PPT-Applying the CIS Critical Security Controls to the Cloud

Bart Westerink April 26 2016 Agenda Migration to the cloud Overview of the top 20 security controls Adapting the controls to the cloud Leverage the controls to build a highly secure cloud infrastructure. For an ongoing discussion of these please visit the Solutions Directory at sansorgcriticalsecuritycontrolsvendorsolutions alienvaultcom accelopscom eiqnetworkscom logrhythmcom mcafeecom rapid7com symanteccom trendmicrocom tripwirecom 16 CCOUNT M ONI For an ongoing discussion of these please visit the Solutions Directory at sansorgcriticalsecuritycontrolsvendorsolutions alienvaultcom accelopscom eiqnetworkscom logrhythmcom mcafeecom rapid7com symanteccom trendmicrocom tripwirecom 16 CCOUNT M ONI Randy Marchany. VA Tech IT Security Office. 1. (c) Marchany 2011. Who Am I?. Been working in IT Security since 1992, working in IT for 38 years. CISO at VA Tech. 40K node network. . dual stack IPV4, IPV6 . Federal Risk and Authorization Management Program Industry Day. June 4, 2014 Industry Day. Agenda. Topic. Speaker. Time. Welcome. Kathy Conrad. 1:00 – 1:05. FedRAMP Update. Maria Roat. 1:05 – 1:40. Infosec Assessments & Reports. April 1 - News Flash! . Conficker…. A master computer was . reportedly scheduled. to gain control of millions of infected zombie machines on . April 1, 2009 . Conficker . Chapter 8. 8-. 1. Learning Objectives. Explain how information security affects information systems reliability.. Discuss how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about the security of an organization’s information system.. Stuart Berman. Enterprise Advisory Board. Sep 2011. Cloud: ushering in “IT Spring”. Cloud – a simple idea. Compute as a utility – shared by many. Align technology costs with usage. Challenges our assumptions about everything. FedRAMP (Federal Risk and Authorization Management Program). © Grant Thornton LLP. All rights reserved. .. Orus Dearman, . Senior Manager. Grant Thornton LLP. © Grant Thornton LLP. All rights reserved. Information . Security in . a . Hosted Environment. William Prohn. Managing Director. Thomas O’Connor. Consultant. William M. . Prohn. CISSP. ®. , CISA. ®. , CGEIT. ®. , CRISC. FSR 14 — RAIL OPERATIONS Understanding your Workplace Specific Critical Controls Instructions: The images in this presentation should depict the specific controls you have agreed at your workplace. Substitute these images for the actual controls you will be using and expect to see implemented. Cloud Based Security Services Simplification Or Complexity Michael Ferrell, Security Solutions Architect MS In Information Security, CISSP, ISSAP, CISA, CGEIT © 2016 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product names are the property of CenturyLink. All other marks are the property of their respective owners. Services not available everywhere. Business customers only. CenturyLink may change or cancel services or substitute similar services at its sole discretion without notice Michael Tolliver. Senior Account Manager. Michael.Tolliver@Forcepoint.com. (703) 856-3376. Cross Domain | Data Protection | Behavioral Analytics | NGFW | CASB | Advanced Malware Detection | Email Security | Web Security. CIS (the Center for Internet Security). Growing Up In Cyber…. but is Cyber Growing Up?. Today’s Cyber Learning Model ?. Risk = . {. . Regulatory Controls. Infrastructure Services. Platform Services. Applications. Security Services. IT Management Services. Data Services. Wells Fargo Technology Controls Cube. The Technology Controls Cube defines controls across three dimensions to establish clear accountability and ensure completeness of coverage.