vancouver secsig isc 2 and issa vancouver chapters it s a
play

Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy - PowerPoint PPT Presentation

Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy Day British Columbia January 2 1 , 2 0 1 5 Welcome Agenda Time Topic Speaker 8:30 8:45 Welcome & Review Days Agenda Glen Bruce 8:45 9:15 ISO 27000


  1. Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters It’s a Cloudy Day British Columbia January 2 1 , 2 0 1 5

  2. Welcome

  3. Agenda Time Topic Speaker 8:30 – 8:45 Welcome & Review Day’s Agenda Glen Bruce 8:45 – 9:15 ISO 27000 standards overview and Update Glen Bruce 9:15 – 10:30 ISO Cloud Security Standards Eva Kuiper 10:30 – 11:00 Coffee Break 11:00 – 12:00 Cloud Security Certification Glen Bruce 12:00 – 1:00 Lunch Break – Sponsored by Deloitte 1:00 – 2:00 Feeling Security in the Cloud Alvin Madar 2:00 – 3:00 Cloud Considerations: A Developer’s Point of View Imraj Pasricha 3:00 – 3:30 Coffee Break 3:30 – 5:00 Panel Discussion – Current and Future State of Cloud Eric Paynter, Chester Wisniewski, Security Joost Houwen, Orvin Lau 5:00 Wrap up 3

  4. Agenda Time Topic Speaker 8:30 – 8:45 Welcome & Review Day’s Agenda Glen Bruce 8:45 – 9:15 ISO 27000 standards overview and Update Glen Bruce 9:15 – 10:30 ISO Cloud Security Standards Eva Kuiper 10:30 – 11:00 Coffee Break 11:00 – 12:00 Cloud Security Certification Glen Bruce 12:00 – 1:00 Lunch Break – Sponsored by Deloitte 1:00 – 2:00 Feeling Security in the Cloud Alvin Madar 2:00 – 3:00 Cloud Considerations: A Developer’s Point of View Imraj Pasricha 3:00 – 3:30 Coffee Break 3:30 – 5:00 Panel Discussion – Current and Future State of Cloud Eric Paynter, Chester Wisniewski, Security Joost Houwen, Orvin Lau 5:00 Wrap up 4

  5. ISO Standards Overview and Updates 5 Vancouver SecSig Security Management

  6. I SO/ I EC 2 7 0 0 0 Fam ily Standards Process International International Electrotechnical Organization for Commission (IEC) Standardization (ISO) Joint Technical Committee 1 (JTC1) 1. Development and maintenance of the ISO/ IEC 27000 ISMS standards family Subcommittee 27 (SC 27) 2. Identification of requirements Security Techniques for future ISMS standards and guidelines 3. On-going maintenance of WG1 standing document SD WG1/ 1 (WG1 Roadmap) Working Group 1 (WG1) ISO 27000 Information Security 4. Collaboration with other ISMS Family working Groups in SC 27, in Management Systems particular WG4 – Security Controls and Services 6 Vancouver SecSig Security Management

  7. Structure of ISO 27000 series 27000 Fundamentals & Vocabulary 27001:ISMS 27005 27002 Code of Practice for ISM Risk 27003 Implementation Guidance Management 27004 Metrics & Measurement 27006 Guidelines on ISMS accreditation 27007 Guidelines for ISMS auditing 27008 Guidance for auditors on ISMS controls (TR) 27014 Information Security Governance 7 Vancouver SecSig Security Management

  8. The I SO 2 7 0 0 0 Standards Available Today • I SO 2 7 0 0 0 :2 0 1 4 – ISM - Overview and vocabulary I SO 2 7 0 0 1 :2 0 1 3 – ISMS - Requirements • I SO 2 7 0 0 2 :2 0 1 3 – Code of practice for information security controls • I SO 2 7 0 0 3 :2 0 1 0 – ISMS - Implementation guidance • • I SO 2 7 0 0 4 :2 0 0 9 – Information security management - Measurement I SO 2 7 0 0 5 :2 0 1 1 – Information security risk management • I SO 2 7 0 0 6 :2 0 1 1 – Requirements for bodies providing audit and certification of the • ISMS • I SO 2 7 0 0 7 :2 0 1 1 – Guidelines for ISMS auditing I SO TR 2 7 0 0 8 :2 0 1 1 – Guidelines for auditors on information security controls • I SO 2 7 0 1 0 :2 0 1 2 – ISM for inter-sector and inter-organisational communications • • I SO 2 7 0 1 1 :2 0 0 8 – ISM Guidelines for telecommunications based on ISO/ IEC 27002 I SO 2 7 0 1 3 :2 0 1 2 – Guidance on integrated implementation of ISO/ IEC 27001 and • ISO/ IEC 20000-1 • I SO 2 7 0 1 4 :2 0 1 3 – Governance of information security I SO TR 2 7 0 1 5 :2 0 1 2 – Information security management guidelines for financial • services • I SO TR 2 7 0 1 6 :2 0 1 4 – ISM - Organizational economics I SO 2 7 0 1 8 :2 0 1 4 – Code of practice for protection of personally identifiable • information (PII) in public clouds acting as PII processors I SO TR 2 7 0 1 9 :2 0 1 3 – ISM Guidelines based on ISO/ IEC 27002 for process control • systems for the energy industry I SO 2 7 0 3 1 :2 0 1 1 – Guidelines for ICT readiness for business continuity • 8 Vancouver SecSig Security Management

  9. The I SO 2 7 0 0 0 Standards Available Today • I SO 2 7 0 3 2 :2 0 1 2 – Guidelines for cybersecurity I SO 2 7 0 3 3 -1 :2 0 0 9 – Network security – Part 1: Overview and concepts • I SO 2 7 0 3 3 -2 :2 0 1 2 – Network security – Part 2: Guidelines for the design and • implementation of network security • I SO 2 7 0 3 3 -3 :2 0 1 0 – Network security – Part 3: Referencing network scenarios - threats, design techniques and control issues I SO 2 7 0 3 3 -4 :2 0 1 4 – Network security – Part 4: Securing communication between • networks using security gateways • I SO 2 7 0 3 3 -5 :2 0 1 3 – Network security – Part 5: Securing communication across networks using Virtual Private Networks (VPNs) I SO 2 7 0 3 4 -1 :2 0 1 1 - Application security - Overview and concepts • • I SO 2 7 0 3 5 :2 0 1 1 – Information security incident management • I SO 2 7 0 3 6 -1 :2 0 1 4 – Information security for suppler relationships – Part 1: Overview and concepts • I SO 2 7 0 3 6 -2 :2 0 1 4 – Information security for suppler relationships – Part 2: Requirements I SO 2 7 0 3 6 -3 :2 0 1 3 – Information security for suppler relationships – Part 3: • Guidelines for ICT supply chain security I SO 2 7 0 3 7 :2 0 1 2 – Guidelines for identification, collection, acquisition and • preservation of digital evidence I SO 2 7 0 3 8 :2 0 1 4 – Specification of digital redaction • I SO 2 7 0 4 0 :2 0 1 5 – Storage security • • I SO 2 7 7 9 9 :2 0 0 8 – Security management in health using ISO/ IEC 27002 9 Vancouver SecSig Security Management

  10. The Rem aining I SO 2 7 0 0 0 I SMS Fam ily • I SO 2 7 0 0 9 – Application of ISO/ IEC 27001 - Requirements • I SO 2 7 0 1 7 - Security in cloud computing I SO TR 2 7 0 2 1 – Competence requirements for information security management • professionals I SO TR 2 7 0 2 3 – Mapping the revised editions of ISO 27001 and ISO 27002 • • I SO 2 7 0 3 3 -6 - Network Security – Part 6: Security wireless IP network access • I SO 2 7 0 3 4 ( Parts 2 -8 ) – Application Security I SO 2 7 0 3 6 -4 – Information security for supplier relationships – Part 4: • Guidelines for security of cloud services I SO 2 7 0 3 8 – Specification for Digital Redaction • • I SO 2 7 0 3 9 - Selection, deployment and operations of Intrusion Detection [ and Prevention] Systems (IDPS) I SO 2 7 0 4 1 - Guidance on assuring suitability and adequacy of incident • investigative methods I SO 2 7 0 4 2 - Guidelines for the analysis and interpretation of digital evidence • • I SO 2 7 0 4 3 – Incident investigation principles and processes • I SO 2 7 0 4 4 – Guidelines for security incident and event management (SIEM) I SO 2 7 0 5 0 ( Parts 1 -4 ) - Electronic discovery • 1 0 Vancouver SecSig Security Management

  11. I SO 2 7 0 0 1 : I SMS Certificates I SO/ I EC 2 7 0 0 1 - W orldw ide total 25,000 451 2061 Middle East 20,000 332 Central and South Asia 1668 East Asia and Pacific 279 1497 Europe 218 15,000 1328 10748 North America 206 Central / South America 10422 1303 Africa 9665 10,000 8788 128 839 71 7394 519 Japan – 7 ,0 8 4 China – 1 ,7 1 0 383 5807 UK – 1 ,9 2 3 5,000 7950 5550 I ndia – 1 ,9 3 1 6379 USA – 5 6 6 4210 5289 4800 Canada – 6 6 3563 2172 1432 712 1064 552 435 322 329 212 112 ,0 2006 2007 2008 2009 2010 2011 2012 2013 Certificates – 2 2 ,2 9 3 in 1 0 5 countries 1 1 Vancouver SecSig Security Management

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend