(Cloud) Access Risks19.04.2012 11:30-12:30 Moderator:
Identifying your Critical Information Assets. Moving from System Security to Information Security
Classical IT-Security is centered around the assets governed by the IT organization, and therefore in reality information security and IT security are used to describe that same thing. Protecting the assets of the IT organization is good, but at the end the real value of security is to protect the assets that are important for the overall organization. This becomes obvious when IT services more and more move into the Cloud, and users more and more bring their own devices to work with. Who will stay in the security game thus needs to switch from protecting IT assets to protecting Information Assets which are critical to the organization.
This presentation will give an overview on how to move from IT and System Security to Information Security.
Managing Cloud Computing Access Risks
Today’s cloud architecture increases the risk of access to a company’s critical data, such as intellectual property, personal privacy information, cardholder data, health information, financial data, etc. As a result, companies are asking themselves how do they ensure that their organization's most critical information is in the hands of the right individuals and that they're doing the right things with it?
During this panel session, we’ll outline what organizations need to do to identify, quantify, and manage the risk of information access in the cloud environment. We’ll discuss how companies need to determine what information presents the greatest risk and what access issues are the source of this risk. Next, learn how to present this information to your business colleagues in terms they understand, so that they know how this impacts the business. They must be able to translate this risk into underlying security issues and deconstruct the elements to identify the source of the risk and determine how to manage it. Simply identifying and quantifying the risk is not enough if you can't explain how to remediate and manage the risk. We’ll also explore the access assurance steps and automation needed to increase access controls to prevent future occurrences.
After this session, attendees will be able to: