(isc)² belux chapter 4/apr/2019...apr 04, 2019 · 2. domain 2: governance and enterprise risk...
TRANSCRIPT
![Page 1: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/1.jpg)
![Page 2: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/2.jpg)
(ISC)² Belux Chapter4/apr/2019
Dockers and Cloud security
3
![Page 3: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/3.jpg)
4
AGENDA
» Foreword
» Container security pipedreams: A docker security 101
(Ronald Bister )
» Break & getting to know each others
» Cloud security 101 (Peter Geelen)
![Page 4: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/4.jpg)
Forewords
5
![Page 5: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/5.jpg)
Container security pipedreams: A docker security 101
Ronald Bister
6
![Page 6: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/6.jpg)
7
Break!Go get to know great people.
![Page 7: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/7.jpg)
Cloud security 101Peter Geelen
8
![Page 8: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/8.jpg)
9
Content
» Cloud security? Where to get started?
» CCSK & CCSP, the evil twin.
» CCSK
» CCSP
» Cloud security highlights & take-aways
![Page 9: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/9.jpg)
10
Cloud security? Where to get started?
IT security operations
IT security architecture
Cloud security basics
Cloud security professional
![Page 10: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/10.jpg)
11
Cloud security? Where to get started?
IT security operations SSCP
IT security architecture CISSP
Cloud security basics CCSK
Cloud security professional CCSP
![Page 11: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/11.jpg)
12
SSCP CISSP
CCSPCCSK
![Page 12: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/12.jpg)
13
CSA CCSK
![Page 13: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/13.jpg)
14
CCSK (V4!)
» Cloud security alliance
» Small twin of CCSP
» Online exam (2 shots)
» Free study
» Multiple choice exam
• upgrade shot
• difficulty
![Page 14: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/14.jpg)
15
CCSK (V4!)
1. Domain 1 Cloud Computing Concepts and Architectures
2. Domain 2: Governance and Enterprise Risk Management
3. Domain 3: Legal Issues, Contracts and Electronic Discovery
4. Domain 4: Compliance and Audit Management
5. Domain 5: Information Governance
6. Domain 6: Management Plane and Business Continuity
7. Domain 7: Infrastructure Security
![Page 15: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/15.jpg)
16
CCSK (V4!)
8. Domain 8: Virtualization and Containers
9. Domain 9: Incident Response
10. Domain 10: Application Security
11. Domain 11: Data Security and Encryption
12. Domain 12: Identity, Entitlement, and Access Management
13. Domain 13: Security as a Service
14. Domain 14: Related Technologies
![Page 16: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/16.jpg)
17
CCSK (V4!)» ENISA Cloud Computing: Benefts, Risks and
Recommendations forInformation Security
» Cloud Security Alliance - Cloud Controls Matrix
![Page 17: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/17.jpg)
18
CCSK (V4!)
» https://ccsk.cloudsecurityalliance.org
» CCSK Study Materials
(https://cloudsecurityalliance.org/education/ccsk/#_prepare)
» https://cloudsecurityalliance.org/artifacts/ccskv4_exam_prep_kit
» Download prep kit
![Page 18: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/18.jpg)
19
Download prep kit
» CSA Guidance (DO NOT pay with your privacy)
» https://cloudsecurityalliance.org/download/security-guidance-v4/
» Cloud Controls Matrix: (DO NOT pay with your privacy)
https://cloudsecurityalliance.org/download/artifacts/cloud-controls-matrix-v3-0-1/
» ENISA (no privacy issue)
» https://www.enisa.europa.eu/publications/cloud-computing-risk-
assessment/at_download/fullReport
![Page 19: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/19.jpg)
20
Book your exam (and try 2x or save for vNext)
https://ccsk.cloudsecurityalliance.org/en
(no maintenance fee)
![Page 20: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/20.jpg)
21
CSA CCM
![Page 21: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/21.jpg)
22
(ISC)² CCSP
![Page 22: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/22.jpg)
23
Course Agenda v2017
» Domain 1: Architectural Concepts & Design Requirements
(157)
» Domain 2: Cloud Data Security (250)
» Domain 3: Cloud Platform and Infrastructure Security (153)
» Domain 4: Cloud Application Security (91)
» Domain 5: Operations (282)
» Domain 6: Legal and Compliance (177)
![Page 23: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/23.jpg)
24
Course Agenda (>1 Aug 2019)
» Domain 1: Cloud Concepts & Design Requirements (17%/19%)
» Domain 2: Cloud Data Security (19%/20%)
» Domain 3: Cloud Platform and Infrastructure Security (17%/19%)
» Domain 4: Cloud Application Security (17%/15%)
» Domain 5: Cloud security (17%/15%)
» Domain 6: Legal, Risk and Compliance (13%/12%)
» 125Q : Exam 3h (now 4H)
![Page 24: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/24.jpg)
25
Cloud security 10 principles
![Page 25: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/25.jpg)
1. Plan for a good mariage.
26
Plan the exit.
![Page 26: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/26.jpg)
2. Cloud or data center.
27
The same new sh….
![Page 27: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/27.jpg)
3. Cloud is secure, right?
28
YOUR responsability
![Page 28: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/28.jpg)
3. Cloud is secure, right?
29
YOUR accountability
![Page 29: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/29.jpg)
30
Compensate for loss of control
People
Process
Technology
![Page 30: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/30.jpg)
3. Identity, identity, identity.
31
The circle of life
![Page 31: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/31.jpg)
32
--
+/-
++
The circle of life
![Page 32: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/32.jpg)
33
1
2
3
InStart of identityHire,onboarding,provisioning,create,Begin, ...
ChangeChange of identity, move, promotion, Update, maintenance, Operations, ...
OutEnd-of-lifeFire,termination,End-of-contract,deprovisioning,Revocation, delete, ...
![Page 33: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/33.jpg)
4. What you don't see
34
![Page 34: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/34.jpg)
35
![Page 35: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/35.jpg)
4. What you don't see
36
can hurt..
![Page 36: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/36.jpg)
37
» In a nutshell
![Page 37: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/37.jpg)
5. Zero trust. Use segmenation
38
Infrastructure. Data. People.
![Page 38: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/38.jpg)
6. Keep patching
39
![Page 39: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/39.jpg)
7. No security without awareness.
40
Plan your communication
![Page 40: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/40.jpg)
8. Give a lot, take some.
41
Difficult to crack. Easy to use
![Page 41: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/41.jpg)
9. Manage the exceptions
42
![Page 42: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/42.jpg)
10. Start over again
43
Security is a moving target.
![Page 43: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/43.jpg)
44
More info
![Page 44: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/44.jpg)
45
Need more?
CCSK > CCSP
ISO27001
ISO27005 (Risk)
ISO27032 (Cyber), 27035 (incident)…
NIST Cyberframework
![Page 45: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/45.jpg)
46
Q & A
![Page 46: (ISC)² Belux Chapter 4/apr/2019...Apr 04, 2019 · 2. Domain 2: Governance and Enterprise Risk Management 3. Domain 3: Legal Issues, Contracts and Electronic Discovery 4. Domain](https://reader034.vdocuments.us/reader034/viewer/2022042416/5f3174a1faaf23331950d8cb/html5/thumbnails/46.jpg)
Thank you for your continuous support!
Book the date Thursday, 23rd of may
for our next event on
FIDO and 2FA: strategy and real life example
47