1. No category

Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
Cloud
Computing
Incorporating Security Provisions into the New
ISO/IEC Cloud Computing SLA Standards
Dr David Ross, Chief Information Security Officer,
[email protected]
©2014 Copyright Bridge Point Communications Pty Ltd slide 1
If the cloud is more secure than most
business systems, why don’t we move
our SCADA systems into the cloud?
Image: NASA, Bill Fecych and Don©2014
Johnson
in Bridge
reactor
roomPty
inLtd
1959.
Copyright
Pointcontrol
Communications
slide 2
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 1
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
Barriers
• Don’t trust the technology
• Don’t trust own understanding of the technology
• Don’t trust the vendor’s understanding of the technology!
©2014 Copyright Bridge Point Communications Pty Ltd slide 3
cloud computing1:
• paradigm for enabling network
access to a
scalable and elastic pool of shareable
physical or virtual resources with on-demand
self-service provisioning and administration
[1] ISO/IEC DIS 17788 Information technology —
Cloud computing ─ Overview and vocabulary
©2014 Copyright Bridge Point Communications Pty Ltd slide 4
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 2
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
What is Cloud?
• 6 Key Characteristics:
• Broad network access
• On-demand self-service
• Multi-tenancy
• Resource pooling
• Rapid elasticity and scalability
• Measured service
©2014 Copyright Bridge Point Communications Pty Ltd slide 5
Multi-tenancy
A feature where physical or virtual resources are allocated in such a
way that multiple tenants and their computations and data are
isolated from and inaccessible to one another. Typically, and within
the context of multi-tenancy, the group of cloud service users
that form a tenant will all belong to the same cloud service
customer organization. There might be cases where the group of
cloud service users involves users from multiple different
customers, particularly in the case of public cloud and community
cloud deployments. However, a given cloud service customer
organization might have many different tenancies with a single
©2014 Copyright
Bridge Point
Communications
Pty Ltd
slide 6
cloud service provider representing
different
groups
within
the
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 3
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
multi-tenancy
• 3.2.26 multi-tenancy: allocation of physical or virtual
resources such that multiple tenants (3.2.36) and their
computations and data are isolated from and
inaccessible to one another
• 3.2.36 tenant: group of cloud service users (3.2.16)
sharing access to a set of physical and virtual resources
ISO/IEC DIS 17788 Information technology —
Cloud computing ─ Overview and vocabulary
©2014 Copyright Bridge Point Communications Pty Ltd slide 7
Managed Services
Co-Lo & DCs
NOT cloud
©2014 Copyright Bridge Point Communications Pty Ltd slide 8
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 4
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
On-Demand Self-Service
CLOUD
©2014 Copyright Bridge Point Communications Pty Ltd slide 9
On-Demand Self-Service
CLOUD
©2014 Copyright Bridge Point Communications Pty Ltd slide 10
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 5
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
On-Demand Self-Service
CLOUD
©2014 Copyright Bridge Point Communications Pty Ltd slide 11
On-Demand Self-Service
CLOUD
©2014 Copyright Bridge Point Communications Pty Ltd slide 12
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 6
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
On-Demand Self-Service
CLOUD
©2014 Copyright Bridge Point Communications Pty Ltd slide 13
Major Roles of Cloud Computing
• cloud service provider:
party (3.1.6) which makes cloud services (3.2.7) available
• cloud service customer:
party (3.1.6) which is in a business relationship for the
purpose of using cloud services (3.2.7)
• cloud service partner:
party (3.1.6) which is engaged in support of, or auxiliary to,
activities of either the cloud service provider (3.2.14)
or the cloud service customer (3.2.10), or both
ISO/IEC DIS 17788 Cloud computing ─©2014
Overview
Copyright and
Bridgevocabulary
Point Communications Pty Ltd
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
slide 14
Page 7
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
4 Deployment Models
• Public Cloud
• Private Cloud
• Community Cloud
• Hybrid Cloud
©2014 Copyright Bridge Point Communications Pty Ltd slide 15
3 NIST “Types” now “Capabilities Types”
• Original 3 “Types” (NIST):
• Infrastructure-as-a-Service (IaaS),
• Platform-as-a-Service (PaaS), and
• Software-as-a-Service (SaaS).
©2014 Copyright Bridge Point Communications Pty Ltd slide 16
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 8
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
3 NIST “Types” now “Capabilities Types”
• De-facto NIST “Types” now abstracted to 2 levels:
• Cloud Service Categories
• Cloud Capabilities Types
• Now 3 “Capabilities Types” (ISO 17788):
• Infrastructure Capabilities Type,
• Platform Capabilities Type, and
• Application Capabilities Type.
• And many “Cloud Service Categories”, including:
• IaaS, PaaS, and SaaS. ©2014 Copyright Bridge Point Communications Pty Ltd slide 17
ISO/IEC DIS 17789 Cloud computing ─ Reference architecture
ISO/IEC DIS 17789 Information technology —
©2014architecture
Copyright Bridge Point Communications Pty Ltd slide 18
Cloud computing ─ Reference
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 9
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC DIS 17789 Cloud computing ─ Reference architecture
ISO/IEC DIS 17789 Information technology —
ISO/IEC DIS 17789 Cloud computing
─ Reference
architecture
©2014 Copyright
Bridge Point Communications
Pty Ltd slide 19
ISO/IEC DIS 17789 Cloud computing ─ Reference architecture
ISO/IEC DIS 17789 Information technology —
©2014architecture
Copyright Bridge Point Communications Pty Ltd slide 20
Cloud computing ─ Reference
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 10
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC DIS 17789 Cloud computing ─ Reference architecture
©2014 Copyright Bridge Point Communications Pty Ltd slide 21
ISO
• Not an acronym, “ISO” is the short name in any language
• Long name is:
“International Organization for Standardization” (yes, ‘z’s)
• Which translates to:
“Organisation Internationale de Normalisation”
“Internationale Organisation fur Normung”
etc.
©2014 Copyright Bridge Point Communications Pty Ltd slide 22
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 11
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
IEC
• Is the English initialisation
• International Electrotechnical Commission
• E.g. Commission Électrotechnique Internationale (CEI)
in French
©2014 Copyright Bridge Point Communications Pty Ltd slide 23
ISO/IEC
• Joint Technical Committee 1 (JTC 1)
• To develop, maintain, promote, and facilitate standards in
the fields of information technology (IT) and Information
and Communications Technology (ICT).
• Sub-Committees (SC)
Working Groups (WG)
Special Working Groups (SWG)
Sub-Committees’ Working Groups (SC x/WG y)
©2014 Copyright Bridge Point Communications Pty Ltd slide 24
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 12
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
JTC 1
29
sub-groups:
Subcommittee/Working Group
ISO/IEC JTC 1/SC 1
ISO/IEC JTC 1/SWG 1
ISO/IEC JTC 1/SWG 2
ISO/IEC JTC 1/SC 2
ISO/IEC JTC 1/SWG 3
ISO/IEC JTC 1/SWG 5
ISO/IEC JTC 1/SWG 6
ISO/IEC JTC 1/WG 7
ISO/IEC JTC 1/WG 8
ISO/IEC JTC 1/SC 2
ISO/IEC JTC 1/SC 6
ISO/IEC JTC 1/SC 7
ISO/IEC JTC 1/SC 17
ISO/IEC JTC 1/SC 22
ISO/IEC JTC 1/SC 23
ISO/IEC JTC 1/SC 24
ISO/IEC JTC 1/SC 25
ISO/IEC JTC 1/SC 27
ISO/IEC JTC 1/SC 28
ISO/IEC JTC 1/SC 29
ISO/IEC JTC 1/SC 31
ISO/IEC JTC 1/SC 32
ISO/IEC JTC 1/SC 34
ISO/IEC JTC 1/SC 35
ISO/IEC JTC 1/SC 36
ISO/IEC JTC 1/SC 37
ISO/IEC JTC 1/SC 38
ISO/IEC JTC 1/SC 39
ISO/IEC JTC 1/SC 40
Title
Smart Cities
Accessibility (SWG-A)
SWG - Directives
Big Data
Planning
Internet of Things (IoT)
Management
Sensor networks
Governance of IT
Coded character sets
Telecommunications and information exchange between systems
Software and systems engineering
Cards and personal identification
Programming languages, their environments and system software interfaces
Digitally Recorded Media for Information Interchange and Storage
Computer graphics, image processing and environmental data representation
Interconnection of information technology equipment
IT Security techniques
Office equipment
Coding of audio, picture, multimedia and hypermedia information
Automatic identification and data capture techniques
Data management and interchange
Document description and processing languages
User interfaces
Information technology for learning, education and training
Biometrics
Distributed application platforms and services (DAPS)
Sustainability for and by Information Technology
©2014 Copyright Bridge Point Communications Pty Ltd slide
IT Service Management and IT Governance
25
ISO/IEC JTC 1/SC 27
• IT Security techniques
• Number of published ISO standards under responsibility
of ISO/IEC JTC 1/SC 27 (includes updates): 136
• Participating countries: 53
• Observing countries:
17
©2014 Copyright Bridge Point Communications Pty Ltd slide 26
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 13
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC JTC 1/SC 27
ISO/IEC WD 27003
20.60
Information technology -- Security techniques -- Information security management system implementation guidance
ISO/IEC WD 27004
20.60
Information technology -- Security techniques -- Information security management -- Measurement
ISO/IEC WD 27005
20.60
Information technology -- Security techniques -- Information security risk management
ISO/IEC CD 27006
Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information 30.60
security management systems
ISO/IEC CD 27011
Information technology -- Security techniques -- Information security management guidelines for telecommunications
30.00
organizations based on ISO/IEC 27002
ISO/IEC WD 27013
Information technology -- Security techniques -- Guidance on the integrated implementation of ISO/IEC 27001 and
20.60
ISO/IEC 20000-1
ISO/IEC CD 27017
Information technology -- Security techniques -- Code of practice for information security controls for cloud computing 30.60
services based on ISO/IEC 27002
ISO/IEC DIS 27018
Information technology -- Security techniques -- Code of practice for PII protection in public cloud acting as PII
40.99
©2014 Copyright Bridge Point Communications Pty Ltd slide 27
processors
ISO/IEC JTC 1/SC 38
• Distributed application platforms and services (DAPS)
• WG 1: Web Services,
• WG 2: Service Oriented Architecture (SOA), and
• WG 3: Cloud Computing
• Number of published ISO standards under responsibility
of ISO/IEC JTC 1/SC 38 (includes updates): 4
• Participating countries: 27
• Observing countries:
8
©2014 Copyright Bridge Point Communications Pty Ltd slide 28
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 14
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC JTC 1/SC 38
• Participating Countries
• Australia (SA)
• Austria (ASI)
• Brazil (ABNT)
• Canada (SCC)
• China (SAC)
• Denmark (DS)
• Finland (SFS)
• France (AFNOR)
• Germany (DIN)
•
•
•
•
•
•
•
•
•
India (BIS)
Ireland (NSAI)
Israel (SII)
Italy (UNI)
Japan (JISC)
Korea, Republic of
(KATS)
Luxembourg (ILNAS)
Netherlands (NEN)
Poland (PKN)
• Portugal (IPQ)
• Russian Federation
•
•
•
•
•
•
•
(GOST R)
Singapore (SPRING)
South Africa (SABS)
Spain (AENOR)
Sweden (SIS)
Switzerland (SNV)
United Kingdom (BSI)
United States (ANSI)
©2014 Copyright Bridge Point Communications Pty Ltd slide 29
ISO/IEC JTC 1/SC 38
• Observing Countries
• Belgium (NBN)
• Bosnia and Herzegovina (BAS)
• Czech Republic (UNMZ)
• Hong Kong (ITCHKSAR) (Correspondent member)
• New Zealand (SNZ)
• Norway (SN)
• Serbia (ISS)
• Uruguay (UNIT)
©2014 Copyright Bridge Point Communications Pty Ltd slide 30
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 15
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC JTC 1/SC 38
ISO/IEC DIS 17788
Information technology -- Cloud computing -- Overview and vocabulary
ISO/IEC DIS 17789
Information technology -- Cloud computing -- Reference architecture
ISO/IEC CD 18384-1
Information technology - Reference Architecture for Service Oriented Architecture (SOA) -Part 1: Terminology and Concepts for SOA
ISO/IEC CD 18384-2
Information Technology - Reference Architecture for Service Oriented Architecture (SOA) -Part 2: Reference Architecture for SOA Solutions
ISO/IEC CD 18384-3
Information technology - Reference Architecture for Service Oriented Architecture (SOA) -Part 3: Ontology for SOA
40.60
40.60
30.60
30.60
30.60
ISO/IEC NP 19086
Information technology -- Distributed application platforms and services -- Cloud computing -- 10.99
Service level agreement (SLA) framework and terminology
©2014 Copyright Bridge Point Communications Pty Ltd slide 31
ISO/IEC JTC 1/SC 38/WG 3 (Cloud)
• DIS 17788 ISO/IEC DIS 17788 Information Technology –
Cloud Computing – Overview and Vocabulary
• Editor: Eric Hibbard (US)
• Disposition of DIS comments complete
• Progressing to IS
©2014 Copyright Bridge Point Communications Pty Ltd slide 32
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 16
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC JTC 1/SC 38/WG 3 (Cloud)
• DIS 17789 ISO/IEC DIS 17789 Information Technology –
Cloud Computing – Reference Architecture
• Editor: Laura Lindsay (US)
• Disposition of DIS comments complete
• Progressing to IS
©2014 Copyright Bridge Point Communications Pty Ltd slide 33
ISO/IEC JTC 1/SC 38/WG 3 (Cloud)
• WD 19086 ISO/IEC 19086 Information Technology –
Cloud Computing – Service Level Agreement (SLA)
Framework and Terminology
• Editors:
Eric Simmon (US)
Liu Na (China)
Toshihiro Suzuki (Japan)
• Working Draft in progress
©2014 Copyright Bridge Point Communications Pty Ltd slide 34
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 17
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
Read the contract!
Backups add security?
• Real Example: Cloud Service includes “automatic backup service that
copies customer data to an external backup service, providing a further level
of security to customer data … stored for 3 months after being made … can
be extended to up to 7 years if required”
• Perfectly legitimate, but there are 2 meanings for “secure” here
• By default, backup is overwritten after 3 months … no restores over 3 months old!
• Backups go to a third party … with whom you have no contract for handling your data!
• The backups are … NOT encrypted!
©2014 Copyright Bridge Point Communications Pty Ltd slide 35
Backups
©2014 Copyright Bridge Point Communications Pty Ltd slide 36
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 18
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
Backups
©2014 Copyright Bridge Point Communications Pty Ltd slide 37
• Weak, vague, or one-sided SLAs and contracts
• Real Example: “The following list presents an
overview of some of the audits and assessments that
the” Cloud Service “undergoes on a regular basis”...
• The Cloud Service did indeed undergo regular audits
… but only held certifications for two of the five in their
list in that year.
• Difference between ‘undergo audits’ and ‘meet
requirements’.
• Require certification
©2014 Copyright Bridge Point Communications Pty Ltd slide 38
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 19
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC JTC 1/SC 38/WG 3 (Cloud)
• WD 19086 ISO/IEC 19086 Information Technology –
Cloud Computing – Service Level Agreement (SLA)
Framework and Terminology
• Editors:
Eric Simmon (US)
Liu Na (China)
Toshihiro Suzuki (Japan)
• Working Draft in progress
©2014 Copyright Bridge Point Communications Pty Ltd slide 39
ISO/IEC JTC 1/SC 38/WG 3 (Cloud)
• ISO/IEC 19086-1 Information Technology – Cloud
Computing – Service Level Agreement (SLA) Framework
and Terminology – Part 1 : Overview and Concepts
• Acting Editors:
Eric Simmon (US)*
Liu Na (China)*
Toshihiro Suzuki (Japan)*
• Pending Project Subdivision
©2014 Copyright Bridge Point Communications Pty Ltd slide 40
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 20
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
ISO/IEC JTC 1/SC 38/WG 3 (Cloud)
• ISO/IEC 19086-2 Information Technology – Cloud
Computing – Service Level Agreement (SLA) Framework
and Terminology – Part 2 : Metrics
• Acting Editors:
Eric Simmon (US)*
Liu Na (China)*
Toshihiro Suzuki (Japan)*
• Pending Project Subdivision
©2014 Copyright Bridge Point Communications Pty Ltd slide 41
ISO/IEC JTC 1/SC 38/WG 3 (Cloud)
• ISO/IEC 19086-3 Information Technology – Cloud
Computing – Service Level Agreement (SLA) Framework
and Terminology – Part 3 : Core Requirements
• Acting Editors:
Eric Simmon (US)*
Liu Na (China)*
Toshihiro Suzuki (Japan)*
• Pending Project Subdivision
©2014 Copyright Bridge Point Communications Pty Ltd slide 42
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 21
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
The Cloud Computing SLA Standard(s)
• RELATIONSHIP BETWEEN THE MASTER AGREEMENT AND SLAS
• CLOUD SLA MANAGEMENT
• THE ROLE OF SERVICE LEVEL OBJECTIVES, METRICS, REMEDIES,
•
•
•
•
•
•
•
•
AND EXCEPTIONS IN THE SLA
CLOUD SLA ELEMENTS
9.4
Service Monitoring Element
13
9.5
Roles and Responsibilities
13
9.6
Accessibility
13
9.7
Availability
14
9.7.1 Allowable Downtime
14
9.7.2 Downtime
14
9.7.3 Making remedy claims on Availability service level objectives
©2014 Copyright Bridge Point Communications Pty Ltd slide 43
The Cloud Computing SLA Standard(s)
•
•
•
•
•
•
•
•
•
•
•
9.8
Cloud Service Performance
15
9.8.1 Cloud Service Response Time
15
9.8.2 Cloud Service Capacity
16
9.8.3 Cloud Service Capability Indicators 17
9.9
Protection of Personally Identifiable Information (PII) 17
9.10 Information Security
18
9.11 Termination of Service
18
9.11.1 Description
19
9.11.2 Context for Termination of Service 19
9.11.3 Notification of Service Termination 20
9.11.4 Return of Assets 20
©2014 Copyright Bridge Point Communications Pty Ltd slide 44
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 22
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
The Cloud Computing SLA Standard(s)
•
•
•
•
•
•
•
•
•
•
•
•
9.12.3 Service Incident Notification
20
9.12.5 System Logs
20
9.12.6 Service Incident Handling 20
9.12.7 Failure (service outage) Notification
21
9.14.1 Resiliency/Fault Tolerance 21
9.14.4 Cloud Service Customer Data Backup and Restore 25
9.14.6 Retention Period for Backup Data 25
9.14.8 Verification of Saved Data Integrity 25
9.14.9 Service Continuity – Disaster Prevention and Recovery
9.15.1 Intellectual Property Rights (IPR) 29
9.15.6 Account Data
30
9.15.7 Derived Data
30
25
©2014 Copyright Bridge Point Communications Pty Ltd slide 45
The Cloud Computing SLA Standard(s)
•
•
•
•
•
•
•
•
•
•
•
•
9.15.8 Personally Identifiable Information (PII)
30
9.15.9 Data Portability 30
9.15.10
Data Deletion
31
9.15.11
Data Location
31
9.15.12
Data Examination 31
9.15.13
Law enforcement Access 31
9.15.15
Recovery Point Objective 31
9.15.16
Retention Period for backup data 31
9.15.17
Plan for Deletion of Data 31
9.15.19
Compensation and Insurance for Data leakage and Loss
9.15.20
Data portability upon contract cancellation 32
9.16 Attestations, Certifications and Audits
32
©2014 Copyright Bridge Point Communications Pty Ltd slide 46
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 23
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
There’ll be no Hobbits allowed out until
you pay your Cloud Service Provider bill
Image: National Museum of Denmark, Photographer:
Kai Bridge
UldallPoint Communications Pty Ltd slide 47
©2014 Copyright
CSA’s Role in Assurance
Control
Requirements
Private,
Community &
Public Clouds
Provider
Assertions
Copyright © 2013 Cloud©2014
SecurityCopyright
Alliance
www.cloudsecurityalliance.org
Bridge Point Communications
Pty Ltd slide 48
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 24
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
Path to High
Assurance
+
Real time,
continuous
monitoring
3rd Party
Assessment
+
Self Assessment
+
Clear GRC objectives
Copyright © 2013 Cloud©2014
SecurityCopyright
Alliance
Image:
www.cloudsecurityalliance.org
Bridge Point Communications
Pty Ltd slide 49
©2014 Copyright Bridge Point Communications Pty Ltd slide 50
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 25
Dr David Ross
“Incorporating Security Provisions into the New ISO/IEC Cloud Computing SLA Standards”
©2014 Copyright Bridge Point Communications Pty Ltd slide 51
Contact
• Thanks, David Ross: [email protected]
• Standards Australia: [email protected]
and Damian Fisher:
[email protected]
• Standards Australia IT-038 (AU SC38 mirror committee):
Chair: Dr John Zic:
[email protected]
P/Mgr: Jenny Mance: [email protected]
©2014 Copyright Bridge Point Communications Pty Ltd slide 52
PUBLIC - ©2014 Bridge Point Communications Pty Ltd
Page 26