cloud security Literacy

 hp.com


クラウドセキュリティの

"prudent man rule"

by

Terumi C. Laskowsky

prudent man?


Cloud security literacy





クラウドセキュリティのリテラシーは、
コーポレート(組織)のガバナンスの一環

governance



<-corporate->

<-information->

<-IT GOVERNANCE->
IT SECURITY GOVERNANCE
DATA GOVERNANCE



governance




"Do the right thing"


...マネージメントは:
"Doing it in the right way"





WHAT IS THE RIGHT THING TO DO??




Due care

 "the prudent man rule"


...Due Diligence は、Due Careの管理
...Gross Negligence は、Due Dilligenceが示されない場合





"the prudent man rule"

は、時代とともに常に変わってくる






WHY USE THE CLOUD?

drunk in a taxi?



decision to use the cloud




BENEFITs > RISK

before the "cloud"








the "cloud" is not another asp service

nist model

and COST BENEFIT OF SCALE

in the news


the SPI model

and MULTI-TEANCY

the spending trend




spending on it security

$71.1 billion this year

(7.9% increase. 8.2% increase expected.)
-- Gartner

people




expect 1,000,000 it security professional shortage

cisco report

DOD's due DILIGENCE


DOD 8570



get smart


THANK YOU!!

 


WHat happens when literacy is low


 Source: unk


Source: http://www.csmonitor.com/

case study: home depot




 "Mozart"というマルウェアに攻撃された

-- According to the Secret Service Report



the damage


  • 56M card information
  • 1,700 stores in the US (out of 2,200)
  • 112 stores in Canada






Source: Krebsonsecurity.com

a bit about mozart




unencrypted??




脆弱性のからくり

being vigilant




being vigilant



Source: www.slate.com

being vigilant

security by OBSCURITY




Compliance helps




PCIDSS だけでいいのか?


mindset




セキュリティはルーチンワークではない



参考資料

"cloud" is not asp service




クラウドサービスは、従来のASPサービスではない

CLoud reference model

違いは、各層でのマルチテナント制

need for in-house literacy


以下の法令・コンプライアンスは
内部でのリテラシーを求める

ISO27001
PCI-DSS
SOX
etc.