of cloud services

  • I SO 2 7 0 3 8 – Specification for Digital Redaction
  • I SO 2 7 0 3 9 - Selection, deployment and operations of Intrusion Detection [ and

Prevention] Systems (IDPS)

  • I SO 2 7 0 4 1 - Guidance on assuring suitability and adequacy of incident

investigative methods

  • I SO 2 7 0 4 2 - Guidelines for the analysis and interpretation of digital evidence
  • I SO 2 7 0 4 3 – Incident investigation principles and processes
  • I SO 2 7 0 4 4 – Guidelines for security incident and event management (SIEM)
  • I SO 2 7 0 5 0 ( Parts 1 -4 ) - Electronic discovery
slide-11
SLIDE 11

1 1 Vancouver SecSig Security Management

I SO 2 7 0 0 1 : I SMS Certificates

Certificates – 2 2 ,2 9 3 in 1 0 5 countries Japan – 7 ,0 8 4 China – 1 ,7 1 0 UK – 1 ,9 2 3 I ndia – 1 ,9 3 1 USA – 5 6 6 Canada – 6 6

112 212 322 329 435 552 712 1064 1432 2172 3563 4800 5289 6379 7950 4210 5550 5807 7394 8788 9665 10422 10748 383 519 839 1303 1328 1497 1668 2061 71 128 206 218 279 332 451

,0 5,000 10,000 15,000 20,000 25,000 2006 2007 2008 2009 2010 2011 2012 2013

I SO/ I EC 2 7 0 0 1 - W orldw ide total

Middle East Central and South Asia East Asia and Pacific Europe North America Central / South America Africa

slide-12
SLIDE 12

1 2 Vancouver SecSig Security Management

Other Related I SO Standards

  • I SO/ I EC Guide 7 3 – Risk Management – Vocabulary – Guidelines for Use in Standards
  • I SO/ I EC JTC 1 SC 2 7 Standing Docum ent No. 6 ; V2 0 1 0 -0 9 - Glossary of IT Security

Terminology Terms and definitions

  • I SO/ I EC 7 4 9 8 -1 :1 9 9 4 - Open System Interconnection (OSI) – Part 1: The basic model
  • I SO/ I EC 7 4 9 8 -2 :1 9 9 4 - Open System Interconnection (OSI) – Part 2: Security architecture
  • I SO/ I EC 1 0 1 8 1 :1 9 9 6 - Security Frameworks for open systems (7 parts)
  • I SO/ I EC 1 2 2 0 7 :2 0 0 8 -

Systems and Software Engineering – Software life cycle processes

  • I SO/ I EC 1 3 3 3 5 -1 :2 0 0 4 - Management of information and communications technology

security

  • I SO/ I EC 1 3 5 6 9 :2 0 0 5 -

Financial services – Information security guidelines

  • I SO/ I EC 1 3 8 8 8 -2 :2 0 1 0 -

Non-repudiation

  • I SO/ I EC 1 5 2 8 8 :2 0 0 8 -

Systems and Software Engineering – System life cycle processes

  • I SO/ I EC 1 5 4 0 8 :2 0 0 9 -

Common Criteria for Information Technology Security Evaluation

  • I SO/ I EC TR 1 5 4 4 3 -1 :2 0 1 2 - Security assurance framework – Part 1: Introduction &

Concepts

  • I SO/ I EC TR 1 5 4 4 3 -2 :2 0 1 2 - Security assurance framework – Part 2: Analysis
  • I SO/ I EC TR 1 5 4 8 9 :2 0 0 1 – Records Management (2 parts)
  • I SO/ I EC 1 7 0 2 1 :2 0 1 1 -

Requirements for Bodies Providing Audit and Certification of Management Systems

  • I SO/ I EC 1 7 7 8 8 :2 0 1 4 –Cloud Computing – Overview and vocabulary
  • I SO/ I EC 1 7 7 8 9 :2 0 1 4 –Cloud Computing – Reference architecture
  • I SO/ I EC 1 8 0 2 8 -4 :2 0 0 4 -IT network security – Part 4: Securing remote access
  • I SO/ I EC TR 1 8 0 4 3 :2 0 0 6 - Selection, deployment and operations of intrusion detection

systems

slide-13
SLIDE 13

1 3 Vancouver SecSig Security Management

Other Related I SO Standards continued

  • I SO/ I EC TR 1 8 0 4 5 :2 0 0 8 – Methodology for IT security evaluation
  • I SO/ I EC 1 9 0 1 1 :2 0 1 1 -

Guidelines for Auditing Management Systems

  • I SO/ I EC 1 9 7 7 0 -1 :2 0 0 6 -

Software Asset Management

  • I SO/ I EC 2 0 0 0 0 -1 :2 0 1 1 - Service management – Part 1: Service management system

requirements

  • I SO/ I EC 2 0 0 0 0 -2 :2 0 1 2 - Service management – Part 2: Guidance on the application of

service management systems

  • I SO/ I EC 2 0 0 0 0 -3 :2 0 0 9 - Service management - Part 3: Guidance on scope definition and

applicability of ISO/ IEC 20000-1

  • I SO/ I EC 2 1 8 2 7 :2 0 0 8 - Systems security engineering - Capability maturity model (SSE-CMM)
  • I SO/ I EC 2 2 3 0 1 :2 0 1 2 - Business continuity management systems - Requirements
  • I SO/ I EC 2 2 3 1 3 :2 0 1 2 - Business continuity management systems - Guidance
  • I SO/ PAS 2 2 3 9 9 :2 0 0 7 - Guidelines for incident preparedness and operational continuity

management

  • I SO/ I EC 2 4 7 6 2 :2 0 0 8 - Guidelines for information and communications technology disaster

recovery services

  • I SO/ I EC 2 9 1 0 0 :2 0 1 1 - Privacy framework
  • I SO/ I EC 2 9 1 0 1 :2 0 1 3 - Privacy architecture framework
  • I SO/ I EC 3 1 0 0 0 :2 0 0 9 - Risk management — Principles and guidelines
  • I SO/ I EC 3 1 0 0 4 :2 0 1 3 - Risk Management – Guidance for implementation of ISO 31000
  • I SO/ I EC 3 1 0 1 0 :2 0 0 9 - Risk Management – Risk assessment techniques
  • I SO/ I EC 3 7 5 0 0 :2 0 1 4 – Guidance on Outsourcing
  • I SO/ I EC 3 8 5 0 0 :2 0 0 8
  • Corporate governance of information technology
  • I SO/ I EC 3 8 5 0 2 :2 0 1 4
  • Governance of IT – Framework and model
slide-14
SLIDE 14

1 4 Vancouver SecSig Security Management

I SO 2 7 0 0 0 series : Benefits/ Obstacles

BENEFI TS

  • Alignm ent to I SO 9 0 0 0 series on Quality Managem ent
  • Ensured a level of consistency in I S Managem ent
  • I nternational cohesion
  • Professional acknow ledgem ent
  • Governance Benefits

OBSTACLES

  • I nternational acceptance & take-up
  • Nation state support & agreem ent
slide-15
SLIDE 15

Agenda

15 Time Topic Speaker 8:30 – 8:45 Welcome & Review Day’s Agenda Glen Bruce 8:45 – 9:15 ISO 27000 standards overview and Update Glen Bruce 9:15 – 10:30 ISO Cloud Security Standards Eva Kuiper 10:30 – 11:00 Coffee Break 11:00 – 12:00 Cloud Security Certification Glen Bruce 12:00 – 1:00 Lunch Break – Sponsored by Deloitte 1:00 – 2:00 Feeling Security in the Cloud Alvin Madar 2:00 – 3:00 Cloud Considerations: A Developer’s Point of View Imraj Pasricha 3:00 – 3:30 Coffee Break 3:30 – 5:00 Panel Discussion – Current and Future State of Cloud Security Eric Paynter, Chester Wisniewski, Joost Houwen, Orvin Lau 5:00 Wrap up