D6. Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards)
Audit, Risk & Compliance
Wednesday, May 9, 2018
3:15 PM - 4:15 PM
To certify cloud applications (SaaS) and infrastructure services (IaaS) organizations have to change. Traditional data center audits (PCI, HIPAA, FISMA, ISO 27001) are challenged by the risks, management and security boundaries presented by moving commercial services to the cloud. What are the security and privacy requirements to be addressed? This session will present the standards for ISO 27017 (cloud security) and ISO 27018 (PII protection in the cloud). Best practices are given for conducting Risk Assessments for newly-offered cloud services. Behind every cloud is a silver lining or a cloudburst waiting to happen. What will it be for your cloud services - sunshine or rain?
After completing this session learner will understand:
- Top 10 Security and Privacy Threats in the Cloud
- Risk Assessment for Cloud Applications
- ISO standards for Cloud Security and Privacy
- Tools and Techniques for Certifying Cloud Applications
Tim Weil is a Network Project at Alcohol Monitoring Systems with over 25 years of management consulting, and engineering experience in commercial and government sectors. His areas of expertise include FedRAMP/FISMA compliance for federal agencies, IT Service Management, cloud security, and ISO 27001 compliance for commercial clients. Tim maintains industry certifications as a CCSP, CISSP, CISA and PMP and is trained as a lead auditor for ISO 27001 and ISO 9001 standards.