Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters It’s a Cloudy Day British Columbia January 2 1 , 2 0 1 5
Welcome
Agenda Time Topic Speaker 8:30 – 8:45 Welcome & Review Day’s Agenda Glen Bruce 8:45 – 9:15 ISO 27000 standards overview and Update Glen Bruce 9:15 – 10:30 ISO Cloud Security Standards Eva Kuiper 10:30 – 11:00 Coffee Break 11:00 – 12:00 Cloud Security Certification Glen Bruce 12:00 – 1:00 Lunch Break – Sponsored by Deloitte 1:00 – 2:00 Feeling Security in the Cloud Alvin Madar 2:00 – 3:00 Cloud Considerations: A Developer’s Point of View Imraj Pasricha 3:00 – 3:30 Coffee Break 3:30 – 5:00 Panel Discussion – Current and Future State of Cloud Eric Paynter, Chester Wisniewski, Security Joost Houwen, Orvin Lau 5:00 Wrap up 3
Agenda Time Topic Speaker 8:30 – 8:45 Welcome & Review Day’s Agenda Glen Bruce 8:45 – 9:15 ISO 27000 standards overview and Update Glen Bruce 9:15 – 10:30 ISO Cloud Security Standards Eva Kuiper 10:30 – 11:00 Coffee Break 11:00 – 12:00 Cloud Security Certification Glen Bruce 12:00 – 1:00 Lunch Break – Sponsored by Deloitte 1:00 – 2:00 Feeling Security in the Cloud Alvin Madar 2:00 – 3:00 Cloud Considerations: A Developer’s Point of View Imraj Pasricha 3:00 – 3:30 Coffee Break 3:30 – 5:00 Panel Discussion – Current and Future State of Cloud Eric Paynter, Chester Wisniewski, Security Joost Houwen, Orvin Lau 5:00 Wrap up 4
ISO Standards Overview and Updates 5 Vancouver SecSig Security Management
I SO/ I EC 2 7 0 0 0 Fam ily Standards Process International International Electrotechnical Organization for Commission (IEC) Standardization (ISO) Joint Technical Committee 1 (JTC1) 1. Development and maintenance of the ISO/ IEC 27000 ISMS standards family Subcommittee 27 (SC 27) 2. Identification of requirements Security Techniques for future ISMS standards and guidelines 3. On-going maintenance of WG1 standing document SD WG1/ 1 (WG1 Roadmap) Working Group 1 (WG1) ISO 27000 Information Security 4. Collaboration with other ISMS Family working Groups in SC 27, in Management Systems particular WG4 – Security Controls and Services 6 Vancouver SecSig Security Management
Structure of ISO 27000 series 27000 Fundamentals & Vocabulary 27001:ISMS 27005 27002 Code of Practice for ISM Risk 27003 Implementation Guidance Management 27004 Metrics & Measurement 27006 Guidelines on ISMS accreditation 27007 Guidelines for ISMS auditing 27008 Guidance for auditors on ISMS controls (TR) 27014 Information Security Governance 7 Vancouver SecSig Security Management
The I SO 2 7 0 0 0 Standards Available Today • I SO 2 7 0 0 0 :2 0 1 4 – ISM - Overview and vocabulary I SO 2 7 0 0 1 :2 0 1 3 – ISMS - Requirements • I SO 2 7 0 0 2 :2 0 1 3 – Code of practice for information security controls • I SO 2 7 0 0 3 :2 0 1 0 – ISMS - Implementation guidance • • I SO 2 7 0 0 4 :2 0 0 9 – Information security management - Measurement I SO 2 7 0 0 5 :2 0 1 1 – Information security risk management • I SO 2 7 0 0 6 :2 0 1 1 – Requirements for bodies providing audit and certification of the • ISMS • I SO 2 7 0 0 7 :2 0 1 1 – Guidelines for ISMS auditing I SO TR 2 7 0 0 8 :2 0 1 1 – Guidelines for auditors on information security controls • I SO 2 7 0 1 0 :2 0 1 2 – ISM for inter-sector and inter-organisational communications • • I SO 2 7 0 1 1 :2 0 0 8 – ISM Guidelines for telecommunications based on ISO/ IEC 27002 I SO 2 7 0 1 3 :2 0 1 2 – Guidance on integrated implementation of ISO/ IEC 27001 and • ISO/ IEC 20000-1 • I SO 2 7 0 1 4 :2 0 1 3 – Governance of information security I SO TR 2 7 0 1 5 :2 0 1 2 – Information security management guidelines for financial • services • I SO TR 2 7 0 1 6 :2 0 1 4 – ISM - Organizational economics I SO 2 7 0 1 8 :2 0 1 4 – Code of practice for protection of personally identifiable • information (PII) in public clouds acting as PII processors I SO TR 2 7 0 1 9 :2 0 1 3 – ISM Guidelines based on ISO/ IEC 27002 for process control • systems for the energy industry I SO 2 7 0 3 1 :2 0 1 1 – Guidelines for ICT readiness for business continuity • 8 Vancouver SecSig Security Management
The I SO 2 7 0 0 0 Standards Available Today • I SO 2 7 0 3 2 :2 0 1 2 – Guidelines for cybersecurity I SO 2 7 0 3 3 -1 :2 0 0 9 – Network security – Part 1: Overview and concepts • I SO 2 7 0 3 3 -2 :2 0 1 2 – Network security – Part 2: Guidelines for the design and • implementation of network security • I SO 2 7 0 3 3 -3 :2 0 1 0 – Network security – Part 3: Referencing network scenarios - threats, design techniques and control issues I SO 2 7 0 3 3 -4 :2 0 1 4 – Network security – Part 4: Securing communication between • networks using security gateways • I SO 2 7 0 3 3 -5 :2 0 1 3 – Network security – Part 5: Securing communication across networks using Virtual Private Networks (VPNs) I SO 2 7 0 3 4 -1 :2 0 1 1 - Application security - Overview and concepts • • I SO 2 7 0 3 5 :2 0 1 1 – Information security incident management • I SO 2 7 0 3 6 -1 :2 0 1 4 – Information security for suppler relationships – Part 1: Overview and concepts • I SO 2 7 0 3 6 -2 :2 0 1 4 – Information security for suppler relationships – Part 2: Requirements I SO 2 7 0 3 6 -3 :2 0 1 3 – Information security for suppler relationships – Part 3: • Guidelines for ICT supply chain security I SO 2 7 0 3 7 :2 0 1 2 – Guidelines for identification, collection, acquisition and • preservation of digital evidence I SO 2 7 0 3 8 :2 0 1 4 – Specification of digital redaction • I SO 2 7 0 4 0 :2 0 1 5 – Storage security • • I SO 2 7 7 9 9 :2 0 0 8 – Security management in health using ISO/ IEC 27002 9 Vancouver SecSig Security Management
The Rem aining I SO 2 7 0 0 0 I SMS Fam ily • I SO 2 7 0 0 9 – Application of ISO/ IEC 27001 - Requirements • I SO 2 7 0 1 7 - Security in cloud computing I SO TR 2 7 0 2 1 – Competence requirements for information security management • professionals I SO TR 2 7 0 2 3 – Mapping the revised editions of ISO 27001 and ISO 27002 • • I SO 2 7 0 3 3 -6 - Network Security – Part 6: Security wireless IP network access • I SO 2 7 0 3 4 ( Parts 2 -8 ) – Application Security I SO 2 7 0 3 6 -4 – Information security for supplier relationships – Part 4: • Guidelines for security of cloud services I SO 2 7 0 3 8 – Specification for Digital Redaction • • I SO 2 7 0 3 9 - Selection, deployment and operations of Intrusion Detection [ and Prevention] Systems (IDPS) I SO 2 7 0 4 1 - Guidance on assuring suitability and adequacy of incident • investigative methods I SO 2 7 0 4 2 - Guidelines for the analysis and interpretation of digital evidence • • I SO 2 7 0 4 3 – Incident investigation principles and processes • I SO 2 7 0 4 4 – Guidelines for security incident and event management (SIEM) I SO 2 7 0 5 0 ( Parts 1 -4 ) - Electronic discovery • 1 0 Vancouver SecSig Security Management
I SO 2 7 0 0 1 : I SMS Certificates I SO/ I EC 2 7 0 0 1 - W orldw ide total 25,000 451 2061 Middle East 20,000 332 Central and South Asia 1668 East Asia and Pacific 279 1497 Europe 218 15,000 1328 10748 North America 206 Central / South America 10422 1303 Africa 9665 10,000 8788 128 839 71 7394 519 Japan – 7 ,0 8 4 China – 1 ,7 1 0 383 5807 UK – 1 ,9 2 3 5,000 7950 5550 I ndia – 1 ,9 3 1 6379 USA – 5 6 6 4210 5289 4800 Canada – 6 6 3563 2172 1432 712 1064 552 435 322 329 212 112 ,0 2006 2007 2008 2009 2010 2011 2012 2013 Certificates – 2 2 ,2 9 3 in 1 0 5 countries 1 1 Vancouver SecSig Security Management
Recommend
More recommend
