• No results found

How To Write A Book On The Internet Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Write A Book On The Internet Security"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Bedrijfszekerheid in ketens

Towards Trustworthy ICT Service Chains

Integrated Assurance framework for ICT enabled service chains

Drs Y.W. (Ype) van Wijk RE RA

Rijksuniversiteit Groningen

Business & ICT – IT auditing

24 november 2011

Risk

Control

(2)

Agenda

› Towards Trustworthy ICT service chains (TTISC project)

› Bedrijfszekerheid en trends in ketens

› Content versus Delivery networks

Assurance

guidelines

› The

atomic approach

for controls in service chains

(3)

Towards Trustworthy ICT Service Chains

› Innovatie samenwerkingsverband

› ICT services chains

› Chain Governance, SaaS, SOA, ICT, IT Audit

› Risk – Control - Assurance

› Bedrijfszekerheid in ketenautomatisering

› Framework Assurance Leading Indicators

Rijksuniversiteit Groningen

Bestuurlijke Informatica

Drs Y.W. van Wijk RE RA

PWC Accountant en IT consulting

Nedlloyd operational audit

Euronext

Amvest BV

Cobalus BV

(4)
(5)

Bedrijfszekerheid en ICT ketens

Bedrijfszekerheid

€ 44,4 mlrd

Inkomstenbelasting

Miljoenennota 2010

Consument

Techniek ICT – Netwerk - Architectuur

Service leverancier

Enabler

(certificaat)

service request service request

service

(6)

Trends ICT ketens

• van Applicaties naar ketens van gekoppelde externe service netwerken

van applicaties (linkedin, maps)

• SaaS en Cloud computing als distributeur

• Toename afhankelijkheid

• Nieuwe risico’s en bedreigingen

• Applicatie leverancier afhankelijk vertrouwen leveranciers van

leveranciers, ad infinitum.

• Need for assurance (e-government, e-business)

• Objectieve methode assurance

• Security, availability, quality of service (QoS)

• Assurance over totale keten.

(7)

Service chain Assurance approach

• Risico in service ketens

content networks

-

business inhoud–network controls

delivery networks

- technische ICT control

• Generalisatie en conceptualisatie

Integrated Assurance Framework for ICT enabled service chains

Risk

Control

Assurance

Business content risk

(8)

Standards, Guidelines, Frameworks, Best Practices, Architecture theory’s……

Standards

ISO 27000 series

ENISA

Guidelines

COBIT

IT control objectives for cloud computing

ITAF (IT Assurance Framework)

Val IT

Risk IT

IEEE

Scientific research

Organization theory

Technical ICT research

Architecture

Audit theory

Operations research

Accountancy

Assurance

Conceptualization in service chains?

Practitioners research

TEXO SAP research

Project Master

Chain governance

Architectures

SOA

SaaS

Cloud computing

(9)

Assurance

(10)

Het basis Atoom van de service chain

service Risk Control Enactment Enforcement

A

B

C

Add value request service request Service Chain Content network

Content

Network

Delivery network Service Chain

Delivery

Network

(11)

Service chain propagation in content and delivery networks

Content network

Delivery network

Content Network Service Chain Propagation

Service Chain Propagation

Delivery Network Service Chain Propagation

Backward

Chain propagation

Risk

Front

Chain propagation

Risk

(12)

3. Service Chain Assurance ∑ inkoop = ∑ service + ∑ service ..

€ € €

Enactment

Enforcement

Risk

Control

Assurance

Organisatie

Organisatie

Organisatie

1. INTRA-organisatie risk-control-assurance

2. INTER-organisatie risk-control-assurance

Skin

Client

(13)

Level Technical delivery assurance network

ISP

Mobile

network

Enactment

Enforcement

Risk

Control

Assurance

Availability

Downtime, Mean-time between failure,

Self healing properties

Security

Vulnerability, confidentiality, Integrity,

Authentication

Quality of service (QoS)

Bandwidth, Delay, Jitter, Round-trip

time

Client

(14)

Consequences for Architecture

Service chain architecture

• Split content and delivery for chains

• Develop content assurance chain

• Develop delivery assurance chain

• Take care of proper

enactment

in the chain

• Agree on service chain

enforcement

Integrate

on specific

assurance indicators

Service Based Auditing

(15)

Conclusions

Assurance

is a

primary condition

for services business

Assurance

in service chains must add

predictive value

› For

Architecture

it is important to integrate

a-priori

the

leading

indicators content and delivery network

assurance

› Integrating

assurance indicators

in the

design phase

of service

oriented architecture can support content and delivery assurance.

Assurance

by professional

independent party opinion

can be

(16)

Towards Trustworthy ICT Service Chains

Dank voor uw aandacht

Drs Y.W. (Ype) van Wijk RE RA

Rijksuniversiteit Groningen

Business & ICT – IT auditing

Risk

Control

(17)

Standards

ISO 27000

www.iso.org

ENISA

www.enisa.europa.eu

Guidelines

COBIT

www.isaca.org

IT control objectives for cloud computing

www.isaca.org

ITAF (IT Assurance Framework)

www.isaca.org

Val IT

www.isaca.org

Risk IT

www.isaca.org

Practitioners research

TEXO Governance framework (SAP research)

References

Download now ( PDF - 17 Page - 0.94 MB )

Related documents

Lifestyle trends and housing typologies in emerging multicultural cities

De Bel-Air 2014, 2015a and 2015b in addition to official data from: Abu Dhabi Statistics Centre 2016; Bahrain Information & eGovernment Authority 2014; Dubai Statistics

An exploration of the corporate objectives of the Rio 2016 Olympic Sponsors

Four sub-categories of objectives were revealed under this broad category including sponsor- sponsee relationship - “tangible commercial benefits” which relates to the commercial

Factors impacting on the current level of open innovation and ICT entrepreneurship in Africa

This research study focused on evaluating factors impacting on the current level of Open Innovation and ICT entrepreneurship in Africa. The research questions were answered by

Terms & Conditions Introduction

a) Advise you on what action to take to protect yourself and your Property. b) Arrange an appointment for an Approved Engineer to visit your Property. c) Organise and pay the cost

How To Buy School Supplies

Formal bids and request for proposals (RFPs) were obtained and evaluated by the Division of Procurement, Department of Materials Management, in consultation with the users.

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

The Commission is committed to deliver, within its sphere of competence, on the challenges of building and modernising a European network, and incorporating renewable energy,

Universities and innovation in space

With regard to the spatial scope of knowledge spillovers from academic institutions, Anselin, Varga, and Acs (1997; 2000) and Acs, Anselin, and Varga (2002) found that in the US

MAKE THE MOST OF THE SALES TALENT WITHIN YOUR ORGANIZATION.

Knowledge is power, and PI Worldwide’s Selling Skills Assessment Tool (SSAT) gives you the specific data you need to increase the sales production and customer interaction skills