• Home

  • Technology

  • Bill Lisse & Max Aulakh - Future of Information Security & GRC
11
Governance, Risk & Compliance Bill Lisse, Global CISO - OCLC Max Aulakh, vCISO - MAFAZO

Bill Lisse & Max Aulakh - Future of Information Security & GRC

Embed Size (px)

Citation preview

Page 1: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Governance, Risk & ComplianceBill Lisse, Global CISO - OCLCMax Aulakh, vCISO - MAFAZO

Page 2: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Introductions

Bill Max

Page 3: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Background• OCLCs Environment

• Control complexity & various business scenarios

• Multiple global security regulations• US• Canada• European

Page 4: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Security Business Case for OCLC• Registered to ISO/IEC 27001:2005• Since 2011

• NIST SP 800-53 Controls mapped to ISO/IEC 27001• Updated to ISO/IEC 27001:2013

Page 5: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Shifting Regulatory Landscape

• Executive Order -- Improving Critical Infrastructure Cybersecurity 13636 - February 2013

• OMB Guidance to agencies to implement

• OMB Guidance to contractors to implement

Page 6: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Problem Statement• Mapping ISO 27001 to NIST SP 800-53

• No longer acceptable• US SaaS Product must be FedRAMP Accredited through a 3PAO• Short timeline • Talent shortage and staffing problems

• SSP, POAM & FedRAMP documentation takes time• Additionally required SSPs for non-Cloud government customers

Page 7: Bill Lisse & Max Aulakh - Future of Information Security & GRC

FedRAMP• Federal Risk and Authorization Management Program

(FedRAMP)• Government-wide program • Standardized approach to security assessment, authorization, and

continuous monitoring for cloud products and services

• Third Party Assessment Organizations (3PAO)• 3PAO is an organization that has been certified to help cloud service

providers and government agencies meet FedRAMP compliance regulations

Page 8: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Tryump• OCLC Selected Tryump • Document automation • Documentation & security artifacts management

Page 9: Bill Lisse & Max Aulakh - Future of Information Security & GRC

NIST Based Compliance

• NIST SP 800-53• 26 Control Families• 950+ Controls• 1 to 4 Statements per control • 2000 to 3000 total responses required for all controls

• 200+ Control Parameters• 1 SSP can be over 400 Pages• Total document submission package can be 400 to 800 pages

Page 10: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Who has to comply• Cloud Computing Providers

• FEDRAMP• IRS Pub 1075• DFARs Federal Contractors• Research & Development Centers

• Healthcare• Universities • Federally Funded Research Institutions

• If you do business with the government!

Page 11: Bill Lisse & Max Aulakh - Future of Information Security & GRC

Solving complexity• Built for & by security pros

• Distribute controls to the organization• Inheriting controls from a common catalog of enterprise• Multiple systems management• Develop multiple SSPs


Insights on grc grc technology au1488

Insights on grc grc technology au1488

Education
Glassfibre Reinforced Concrete (GRC) - GRC - Gulf · PDF fileGlassfibre Reinforced Concrete (GRC) Glassfibre Reinforced ... GRC gives the architects a unique and unrivalled opportunity

Glassfibre Reinforced Concrete (GRC) - GRC - Gulf · PDF fileGlassfibre Reinforced Concrete (GRC) Glassfibre Reinforced ... GRC gives the architects a unique and unrivalled opportunity

Documents
GRC Annual Meeting & GEA GeoExpo+ - GRC Sponsorships

GRC Annual Meeting & GEA GeoExpo+ - GRC Sponsorships

Education
Alfaparf Milano USA - Lisse Design Technical Guide

Alfaparf Milano USA - Lisse Design Technical Guide

Documents
BY: AMAN KALRA, GAGIN MERWAR, GURJOT AULAKH, SAHIBA BAJWA DIGESTIVE SYSTEM

BY: AMAN KALRA, GAGIN MERWAR, GURJOT AULAKH, SAHIBA BAJWA DIGESTIVE SYSTEM

Documents
Court/Judgments/Judgments/Lisse v...  · Web viewOn 21 November 2008, these proceedings commenced when Dr Lisse issued summons against the Minister claiming delictual and constitutional

Court/Judgments/Judgments/Lisse v...  · Web viewOn 21 November 2008, these proceedings commenced when Dr Lisse issued summons against the Minister claiming delictual and constitutional

Documents
Riverside County 2012 API and AYP Achievement Gap Mitch Aulakh

Riverside County 2012 API and AYP Achievement Gap Mitch Aulakh

Documents
Canadian Light Source Electrical Design Criteria - Aulakh - 8.1.16.1Rev 0

Canadian Light Source Electrical Design Criteria - Aulakh - 8.1.16.1Rev 0

Documents
Introductie - De Loft Lisse · Voorbeeld: De Loft Lisse Markt: ondernemers Doelgroep: starters en startups 0-5 jaar regio bollenstreek Suspects: Volgers op social media (linkedin

Introductie - De Loft Lisse · Voorbeeld: De Loft Lisse Markt: ondernemers Doelgroep: starters en startups 0-5 jaar regio bollenstreek Suspects: Volgers op social media (linkedin

Documents
Alfaparf Milano USA - Lisse Design Keratin Therapy Brochure

Alfaparf Milano USA - Lisse Design Keratin Therapy Brochure

Documents
Finding Time Series Data U of S Library Harpreet Aulakh Darlene Fichter

Finding Time Series Data U of S Library Harpreet Aulakh Darlene Fichter

Documents
The Minister of Health and Social Services Versus Lisse

The Minister of Health and Social Services Versus Lisse

Documents
GRC Krawangan GRC Kepala Kolom GRC Cover Menaragrcbangunpersada.com/wp-content/uploads/2014/11/Product-Catalogu… · grc kubah grc lisplank grc cladding grc kepala kolom grc cover

GRC Krawangan GRC Kepala Kolom GRC Cover Menaragrcbangunpersada.com/wp-content/uploads/2014/11/Product-Catalogu… · grc kubah grc lisplank grc cladding grc kepala kolom grc cover

Documents
GRC ACCESS

GRC ACCESS

Documents
Lisse skin healer catalogue(2015 0120)

Lisse skin healer catalogue(2015 0120)

Documents
GRC Dashboards - Runtime Installation · 2019. 7. 1. · GRC DASHBOARDS - RUNTIME INSTALLATION 1 1 Introduction The following GRC dashboards (GRC = Governance, Risk and Compliance)

GRC Dashboards - Runtime Installation · 2019. 7. 1. · GRC DASHBOARDS - RUNTIME INSTALLATION 1 1 Introduction The following GRC dashboards (GRC = Governance, Risk and Compliance)

Documents
Thinking…inside the box STGS version 1.0 The “Soar Technology Goal System” Sean Lisse Software Engineer lisse@soartech.com 3600 Green Court Suite 600 Ann

Thinking…inside the box STGS version 1.0 The “Soar Technology Goal System” Sean Lisse Software Engineer [email protected] 3600 Green Court Suite 600 Ann

Documents
Neutrino mass & structurallogic of NMSO(10)users.ictp.it/~smr2366/talks/Aulakh-Bene2012.pdf · Neutrino mass & structurallogic of NMSO(10) Charanjit S. Aulakh (PanjabUniv,Chandigarh)

Neutrino mass & structurallogic of NMSO(10)users.ictp.it/~smr2366/talks/Aulakh-Bene2012.pdf · Neutrino mass & structurallogic of NMSO(10) Charanjit S. Aulakh (PanjabUniv,Chandigarh)

Documents
We Implement GRC Solutions Using Oracle GRC Applications Oracle Independent Consultants Oracle GRC Professionals 5/1/2015We Implement GRC Solutions Using

We Implement GRC Solutions Using Oracle GRC Applications Oracle Independent Consultants Oracle GRC Professionals 5/1/2015We Implement GRC Solutions Using

Documents
Kyra Lisse '22 The House on Mango Street: Reading The term

Kyra Lisse '22 The House on Mango Street: Reading The term

Documents
Bill Lisse - Communicating Security Across the C-Suite

Bill Lisse - Communicating Security Across the C-Suite

Technology
Implementing an integrated GRC approach with SAP GRC · PDF fileImplementing an integrated GRC approach with SAP GRC Sumit Sanyal(PwC) GRC Conference 26. November 2013 in Moscow

Implementing an integrated GRC approach with SAP GRC · PDF fileImplementing an integrated GRC approach with SAP GRC Sumit Sanyal(PwC) GRC Conference 26. November 2013 in Moscow

Documents
2015 GRC MATURITY SURVEY - Workiva | Cloud Platform€¦ · An OCEG Benchmark on GRC Maturity within Organizations 2015 GRC MATURITY SURVEY HOW THE APPROACH TO GRC STRATEGY & …

2015 GRC MATURITY SURVEY - Workiva | Cloud Platform€¦ · An OCEG Benchmark on GRC Maturity within Organizations 2015 GRC MATURITY SURVEY HOW THE APPROACH TO GRC STRATEGY & …

Documents
by Lisse Honeyman - Onestopenglish: Number one for English

by Lisse Honeyman - Onestopenglish: Number one for English

Documents
SWITCHES AND SOCKETS LISSE - Schneider Electric · PDF fileCombined with the Schneider Electric cable management range, to provide you with a complete solution. Lisse wiring devices

SWITCHES AND SOCKETS LISSE - Schneider Electric · PDF fileCombined with the Schneider Electric cable management range, to provide you with a complete solution. Lisse wiring devices

Documents
SAP GRC Online Training | SAP GRC tutorials | SAP GRC TRAINING COURSE, USA

SAP GRC Online Training | SAP GRC tutorials | SAP GRC TRAINING COURSE, USA

Education
GRC Base Parcel GRC Base Point

GRC Base Parcel GRC Base Point

Documents
- Baljeet Aulakh -Arnold Csok -Jared Shepherd - Amandeep Singh

- Baljeet Aulakh -Arnold Csok -Jared Shepherd - Amandeep Singh

Documents
Understanding GRC

Understanding GRC

Business
GRC Cloud - resolver.com Resolver GRC Cloud GRC Cloud allows your company to manage all its Governance, Risk and Compliance (GRC) needs in one application. GRC …

GRC Cloud - resolver.com Resolver GRC Cloud GRC Cloud allows your company to manage all its Governance, Risk and Compliance (GRC) needs in one application. GRC …

Documents