SlideShare a Scribd company logo

Aicpa tech+panel presentation t6 managing risks and security 2014 v3

Download as PPTX, PDF
Doeren Mayhew
Doeren Mayhew
Technology
1 of 27
Aria Resort and Casino Las Vegas, NV Session T6: Managing Risks and Security in the Cloud Environment (Panel Discussion) Catherine Bruder Steve Ursillo, Jr. Brian Thomas Aaron Klein Peter Karpas #PSTECH 1
American Institute of CPAs® #PSTECH Session Agenda Introduction to the Cloud Panel Discussion • Q&A Format - Assessing the risks prior to moving into the Cloud environment - Managing the risks after moving into the Cloud environment 2
American Institute of CPAs® #PSTECH Steve Ursillo, Jr. CPA, CIA, CFE, CISA, CISM, CITP, CISSP, CGEIT, CRISC Principal, Director of Technology & Assurance Services Sparrow, Johnson & Ursillo, Inc. sursillojr@sju.com Steve is a principal and the director of Information Technology and Assurance Services at Sparrow, Johnson & Ursillo, Inc., a Rhode Island-based full- service CPA firm. Steve specializes in information security and privacy assurance services such as network and system vulnerability testing, penetration testing, information systems audits, internal control over financial reporting audits and Service Organization Control (SOC) attestations. Steve is currently the Co- Lead for the AICPA Cyber Security Task Force, along with serving on the Service Organization Control (SOC) Reporting Task Force. He graduated with a master’s degree in computer information systems (security) from Boston University and a bachelor’s degree in business administration (accounting) from Bryant University. 3
American Institute of CPAs® #PSTECH Catherine Bruder CPA, CITP, CISA, CISM Shareholder, Doeren Mayhew bruder@doeren.com Catherine is the Shareholder of Information Technology Assurance Services for Doeren Mayhew, a CPA firm in Troy, Michigan. She is responsible for the planning and supervision of all forms of technology assurance including SSAE 16 and SOC reporting, IT audits, network vulnerability assessments, penetration testing, security program development, and disaster recovery planning. Catherine currently serves on the AICPA Service Organization Controls Task Force. 4
American Institute of CPAs® #PSTECH Brian Thomas CISA, CISSP Partner, Weaver Brian.Thomas@WeaverLLP.com Brian is the partner in charge of Weaver’s IT Advisory Services team, which provides a range of technology based assurance and consulting related services. With experience managing teams delivering IT-focused solutions such as SOC reporting, system integration, information security assessment, SOX assistance, IT audits, and IT project management, Brian brings diverse knowledge and technical skills to his clients. He is a member of the AICPA’s SOC Reporting Task Force and a member of the IM Advisory Council at the McCombs School of Business of The University of Texas. He graduated with a master’s degree and a bachelor’s degree in engineering from the University of Texas – i.e. not a CPA. 5
American Institute of CPAs® #PSTECH Aaron Klein Founder- COO CloudCheckr Inc. aaron.klein@cloudcheckr.com Aaron is the Founder and Chief Operating Officer of CloudCheckr Inc. CloudCheckr’s industry leading software solution provides visibility, security, cost management, and compliance controls so that users can confidently maximize their agility in the decentralized cloud environment. He has authored a series of whitepapers around public cloud best practices and mapping infrastructure controls to NIST 800-53 requirements. Aaron is also a regular contributor to Amazon Cloud Journal, DZone, DevOps.com, and other leading publications. Aaron earned a J.D. from State University of New York at Buffalo and a B.A. from Brandeis University. 6
American Institute of CPAs® #PSTECH Peter Karpas CEO – Xero North America Peter.karpas@xero.com Peter recently joined Xero as the CEO of North America. Prior to Xero, Peter held a number of senior roles at PayPal and Intuit. He was Vice President & General Manager of Small Business for PayPal, responsible for driving all of PayPal's small business efforts in North America. Prior to PayPal, Karpas spent over 10 years at Intuit. He was President and General Manager of the Quicken Health Group and served as the company's Chief Marketing and Product Management Officer, VP and General Manager of the Quicken Solutions Group, and General Manager for QuickBooks Industry-Specific Solutions. He is currently a member of the Board of Trustees for the Computer History Museum. 7
American Institute of CPAs® #PSTECH Introduction to the Cloud 8
American Institute of CPAs® #PSTECH 9
American Institute of CPAs® #PSTECH IDC Forecasts Spending on public IT cloud services will reach $47.4 billion in 2013 and is expected to be more than $107 billion in 2017 Over the 2013–2017 forecast period, public IT cloud services will have a compound annual growth rate (CAGR) of 23.5%, five times that of the industry overall •Software as a service (SaaS) will remain the largest public IT cloud services category, capturing 59.7% of revenues in 2017 10
American Institute of CPAs® #PSTECH What is changing in the industry? 11
American Institute of CPAs® #PSTECH Introduction Software as a Service (Saas) • Provides web-based access to software systems. This arrangement provides specialty or industry specific automation functionality without the capital investment in equipment and ongoing support and maintenance expense. Platform as a Service (PaaS) • Offers hardware and software layers comprising a computing platform which is delivered like a service. This particular layer of cloud computing enables companies to construct, test and deploy systems from a centralized environment. Infrastructure as a Service (IaaS) • Where software and hardware, the equipment which supports automated operations, are purchased as a fully outsourced service versus buying and maintaining these assets in-house. IaaS provides a company on-demand storage, computing and networking capacity. 12
American Institute of CPAs® #PSTECH Cloud Deployment Options Private Cloud • Colocation: server racks (equipped with power, cooling, and bandwidth) are rented on a monthly basis. Public Cloud • Managed Hosting: service provider provides IT infrastructure resources, such as applications and storage, available over the Internet. Services may be free or subscribed on a pay-per-usage basis. Hybrid Cloud • Combination of Private and Public 13
American Institute of CPAs® #PSTECH Cloud Supply Chain Information Security Risks You can outsource business capability or function but you cannot outsource accountability for information security • Control Gaps (shared control) - Information security (access controls, vulnerability, & patch management) - Security architecture - Data governance (lifecycle management) - Release management (change control) - Facility security • Control dependencies - Corporate governance - Incident response - Resiliency - Risk and compliance management 14
American Institute of CPAs® #PSTECH Panel Discussion 15
American Institute of CPAs® #PSTECH Prior to Moving Into the Cloud Business Considerations • What information and Services would you move to the cloud? • Who is the right person to help manage the Cloud vendor relationship? • Are you going to be able to gain measure against established or best practice benchmarks? Legal and compliance considerations • How do users know if the Cloud vendor is in compliance with regulations and obligations? • What should a user consider in relations to legal implications? 16
American Institute of CPAs® #PSTECH Prior to Moving Into the Cloud Cost and contractual considerations • Should a user continue paying existing contractual costs for assets and services that are to be moved to the Cloud? • Can a user determine the Return on Investment (ROI) or the risk to the Total Cost of Ownership (TCO)? • What are other factors that a user should consider? - Existing software licenses, flexibility of solution/ contract, etc. 17
American Institute of CPAs® #PSTECH After Moving Into the Cloud • What should be considered if your organization or entity is currently engaged in the use of a cloud vendor (after the fact)? • What are the options to help mitigate risks associated with engaging with a cloud vendor? • How can an user ensure that risks are mitigated? • What should a user consider in relation to legal implications? • If an incident (such as a security breach) does occur with your cloud vendor, what are the appropriate escalation procedures? • What Best practices for resource and cost monitoring are available? - Usage, scope creep, power or bandwidth consumption and the process controls around it. 18
American Institute of CPAs® #PSTECH Additional Resources 19
American Institute of CPAs® #PSTECH Join Information Management and Technology Assurance (IMTA) IMTA Premium Member Benefits: • Safari Books Online • Discounts on educational programs, such as AICPA TECH+ conference, NAAATS conference, and IT Audit School program • Discounts on valuable software and tools, including Audimation Services, Inc IDEA® products/ training sessions and InformationActive ActiveData® products • Valuable technology content, including discussion papers, content suites, studies & practice aids • Communications, including electronic newsletters, featured articles, and news about the profession and the community • Networking groups and IT Section events at AICPA conferences 20 Visit http://www.aicpa.org/InterestAreas/InformationTechnology for more details.
American Institute of CPAs® #PSTECH What is a Certified Information Technology Professional (CITP)? A CITP is a CPA: • Specialty designation that identifies CPAs with the unique ability to bridge between business and technology • The CITP Body of Knowledge represents the fundamental concepts of information management and technology assurance including: - Risk Assessment - Fraud Considerations - Internal Control and IT General Controls - Evaluate, Test and Report - Information Management and Business Intelligence 21
American Institute of CPAs® #PSTECH CITP Credential Holder Benefits CITP Marketing Toolkit CPA Practice Advisor – A CPA Focused magazine Full access to technical resources, content suites and practice aids. Find a CPA/CITP Online Database Member Discounts Information Management and Technology Assurance (IMTA) Division Web Seminars 22
American Institute of CPAs® #PSTECH CSA 23 https://cloudsecurityalliance.org/
American Institute of CPAs® #PSTECH CSA_CCM v3.0 24 https://cloudsecurityalliance.org/
American Institute of CPAs® #PSTECH AICPA SOC 25
American Institute of CPAs® #PSTECH AICPA SOC 26 http://www.aicpa.org/interestareas/frc/assuranceadviso ryservices/pages/sorhome.aspx
Copyright © 2014 American Institute of CPAs. All rights reserved. Thank You American Institute of CPAs® #PSTECH 27

Recommended

What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
internal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideinternal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideSatchit Dokras
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
 

Recommended

What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
internal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideinternal-cloud-audit-risk-guide
internal-cloud-audit-risk-guideSatchit Dokras
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
 
Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Vasu S
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALSatchit Dokras
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
DLP
DLPDLP
DLPsaurabh.sood
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Global economic outlook
Global economic outlookGlobal economic outlook
Global economic outlookDoeren Mayhew
 
Hiring and the Houston Economy
Hiring and the Houston EconomyHiring and the Houston Economy
Hiring and the Houston EconomyDoeren Mayhew
 

More Related Content

What's hot

Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Vasu S
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALSatchit Dokras
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 

What's hot (20)

Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - Eryk
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
 
DLP
DLPDLP
DLP
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 

Viewers also liked

Global economic outlook
Global economic outlookGlobal economic outlook
Global economic outlookDoeren Mayhew
 
Hiring and the Houston Economy
Hiring and the Houston EconomyHiring and the Houston Economy
Hiring and the Houston EconomyDoeren Mayhew
 
IP&T Powerpoint
IP&T PowerpointIP&T Powerpoint
IP&T Powerpointd3b7a
 
12 Months, 12 Tax and Business Priorities for 2014
12 Months, 12 Tax and Business Priorities for 201412 Months, 12 Tax and Business Priorities for 2014
12 Months, 12 Tax and Business Priorities for 2014Doeren Mayhew
 
Managing through growth
Managing through growthManaging through growth
Managing through growthDoeren Mayhew
 
M&A: Deals in 2013, Expectations for 2014
M&A: Deals in 2013, Expectations for 2014M&A: Deals in 2013, Expectations for 2014
M&A: Deals in 2013, Expectations for 2014Doeren Mayhew
 

Viewers also liked (6)

Global economic outlook
Global economic outlookGlobal economic outlook
Global economic outlook
 
Hiring and the Houston Economy
Hiring and the Houston EconomyHiring and the Houston Economy
Hiring and the Houston Economy
 
IP&T Powerpoint
IP&T PowerpointIP&T Powerpoint
IP&T Powerpoint
 
12 Months, 12 Tax and Business Priorities for 2014
12 Months, 12 Tax and Business Priorities for 201412 Months, 12 Tax and Business Priorities for 2014
12 Months, 12 Tax and Business Priorities for 2014
 
Managing through growth
Managing through growthManaging through growth
Managing through growth
 
M&A: Deals in 2013, Expectations for 2014
M&A: Deals in 2013, Expectations for 2014M&A: Deals in 2013, Expectations for 2014
M&A: Deals in 2013, Expectations for 2014
 

Similar to Aicpa tech+panel presentation t6 managing risks and security 2014 v3

How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to EarthSri Chalasani
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery8 Experts on Flawless App Delivery
8 Experts on Flawless App DeliveryMighty Guides, Inc.
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackThousandEyes
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Fundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfFundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfChinatu Uzuegbu
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
Troux Presentation Austin Texas
Troux Presentation Austin TexasTroux Presentation Austin Texas
Troux Presentation Austin TexasJoeFaghani
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015Bill Haase
 

Similar to Aicpa tech+panel presentation t6 managing risks and security 2014 v3 (20)

How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
Fundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdfFundamentals for Stronger Cloud Security2.pdf
Fundamentals for Stronger Cloud Security2.pdf
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
Troux Presentation Austin Texas
Troux Presentation Austin TexasTroux Presentation Austin Texas
Troux Presentation Austin Texas
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015
 

More from Doeren Mayhew

Tax Tools and Tips and Traps ... Oh My!
Tax Tools and Tips and Traps ... Oh My!Tax Tools and Tips and Traps ... Oh My!
Tax Tools and Tips and Traps ... Oh My!Doeren Mayhew
 
50+ CFO/Controller Best Practices for the Big Picture
50+ CFO/Controller Best Practices for the Big Picture50+ CFO/Controller Best Practices for the Big Picture
50+ CFO/Controller Best Practices for the Big PictureDoeren Mayhew
 
Navigating Unknown Territory: Top 10 International Considerations
Navigating Unknown Territory: Top 10 International ConsiderationsNavigating Unknown Territory: Top 10 International Considerations
Navigating Unknown Territory: Top 10 International ConsiderationsDoeren Mayhew
 
Health Care Reform: Connecting the Present to the Future
Health Care Reform: Connecting the Present to the FutureHealth Care Reform: Connecting the Present to the Future
Health Care Reform: Connecting the Present to the FutureDoeren Mayhew
 
Turning Carrots Into Karats: Compensation That Retains and Motivates Top Talent
Turning Carrots Into Karats: Compensation That Retains and Motivates Top TalentTurning Carrots Into Karats: Compensation That Retains and Motivates Top Talent
Turning Carrots Into Karats: Compensation That Retains and Motivates Top TalentDoeren Mayhew
 
Doeren Mayhew: Services And Capabilities
Doeren Mayhew: Services And CapabilitiesDoeren Mayhew: Services And Capabilities
Doeren Mayhew: Services And CapabilitiesDoeren Mayhew
 

More from Doeren Mayhew (8)

Tax Tools and Tips and Traps ... Oh My!
Tax Tools and Tips and Traps ... Oh My!Tax Tools and Tips and Traps ... Oh My!
Tax Tools and Tips and Traps ... Oh My!
 
Legal
LegalLegal
Legal
 
50+ CFO/Controller Best Practices for the Big Picture
50+ CFO/Controller Best Practices for the Big Picture50+ CFO/Controller Best Practices for the Big Picture
50+ CFO/Controller Best Practices for the Big Picture
 
2014 tax update
2014 tax update2014 tax update
2014 tax update
 
Navigating Unknown Territory: Top 10 International Considerations
Navigating Unknown Territory: Top 10 International ConsiderationsNavigating Unknown Territory: Top 10 International Considerations
Navigating Unknown Territory: Top 10 International Considerations
 
Health Care Reform: Connecting the Present to the Future
Health Care Reform: Connecting the Present to the FutureHealth Care Reform: Connecting the Present to the Future
Health Care Reform: Connecting the Present to the Future
 
Turning Carrots Into Karats: Compensation That Retains and Motivates Top Talent
Turning Carrots Into Karats: Compensation That Retains and Motivates Top TalentTurning Carrots Into Karats: Compensation That Retains and Motivates Top Talent
Turning Carrots Into Karats: Compensation That Retains and Motivates Top Talent
 
Doeren Mayhew: Services And Capabilities
Doeren Mayhew: Services And CapabilitiesDoeren Mayhew: Services And Capabilities
Doeren Mayhew: Services And Capabilities
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

Aicpa tech+panel presentation t6 managing risks and security 2014 v3

  • 1. Aria Resort and Casino Las Vegas, NV Session T6: Managing Risks and Security in the Cloud Environment (Panel Discussion) Catherine Bruder Steve Ursillo, Jr. Brian Thomas Aaron Klein Peter Karpas #PSTECH 1
  • 2. American Institute of CPAs® #PSTECH Session Agenda Introduction to the Cloud Panel Discussion • Q&A Format - Assessing the risks prior to moving into the Cloud environment - Managing the risks after moving into the Cloud environment 2
  • 3. American Institute of CPAs® #PSTECH Steve Ursillo, Jr. CPA, CIA, CFE, CISA, CISM, CITP, CISSP, CGEIT, CRISC Principal, Director of Technology & Assurance Services Sparrow, Johnson & Ursillo, Inc. sursillojr@sju.com Steve is a principal and the director of Information Technology and Assurance Services at Sparrow, Johnson & Ursillo, Inc., a Rhode Island-based full- service CPA firm. Steve specializes in information security and privacy assurance services such as network and system vulnerability testing, penetration testing, information systems audits, internal control over financial reporting audits and Service Organization Control (SOC) attestations. Steve is currently the Co- Lead for the AICPA Cyber Security Task Force, along with serving on the Service Organization Control (SOC) Reporting Task Force. He graduated with a master’s degree in computer information systems (security) from Boston University and a bachelor’s degree in business administration (accounting) from Bryant University. 3
  • 4. American Institute of CPAs® #PSTECH Catherine Bruder CPA, CITP, CISA, CISM Shareholder, Doeren Mayhew bruder@doeren.com Catherine is the Shareholder of Information Technology Assurance Services for Doeren Mayhew, a CPA firm in Troy, Michigan. She is responsible for the planning and supervision of all forms of technology assurance including SSAE 16 and SOC reporting, IT audits, network vulnerability assessments, penetration testing, security program development, and disaster recovery planning. Catherine currently serves on the AICPA Service Organization Controls Task Force. 4
  • 5. American Institute of CPAs® #PSTECH Brian Thomas CISA, CISSP Partner, Weaver Brian.Thomas@WeaverLLP.com Brian is the partner in charge of Weaver’s IT Advisory Services team, which provides a range of technology based assurance and consulting related services. With experience managing teams delivering IT-focused solutions such as SOC reporting, system integration, information security assessment, SOX assistance, IT audits, and IT project management, Brian brings diverse knowledge and technical skills to his clients. He is a member of the AICPA’s SOC Reporting Task Force and a member of the IM Advisory Council at the McCombs School of Business of The University of Texas. He graduated with a master’s degree and a bachelor’s degree in engineering from the University of Texas – i.e. not a CPA. 5
  • 6. American Institute of CPAs® #PSTECH Aaron Klein Founder- COO CloudCheckr Inc. aaron.klein@cloudcheckr.com Aaron is the Founder and Chief Operating Officer of CloudCheckr Inc. CloudCheckr’s industry leading software solution provides visibility, security, cost management, and compliance controls so that users can confidently maximize their agility in the decentralized cloud environment. He has authored a series of whitepapers around public cloud best practices and mapping infrastructure controls to NIST 800-53 requirements. Aaron is also a regular contributor to Amazon Cloud Journal, DZone, DevOps.com, and other leading publications. Aaron earned a J.D. from State University of New York at Buffalo and a B.A. from Brandeis University. 6
  • 7. American Institute of CPAs® #PSTECH Peter Karpas CEO – Xero North America Peter.karpas@xero.com Peter recently joined Xero as the CEO of North America. Prior to Xero, Peter held a number of senior roles at PayPal and Intuit. He was Vice President & General Manager of Small Business for PayPal, responsible for driving all of PayPal's small business efforts in North America. Prior to PayPal, Karpas spent over 10 years at Intuit. He was President and General Manager of the Quicken Health Group and served as the company's Chief Marketing and Product Management Officer, VP and General Manager of the Quicken Solutions Group, and General Manager for QuickBooks Industry-Specific Solutions. He is currently a member of the Board of Trustees for the Computer History Museum. 7
  • 8. American Institute of CPAs® #PSTECH Introduction to the Cloud 8
  • 9. American Institute of CPAs® #PSTECH 9
  • 10. American Institute of CPAs® #PSTECH IDC Forecasts Spending on public IT cloud services will reach $47.4 billion in 2013 and is expected to be more than $107 billion in 2017 Over the 2013–2017 forecast period, public IT cloud services will have a compound annual growth rate (CAGR) of 23.5%, five times that of the industry overall •Software as a service (SaaS) will remain the largest public IT cloud services category, capturing 59.7% of revenues in 2017 10
  • 11. American Institute of CPAs® #PSTECH What is changing in the industry? 11
  • 12. American Institute of CPAs® #PSTECH Introduction Software as a Service (Saas) • Provides web-based access to software systems. This arrangement provides specialty or industry specific automation functionality without the capital investment in equipment and ongoing support and maintenance expense. Platform as a Service (PaaS) • Offers hardware and software layers comprising a computing platform which is delivered like a service. This particular layer of cloud computing enables companies to construct, test and deploy systems from a centralized environment. Infrastructure as a Service (IaaS) • Where software and hardware, the equipment which supports automated operations, are purchased as a fully outsourced service versus buying and maintaining these assets in-house. IaaS provides a company on-demand storage, computing and networking capacity. 12
  • 13. American Institute of CPAs® #PSTECH Cloud Deployment Options Private Cloud • Colocation: server racks (equipped with power, cooling, and bandwidth) are rented on a monthly basis. Public Cloud • Managed Hosting: service provider provides IT infrastructure resources, such as applications and storage, available over the Internet. Services may be free or subscribed on a pay-per-usage basis. Hybrid Cloud • Combination of Private and Public 13
  • 14. American Institute of CPAs® #PSTECH Cloud Supply Chain Information Security Risks You can outsource business capability or function but you cannot outsource accountability for information security • Control Gaps (shared control) - Information security (access controls, vulnerability, & patch management) - Security architecture - Data governance (lifecycle management) - Release management (change control) - Facility security • Control dependencies - Corporate governance - Incident response - Resiliency - Risk and compliance management 14
  • 15. American Institute of CPAs® #PSTECH Panel Discussion 15
  • 16. American Institute of CPAs® #PSTECH Prior to Moving Into the Cloud Business Considerations • What information and Services would you move to the cloud? • Who is the right person to help manage the Cloud vendor relationship? • Are you going to be able to gain measure against established or best practice benchmarks? Legal and compliance considerations • How do users know if the Cloud vendor is in compliance with regulations and obligations? • What should a user consider in relations to legal implications? 16
  • 17. American Institute of CPAs® #PSTECH Prior to Moving Into the Cloud Cost and contractual considerations • Should a user continue paying existing contractual costs for assets and services that are to be moved to the Cloud? • Can a user determine the Return on Investment (ROI) or the risk to the Total Cost of Ownership (TCO)? • What are other factors that a user should consider? - Existing software licenses, flexibility of solution/ contract, etc. 17
  • 18. American Institute of CPAs® #PSTECH After Moving Into the Cloud • What should be considered if your organization or entity is currently engaged in the use of a cloud vendor (after the fact)? • What are the options to help mitigate risks associated with engaging with a cloud vendor? • How can an user ensure that risks are mitigated? • What should a user consider in relation to legal implications? • If an incident (such as a security breach) does occur with your cloud vendor, what are the appropriate escalation procedures? • What Best practices for resource and cost monitoring are available? - Usage, scope creep, power or bandwidth consumption and the process controls around it. 18
  • 19. American Institute of CPAs® #PSTECH Additional Resources 19
  • 20. American Institute of CPAs® #PSTECH Join Information Management and Technology Assurance (IMTA) IMTA Premium Member Benefits: • Safari Books Online • Discounts on educational programs, such as AICPA TECH+ conference, NAAATS conference, and IT Audit School program • Discounts on valuable software and tools, including Audimation Services, Inc IDEA® products/ training sessions and InformationActive ActiveData® products • Valuable technology content, including discussion papers, content suites, studies & practice aids • Communications, including electronic newsletters, featured articles, and news about the profession and the community • Networking groups and IT Section events at AICPA conferences 20 Visit http://www.aicpa.org/InterestAreas/InformationTechnology for more details.
  • 21. American Institute of CPAs® #PSTECH What is a Certified Information Technology Professional (CITP)? A CITP is a CPA: • Specialty designation that identifies CPAs with the unique ability to bridge between business and technology • The CITP Body of Knowledge represents the fundamental concepts of information management and technology assurance including: - Risk Assessment - Fraud Considerations - Internal Control and IT General Controls - Evaluate, Test and Report - Information Management and Business Intelligence 21
  • 22. American Institute of CPAs® #PSTECH CITP Credential Holder Benefits CITP Marketing Toolkit CPA Practice Advisor – A CPA Focused magazine Full access to technical resources, content suites and practice aids. Find a CPA/CITP Online Database Member Discounts Information Management and Technology Assurance (IMTA) Division Web Seminars 22
  • 23. American Institute of CPAs® #PSTECH CSA 23 https://cloudsecurityalliance.org/
  • 24. American Institute of CPAs® #PSTECH CSA_CCM v3.0 24 https://cloudsecurityalliance.org/
  • 25. American Institute of CPAs® #PSTECH AICPA SOC 25
  • 26. American Institute of CPAs® #PSTECH AICPA SOC 26 http://www.aicpa.org/interestareas/frc/assuranceadviso ryservices/pages/sorhome.aspx
  • 27. Copyright © 2014 American Institute of CPAs. All rights reserved. Thank You American Institute of CPAs® #PSTECH 27

Editor's Notes

  1. BEFORE BOARDING/CONSIDERATIONS:   Cloud risk sample questions, feel free to add or change..........   -What information and Services would you move to the cloud? BRIAN   •How do users know if the cloud vendor is in compliance with regulations and obligations? STEVE   Are you going to be able to gain measure against established or best practice benchmarks? AARON   •What are some of the Cost, Legal and Contractual considerations? AARON   •Can a user determine the Return on Investment (ROI) or the risk to the Total Cost of Ownership (TCO)? BRIAN   •Should a user continue paying existing contractual costs for assets and services that are to be moved to the cloud? STEVE   •What are other factors that a user should consider? BRIAN   •STEVE  
  2.   •Should a user continue paying existing contractual costs for assets and services that are to be moved to the cloud? STEVE  •Can a user determine the Return on Investment (ROI) or the risk to the Total Cost of Ownership (TCO)? BRIAN   •What are other factors that a user should consider? BRIAN    
  3. AFTER Boarding......   •What should be considered if your organization or entity is currently engaged in the use of a cloud vendor (after the fact)? BRIAN   -What are the options to help mitigate risks associated with engaging with a cloud vendor? STEVE   -How can an user ensure that risks are mitigated? BRIAN   -What should a user consider in relation to legal implications? AARON   -If an incident (such as a security breach) does occur with your cloud vendor, what are the appropriate escalation procedures? STEVE   -What Best practices for resource and cost monitoring are available? Ex. Usage, scope creep, power or bandwidth consumption and the process controls around it. AARON