Documentos de Académico
Documentos de Profesional
Documentos de Cultura
1. Nombres y apellidos
2. Grado Académico
3. Experiencia Laboral
4. Certificaciones internacionales: Seguridad, Cloud computing, ITIL, COBIT,
PMP, otros.
5. Expectativas del programa / curso
VISIÓN HOLÍSTICA DE
LA SEGURIDAD DE LA
Tema 1: Clic para editar título
INFORMACIÓN Y
CIBERSEGURIDAD
? Cybersecurity in the Cloud
Extraído desde
https://rpp.pe/economia/economia/banc
a-peruana-privada-repele-ciberataque-
mundial-noticia-1144143?ref=rpp
Extraído desde
https://rpp.pe/economia/economia/bcp-revela-
que-en-ataque-cibernetico-del-2018-hackers-
accedieron-a-datos-de-clientes-noticia-1232964?
ref=rpp
? Cybersecurity in the Cloud
¿Y la Ciberseguridad?
¿Qué es entonces?
Cloud Security Alliance, C. (2017). Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in
Cloud Computing. 1 -152.
“Cloud providers and customers must share the responsibility for security
and privacy in cloud computing environments, but sharing levels will differ
for different delivery model”.
Takabi, H., Joshi, J., & Gail-Joon. (2010). Security and Privacy Challenges in Cloud Computing Environments. IEEE, 24 -31.
Fundamentos en Cloud Computing
1
“NIST defines cloud computing by
describing five essential
characteristics, three cloud service
models, and four cloud deployment
models.”
Cloud Security Alliance, C. (2017). Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing. 1 -152.
Modelo de Responsabilidad Compartida
1
Cloud Security Alliance, C. (2018). Guideline on Effectively Managing Security Service in the Cloud. 1 -
53.
Modelo de Responsabilidad de
Seguridad
1
Compartida_
“Here, we refer to Gartner’s shared security responsibility model to develop the below shared
security responsibility figure. It illustrates the security handoff points for IaaS, PaaS, and SaaS cloud models. The handoff point
moves up the stack across the models. The IaaS CSP offers the most control, with the commensurate security responsibility left to
customers The SaaS customer offers the least control, with the CSP taking on most of the security responsibility”
Cloud Security Alliance, C. (2018). Guideline on Effectively Managing Security Service in the Cloud. 1 - 53.
Modelo de Responsabilidad de
Seguridad
1
Compartida
Cloud Security Alliance, C. (2018). Guideline on Effectively Managing Security Service in the Cloud. 1 - 53.
Caso: ISACA - IT Security Responsibilities
Change When Moving to the Cloud
¿Y ahora qué tengo que hacer? ¿Cómo se definen los nuevos roles?
Extraído desde ISACA - IT Security Responsibilities Change When Moving to the Cloud
¿Las responsabilidades en TI también
cambian?
1
“How will an organization’s information
security staff be affected if the
organization’s computer systems are
moved to a cloud environment?”
Wlosinski, L. (2013). IT Security Responsibilities Change When Moving to the Cloud. ISACA Journal, 1- 4.
Defense in Depth for Cibersecurity in the
Cloud
1
Fuente: ISACA: Shadow IT: What Is It and Is It Really Risky? 2015 Fuente: Sachahuamán, N. (20 de 02 de 2019). Gobierno en Cloud Computing, CSA
Perú.
Modelo de Gobierno Cloud
“Es parte del Gobierno1 TI y está formado
por los procesos, políticas, estructuras
organizativas y herramientas que aseguran
que la organización posee la capacidad
necesaria para sostener y facilitar el logro
de sus objetivos y estrategias, apoyándose
en soluciones basadas en Cloud
Computing”
Fuente: Forecast Overview: Public Cloud Services, Worldwide, 2011-2016, Fuente: Sachahuamán, N. (20 de 02 de 2019). Gobierno en
4Q12 Update Published 2013 Cloud Computing, CSA Perú.
La falta de prácticas para el Gobierno en
Cloud
1
y Ciberseguridad???
Bounagui, Y., Mezrioui, A., & Hafiddi, H. (2018). Toward a unified framework for cloud computing governance: an
approach for evaluating and integrating it management and governance models. Computer Standards & Interfaces, 98-118.
Prácticas para el Gobierno en
Cloud Computing_
1
Bounagui, Y., Mezrioui, A., & Hafiddi, H. (2018). Toward a unified framework for cloud computing governance: an
approach for evaluating and integrating it management and governance models. Computer Standards & Interfaces, 98-
118.
? ¿Cómo se pudo evitar?
Extraído desde Cloud Security Alliance Global: Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Extraído desde ISC2 CCSP Certified Cloud Security Professional
?Share Responsability Model
The most important security consideration is knowing exactly who is responsible for what in any
given cloud project. It’s less important if any particular cloud provider offers a specific security
control, as long as you know precisely what they do offer and how it works. You can fill the gaps with
your own controls, or choose a different provider if you can’t close the controls gap. Your ability to
do this is very high for IaaS, and less so for SaaS.
25
Extraído desde Cloud Security Alliance Global: Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Architecture example of IaaS
These resources are pooled using
abstraction and orchestration.
Abstraction, often via virtualization,
frees the resources from their
physical constraints to enable
pooling.
Extraído desde Cloud Security Alliance Global: Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Extraído desde Cloud Security Alliance Global: Security Guidance for Critical Areas of Focus in Cloud Computing v4.0