Abstract Details

<< Back to Schedule

10/14/2015  |   1:15 PM - 2:00 PM   |  Pacific I

Lessons Learned for Implementing Affordable Cybersecurity within a Hosted Cloud Environment

The increasing trend to move data into the cloud requires a more resilient security design and implementation considerations as compared to traditional corporate networks. Sophisticated cyber-attacks have now evolved from focusing on solely data exfiltration to launching destructive multi-functional malware that attempts to remain on the compromised network. Since a presence on a cloud environment extends the corporate perimeter, the cloud environment is subject to amplified threats and vulnerabilities. Unfortunately, the complexity and seemingly unlimited financial depth of the threat environment makes it difficult for organizations to defend against rapidly evolving and sophisticated attack vectors. As a result, a robust cybersecurity implementation is paramount in a cloud environment and must evolve while being fiscally responsible and still provide resiliency against cyberattacks. Additionally a holistic method must be employed to ensure the cybersecurity implementation will support the desired goals of the organization. This presentation will provide lessons learned from implementing an affordable cybersecurity design and implementation while satisfying federal regulatory compliance within a hosted cloud environment. The presentation will first provide the background of the increasing threats and attacks against cloud environments. Next, the presentation will provide specific affordable cybersecurity design patterns in the areas of confidentiality, integrity, availability, authentication, authorization, auditing and data protection that can be implemented to reduce the overall risk level of the system. These solutions will span the cloud provider’s hosting environment as well as the hosted applications within the environment. The presentation will then show how these design patterns can cost effectively satisfy current federal regulations and policies. Finally, recommendations will be provided for how to establish a holistic cybersecurity implementation methodology.

This presentation has not yet been uploaded.

No handouts have been uploaded.

Dan Kahn (Primary Presenter), ISC2, daniel.kahn@ngc.com;
Dan Kahn is a security architect who has a combined 17 years of system and software security engineering experience. He holds an undergraduate degree in Computer Science from Drew University and a Masters in Business Administration from Loyola University of Maryland. His certifications include an ISC2 CISSP-ISSEP, ISC2 CSSLP and INCOSE ASEP. Dan has given multiple cybersecurity presentations at software and system symposiums and conferences. He has published multiple cybersecurity articles.

2013 Sponsors: IEEE and IEEE Computer Society