The Delivery of Managed Security Services
- When?
- Friday 7 May 2010, 10:00 to 12:00
- Where?
- 24AA04
- Open to:
- Students, Staff
- Speaker:
- Tony Dyhouse, Operations Manager at QinetiQ
Tony Dyhouse will discuss some standards applicable to the fields of Information Assurance and Service Delivery, illustrating areas of commonality with regard to aim and approach.
Different mechanisms for the protection of CIA will be discussed from a point of view of risk transference and third party provision of services, including a look at potential conflict of interest and how that can be addressed. Finally, a view on advancing technology and Cloud services.
Presentation Outline
Standards in both worlds
A cursory glance at some of the British and International standards that apply to Service Delivery and to Information Security.
The aims of the standards, and where there is commonality in that aim.
MSP v MSSP
Confidentiality
Considerations and mechanisms for protecting Confidentiality
Pertinent Questions to ask an MSSP
Integrity
Considerations and mechanisms for protecting Integrity
Pertinent Questions to ask an MSSP
Availability
Considerations and mechanisms for protecting Availability
Pertinent Questions to ask an MSSP
Guarding the Guard
The conflict of interest problem
Mechanism for tri-partite relationship
CESG Memo 37
The Cloud
Business drivers and advantages
Service considerations