DINE AND LEARN: RISK ASSESSMENT METHODS FOR CLOUD COMPUTING PLATFORMS

Cet événement est passé

3 y sont allés

Image du lieu de l'événement

Détails

IEEE Members: Please register though IEEE vtools if you have received the e-notice! Thank you!

Abstract:

Risk assessment (RA) use cases for cloud computing platforms are presented in the context of an ISO 27001 Information Security Management System (ISMS) developed for Alcohol Monitoring Systems (AMS) across a portfolio of products and services.

This talks presents risk management techniques for implementing an ISO 27001 Information Security Management System (ISMS) governing cloud computing in multiple deployment models (public cloud, hybrid cloud, community cloud, international cloud). Deployment models are discussed for common cloud service models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a service (SaaS). The models presented have been derived from ISO 27001 compliance projects at Alcohol Monitoring Systems (AMS) headquartered in Littleton, CO. In the Electronic Monitoring (EM), Rehabilitation and Corrections/Law Enforcement industries, our products and services are branded as SCRAM Systems ™ (http://www.scramsystems.com). Over several years, a governing SCRAM ISMS has been developed from a set of commercia risk management policies presented in this talk.

Bio:

Tim Weil is a Audit and Compliance engineer at Alcohol Monitoring Systems with over 25 years of management consulting, and engineering experience in commercial and government sectors. His areas of expertise include FedRAMP/FISMA compliance for federal agencies, IT Service Management, cloud security, and ISO 27001 compliance for commercial clients. Tim maintains industry certifications as a CCSP, CISSP, CISA and PMP and is trained as a lead auditor for ISO 27001 and ISO 9001 standards.

Tim is a Senior Member of the IEEE and has served in several IEEE positions –Chair of the Denver COMSOC Chapter (2019), Chair of the Denver Section (2013); Chair of the Washington Section (2009); Cybersecurity Editor for IEEE IT Professional magazine [masked]). His publications, blogs and speaking engagements are available from the website – http://www.securityfeeds.us