January 11th Event

January 11, 2012- CSA NY Metro Chapter

Date January 11, 2012
Event Start Time – End Time 6:30PM – 8:30PM
Overall Event Title Governance, Risk and Compliance in the Cloud: CSA’s leading practices to address Legal, Policy and Organizational Risk issues and a practical application example
Event abstract The CSA has brought together some of the largest cloud providers and cloud customers to define the most important pieces of Governance, Risk and Compliance in the Cloud. The resulting frameworks are the CSA’s Cloud Controls Matrix (CCM) and Consensus Assessment Initiative Questions (CAIQ). We will present an overview of these CSA frameworks as well as hear from experts on how they’ve utilized this work with their clients as well as discuss the legal, Policy and Organizational Risk issues surrounding GRC.
Venue Microsoft Corporation
1290 Avenue of the Americas (between 51st and 52nd Streets)
6th FL, Tavern on The Green Conference Room
New York, NY
Dress Code Business Causal
Pre-meeting networking 6:15 – 6:45pm
Event kickoff opening remarks 6:45 – 7pm
Speaker CSA NY Metro Board Member
Session description
  • Welcome and speaker self intro
  • Any chapter news
  • Quick overview of last meeting
  • Invite attendees to submit ideas for topics, speakers and/or to put us in touch with people to speak (we’ll distribute short questionnaires for them to record these ideas)
Session Title Deep dive on CSA’s CCM, CAIQ and STAR
Start Time – End Time 7-7:45pm
Session Description Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary supporting data. Whether implementing private, public or hybrid clouds, the shift to compute as a service presents new challenges across the spectrum of GRC requirements. The Cloud Security Alliance GRC Stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements

  • Intro to GRC
  • Overview of the CSA’s CCM, CAIQ and STAR
  • Legal, Policy and Organizational Risk issues surrounding GRC in the cloud
  • A practical application of CCM and CAIQ
  • Q&A
Speakers Laura Posey, Microsoft Corporation, co-chair of CAIQ
Bio Ms. Laura Posey is a Senior Security Strategist in the Global Security Strategy and Diplomacy (GSSD) team at Microsoft, which focuses on driving strategic change, both within Microsoft and externally, to advance cyber security and resiliency. In her role, Ms. Posey draws upon her 12+ years of experience in the technology space to address global challenges related to information assurance and security policy and standards with a special focus on the challenges of government organizations worldwide.  Ms. Posey is a strong voice representing Microsoft in the Cloud Security Alliance (CSA) on issues representing both consumers and providers of Cloud services and technology and a supporting member of SAFECODE, addressing supply chain integrity best practices.
Panel Discussion Governance, Risk and Compliance: The CSA best practices work, legal issues and a practical application example.
Start Time – End Time 7:45 – 8:30PM
Session Description
  • Introduction of Panel
  • Intro to GRC
  • Overview of the CSA’s CCM, CAIQ and STAR
  • Legal issues surrounding GRC in the cloud
  • A practical application of CCM and CAIQ
  • Q&A
  • JT Jacoby, NYC Housing Authority, Chief Security Officer
  • Joe Cupano, EMC, Global Alliances Solutions Strategist
  • Laura Posey, Microsoft Corporation, co-chair of CAIQ

Moderator: Brian Peister, iSecure, consultant at MetLife

Bio(s) JT Jacoby, NYC Housing Authority, Chief Security Officer
JT Jacoby is Chief Security Officer of the New York City Housing Authority. NYCHA’s 650,000 residents would make it’s resident population the 19th largest city in North America or equivalent to Miami or Boston. As CSO, JT Oversees IT Security, Investigations, Forensics, Policy, Audit and Risk. Mr. Jacoby has also advanced the field of social media cyber intelligence for the government. Previous to NYCHA, JT spent 11 years with Fidelity Investments in several leadership roles including Country Head Information Security – India where he lived in Bangalore for 2 years. Originally from Washington, DC, Mr. Jacoby was Vice President of Auditek, Inc. for 8 years, providing IT security and advisory services for firms such as Citibank, Ford, Deutsche Bank, and many other Fortune 200 firms. He maintains CISA, C-RISC and CISM certifications, serves on NGO boards and is an avid scuba diver. He frequently speaks at IT security conferences and lives in Manhattan.

Joe Cupano, EMC, Global Alliances Solutions Strategist
Joe Cupano has spent over fifteen years of his career as an Information Security thought leader and trusted advisor to the Global 100 and government entities both US and abroad. Starting in the 1990s Mr. Cupano helped develop Ernst & Young’s internal Information Security program and the development of what has become Ernst & Young’s Technology and Security Risk Services practice. He was also developer and first webmaster of EY.COM.

Mr. Cupano moved into Financial Services sector first with Salomon Smith Barney and then as a Director with UBS (aka Swiss Bank) serving as the Global Technology Manager for Security and eCommerce. At UBS, Mr. Cupano also served as a security industry subject matter expert supporting Corporate Finance and Global Equities business line activities.

In 2006, Mr Cupano joined EMC supporting the company’s investment into the security marketplace starting with the acquisition of RSA. He helped develop the Information Security Practice leading a number of engagements globally and then focused on complex security requirements for various US Federal agencies. He currently works in EMC Global Alliances developing trusted cloud solutions with well branded partners.

Laura Posey, Microsoft Corporation, co-chair of CAIQ (see above)

Brian Peister, iSecure, consultant at MetLife
Brian’s career has encompassed over 12 years of senior level technical, management and consultative positions in start-ups, retail, manufacturing, telecommunications, healthcare, banking, insurance, financial and Big Four. Brian has architected innovative and successful incident management, risk management, application security programs, data protection polices and cloud security vendor assessment and frameworks.

Brian is presently a Security Consultant for a Fortune 500 insurance, real estate, financial and banking provider. He enhanced the risk mitigation approach and incorporated Cloud Security Alliances guidance on assessing vendor’s cloud computing security controls. He is also building the application security strategy for a number of organizations to align with industry and DoD standards.

Brian holds a Bachelor of Science degree in Management Information Systems from the University of Bridgeport. Brian is one of the founding members of the board of directors of the Cloud Security Alliance NY Metro chapter. He is a former board member of the OWASP NJ/NY chapter, and is an active member of Newark’s Infragard (FBI/Corporate Information Sharing Group).


Session Title Wrap Up
Start Time – End Time 8:30-8:45PM
Session Description
  • Quick overview of emerging working group efforts and how to get involved
  • Quick intro of any board members present and their functions with CSA
  • Encouragement to invite others to join, speak, etc.
  • Call for volunteering of meeting venue for upcoming meetings
  • Quick overview of future topics for the next 3 meetings
Speakers Board member