No Such Agency in the Cloud… Amanda Goodger 11 Sept 2011.
-
Upload
zoe-bartlett -
Category
Documents
-
view
212 -
download
0
Transcript of No Such Agency in the Cloud… Amanda Goodger 11 Sept 2011.
No Such Agency in the Cloud…Amanda Goodger
11 Sept 2011
Tomorrow’s World is here…
NOW!!!!!!
Today’s Session Content:
My BackgroundMy MSc Experience – DissertationToday’s World… that thing called CLOUD!Social and Business Assurance…Tomorrow’s World – New concept…Have we answered the exam statement?
INFORMATION JOURNEY…… CONTINUATION OF PREVIOUS DISCUSSIONS EG DIETER, KERRY…
My Background
Hybrid Background…◦Maths & Education◦MBA◦MSc – Information Security
Work Experience…◦Private Sector◦Public Sector
Social Experience – why add this?????
My MSc Experience – Dissertation Tips & Tricks
Structure‘V’ Model ApproachResearch MethodologyCritical AnalysisMy topic ….
◦Assurance Cases – New Approach for Critical National Infrastructure Assessments
Dissertation Overview
Background – Interconnected Environment… Rationale for CLAIMS-ARGUMENT-EVIDENCE
(CAE) notation – Legal AnalogyVulnerability Assessment Lifecycle –
Assurance CasesRecommendations:
◦Patterns – ‘Mesh’ Case◦Resilience Framework using Hypercompetition
Model ◦Future Thinking…
Today’s World…
Move from Fortress to Data Centric World…
Cloud Computing Phenomenon…
SaaS
Public Cloud
SaaS
Private Cloud
Virtual public Cloud Virtual private Cloud 13rd partyprovider(s)
Private cloudprovider(s)
Hybrid
Customer1
Customer2
Customern
OneCustomer
dedicated provisioningshared
Independent application provider
Customerbase
Environment
Platform
Cloudcomputingtype
SaaS
CommunityCloud
Why is this a problem – complexity? Or is wicked?
Consumer XStand alone models
Provider B Focal Org/Serv Consumer Y
Provider A Focal Org/Serv
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
ISCThread
(baseline)
Example of how an information supply chain can change over time…this is only the beginning!
Provider B Focal Org/Serv Consumer Y
Provider A Focal Org/Serv Consumer X
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
Provider B Focal Org/Serv Consumer Z
Provider A Focal Org/Serv
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
Nodes inred inhave
alteredover thetimeline
Consumer X
ISCThread
(baseline)
ChangedISC
Thread
Timeline
Timeline
The CAS/SoS iscomposed of a cellularstructure that changes(e.g. IT systems beingpatched, businessesbeing merged etc) overtimelines or (as part oftemporal planes) atdiffering rates. Thisexample shows thatthe ISC thread isbaselined (in blue), andthen alters for two ofthe nodes (in the focalorg/serv andConsumer Z) at theIaaS and SaaS layersrespectively.
First Walkthrough (if not understood not matter)… this is where we are now & will be from now on…
Provider B Focal Org/Serv Consumer Y
Provider A Consumer X
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
Provider B Focal Org/Serv Consumer Z
Provider A
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
Nodes inred inhave
alteredover thetimeline
Consumer X
WalkthroughNo. 1 - ISC
Thread(baseline)
ChangedISC
Thread
Timeline
Timeline
The Walkthrough No. 1example shows the one-wayflow of an ISC thread. It isbaselined (in blue) and isfocussed on a node in thePaaS layer. Over time, anadditional node in the IaaSlayer of the Focal Org/Servand the new Consumer Z’snode in the SaaS layerchange. These alterationsshow that when consideringthe ISC that thesedependencies impact theFocal Org/Serv’s node riskprofile. Consequently, thechanges to this nodeimpacts this single thread invarying ways.
Second Walkthrough (if not understood not matter just to show how complexity grows!)… this is where we are now & will be from now on…
Provider B Focal Org/Serv Consumer Y
Provider A Consumer X
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
Provider B Focal Org/Serv 2 Consumer Z
Provider A Focal Org/Serv 1
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
Nodes in redin have
altered overthis timeline.
Nodes inblue
previouslychanged.
Consumer X
WalkthroughNo. 2 - ISC
Thread(baseline) +Alterations
ChangedISC
Thread
Timeline
Timeline
The Walkthrough No. 2 exampleshows the ISC thread developmentfrom being baselined, to includingchanges from Walkthrough No. 1 (inblue). For the evolving Focal Org/Serv. 2 requirement, Provider Aprovides an extra IaaS layer nodeand expands with an additionalConsumer Y’s node in the SaaSlayer. In this example, thesealterations show the increasingcomplexity to this ISC, whichimpact Focal Org/Serv’s 2 node riskprofile. In addition, Provider A’snode inputs into Focal Org/Serv. 1'sISC and that inputs to Consumer X.Consequently leading to further ISCcomplexities with extra threadsadded or using the samedependencies impact the singlethread in varying ways.
Social and Business Assurance…
Harmonisation of the Information Standards…
Common Assurance Maturity Model…Issues across the ISG weekend…
◦HDF◦Trust◦Assurance◦Critical Information Infrastructure◦……………………….
Tomorrow’s World… New Concept
Information Lodestone…◦Why is this relevant to information security?
Concept…◦Understanding◦Protecting◦Sustaining◦Nurturing
Tomorrow’s World = Information World!!!!
Information World – ‘bridge and beyond…’
Why this?Why think differently?What is the relevance for you?Does it mean anything to you?
So what…
TOMORROW’S WORLD… NOW!!!!!!!!
Hybrid thinking…Integrated Information / Knowledge World…Cyber-surete not = command and control…NOW = TRUST + ASSURANCE + INFLUENCE
DATA CENTRIC WORLD – INFORMATION LODESTONE….
Integrated Information Society Hub…
CONCEPT LAUNCH… RSA EUROPE… 10-13 0CTOBER 2011 via CSA EUROPE… Exact date to be confirmed…