Compliance und neue Technologien Urs Fischer, dipl. WP, CRISC, CISA Fischer IT GRC Beratung und Schulung
Heiter bis bewölkt! Wohin steuert die Technologie
Just What Is Cloud Computing?
Rolle des CIO ändert!
The promise of cloud computing is arguably revolutionizing the IT services world by transforming computing into an ubiquitous utility. Source: ISACA White Paper: Cloud Computing
Risiken Mit den Vorteilen entstehen auch neue Risiken: Erhöhte Abhängigkeit von Third-Party Providern welche flexible, verfügbare, belastbare, und effiziente IT Services liefern sollten Abstraktion/Trennung von physischer Infrastruktur und dem Eigentümer von zu verarbeitenden und gespeicherten Informationen
Herausforderungen
Neue Risiken mit Cloud Immaturity of the service providers with the potential for service provider going concern issues Reliance on the Internet as the primary conduit to the organization s data introduces: Security issues with a public environment Availability issues of Internet connectivity Due to the dynamic nature of cloud computing: The location of the processing facility may change according to load balancing The processing facility may be located across international boundaries Operating facilities may be shared with competitors Legal issues (liability, ownership, etc.) relating to differing laws in hosting countries may put data at risk Greater magnitude of privacy risks Increased vulnerabilities in external interfaces Increased risks in aggregated data centers Greater dependency on third parties Compliance with laws and regulations Transborder flow of personally identifiable information Quality of independent assurance processes Contractual compliance
In an environment where privacy has become paramount to enterprise customers, unauthorized access to information in the cloud is a significant concern. Source: ISACA White Paper: Cloud Computing
Was ist Social Media?
Business Benefit of Social Media Source: Burson-Marsteller, The Global Social Media Check-up Insights
The number and variety of corporations leveraging social media is increasing
Personal use of social media at work is also on the rise (cont.)
Zu beachten Service Level Agreement Klar definierte Strategie Change Management Kultur und Prozesse Neue Anforderungen an Monitoring, Logging, Storage, Bandwith Neue Kommunikations-Kanäle Einbezug Sec-Off
LÖSUNG?
Zusammenfassung When considering new technologies, enterprises should look to established frameworks such as Risk IT, Val IT and COBIT.
Wo finde ich Unterstützung!
Diskussion Top Business / Technology Issues Survey 2011
Diskussion Top Business / Technology Issues Survey 2011
For More Information: Urs Fischer, dipl. WP, CRISC, CISA Fischer IT GRC Beratung & Schulung Mail: fiur@bluewin.ch Xing: https://www.xing.com/profile/urs_fischer12 Linkedin: http://www.linkedin.com/profile?viewprofile=&key=43663087&trk=tab_pro
Urs Fischer CPA (Swiss) by origin, CRISC, CISA & CIA 5 year external auditor Switch to IT Audit In IT Audit for 13 years incl. Head of IT Audit 2004-2010 Head IT Governance & Risk Mgmt Board member of ISACA CH Chapter for about 8 years Co-Author of CobiT4 and now participant of the development of COBIT5 Co-Developer of CobiT Control Practices Member of the CobiT Steering Committee for 3 years Member and Chair of ISACA s EuroCACS Conference Programme Committee for 6 years 2008 2009 Chair of ITGI s 'Risk IT' Task Force 2009 2010 Chair of ISACA s CRISC Task Force Since 2006 Member of ISACA Audit Committee (since 2008 Chairman) Since 2009 Member of ISACA s Credentialing Board Since 2010 Chair of ISACA s CRISC Committee Since 2010 Member of ISACA s Guidance and Practice Committee 2010 Receiver of the John W. Lainhart IV Common Body of Knowledge Award