Goran Novkovic

Toronto Water

Cybersecurity - Data & Software Regulatory Compliance in the Cloud

Speaker:

Goran Novkovic, Professional Engineer, Toronto Water

Goran has over 15 years of experience in various regulated industries including water/wastewater sector. His area of expertise is related to automation and controls engineering, computer systems validation, network and cloud security, data integrity and regulatory compliance. Goran has a formal education in Electrical Engineering and Project Management and possesses a master's degree in Information Technology. He has number of professional licenses and designations. He is licensed Professional Engineer in Ontario, certified ITIL, certified Agile Project Manager and Project Management Professional with PMI (Project Management Institute). Goran is holder of CQA (Certified Quality Auditor) and CSQE (Certified Software Quality Engineer) certifications with ASQ (American Society for Quality).

Abstract:

Cloud computing is causing a transformational shift in the way we do business and protect sensitive data assets and mission critical software applications in an increasingly complex regulatory environment. Organizations are taking a cautious attitude to cloud computing because of concerns about security and compliance with their security policies and respecting regulatory obligations. Thus, the adoption of cloud technologies should always be subject to careful evaluation that is aligned and integrated with risk management processes and information security governance of the organization. What we regularly see in the practice, many times it is not clear who is responsible for data and software security and regulatory compliance in the cloud, whether it is the cloud service customer or cloud service provider, or perhaps hybrid of both. This presentation offers a practical approach and real solution for industry leaders from all industry sectors in the process of adopting cloud services and moving production and business data and software applications to the cloud.

Takeaways:

  • Identify roles and responsibilities for securing data and software assets in the cloud.
  • Understand the difference between "Security of the Cloud" and "Security in the Cloud."
  • Implement a cloud security life-cycle model based on a risk management framework to manage data and software security and regulatory compliance.
  • Classify data assets based on sensitivity and criticality for the business and utilize phases of data life-cycle model to manage data security in the cloud.
  • Implement secure software development life-cycle (S-SDLC) model to software engineering and quality assurance in the cloud.