User:Shawndouglas/sandbox/sublevel29 - Revision history

Shawndouglas: Replaced content with "
TOC
{{ombox | type = notice | style = width: 960px; | text = This is sublevel29 of my sandbox, where I play with features and..."

2023-08-16T20:32:48Z

Replaced content with "<div class="nonumtoc">__TOC__</div> {{ombox | type = notice | style = width: 960px; | text = This is sublevel29 of my sandbox, where I play with features and..."

← Older revision		Revision as of 20:32, 16 August 2023
Line 1:		Line 1:
	~~===6.3 What questions should you ask yourself?===~~		<div class="nonumtoc">__TOC__</div>
	[[File:Cloud Computing (6648686983).jpg\|right\|350px]]Here we provide a concise listing of questions your organization should be asking internally at various steps of a cloud project. If you've followed a formal project management path, your lab may have asked many of these questions already during goal setting, scope setting, risk assessment, and requirement documentation. If so, fantastic; you have most of the answers. However, if prior cloud project management steps failed to address them, now is certainly the time, before you start your laboratory's provider research in earnest. While these questions are loosely ordered in a traditional project management path, their order is not significant otherwise. Just be sure your laboratory has considered or will be considering these questions.<~~ref name~~="~~AgilentCloud19~~">{{cite web \|url=https://www.agilent.com/cs/library/whitepaper/public/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf \|format=PDF \|title=Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps \|author=Agilent Technologies \|publisher=Agilent Technologies \|date=21 February 2019 \|accessdate=28 July 2023}}</~~ref><ref name="APHLBreaking17"~~>{{~~cite web~~ \|~~url~~=~~https://www.aphl.org/aboutAPHL/publications/Documents/INFO-2017Jun-Cloud-Computing.pdf \|format=PDF~~ \|~~title~~=~~Breaking Through the Cloud~~: ~~A Laboratory Guide to Cloud Computing~~ \|~~author~~=~~Association~~ of ~~Public Health Laboratories \|publisher=Association of Public Health Laboratories \|date=2017 \|accessdate=28 July 2023}}</ref><ref name="IFAhelp20">{{cite web \|url=https://www~~.~~mynewlab.com/blog/a-helpful-guide-~~to~~-cloud-computing-in-~~a-laboratory/ \|title=A Helpful Guide to Cloud Computing in a Laboratory \|work=InterFocus Blog \|publisher=InterFocus Ltd \|date=05 October 2020 \|accessdate=28 July 2023}}</ref><ref name="O'MalleyIsMov21">{{cite web \|url=https:~~//www.securityroundtable.org/is-moving-operational-technology-to-the-cloud-a-good-idea/~~ \|~~title=Is Moving Operational Technology to the Cloud a Good Idea? \|author=O'Malley, K. \|work=SecurityRoundtable~~.~~org \|date=19 February 2021 \|accessdate=28 July 2023}}~~<~~/ref~~><~~ref name="EusticeUnder18">{{cite web \|url=https://legal.thomsonreuters.com/en/insights/articles~~/understanding-data-privacy-and-cloud-computing \|title=Understand the intersection between data privacy laws and cloud computing \|author=Eustice, J.C. \|work=Legal Technology, Products, and Services \|publisher=Thomson Reuters \|date=2018 \|accessdate=28 July 2023}}</ref><ref name="DonnellyTheOVH21">{{cite web \|url=https://www.computerweekly.com/news/252498983/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users \|archiveurl=https://web.archive.org/web/20210408103340/https://www.computerweekly.com/news/252498983/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users \|title=The OVHCloud fire: Assessing the after-effects on datacentre operators and cloud users \|author=Donnelly, C. \|work=ComputerWeekly \|date=08 April 2021 \|archivedate=08 April 2021 \|accessdate=28 July 2023}}~~</ref>~~		{{ombox
			\| type = notice
			\| style = width: 960px;
			\| text = This is sublevel29 of my sandbox, where I play with features and test MediaWiki code. If you wish to leave a comment for me, please see [[User_talk:Shawndouglas\|my discussion page]] instead.<p></p>
			}}

	~~# What do we hope to achieve by transitioning operations to the cloud?~~		==Sandbox begins below==
	~~# Who among staff is best able to act as a go-between with the executive team in order to increase support for cloud adoption?~~
	~~# Have we developed a comprehensive project plan with goals, objectives, benefits, etc. and how cloud computing factors into them?~~
	~~# If not, who can be trusted to develop and implement such a cloud computing plan for our lab, or the organization as a whole?~~
	~~# Do we fully understand the regulations and accreditation requirements that drive security for our organization and its data?~~
	~~# What proficiencies and skills do lab technicians and IT staff currently have in computing, and cloud computing in particular?~~
	# Have we polled our users and relevant stakeholders about how they currently use existing computing services and access their data as part of their workflow? (For example, if internet access isn't readily available in the lab, this will have to change with cloud.)
	~~# What kind of data are we putting in the cloud?~~
	# Has anyone conducted an independent assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of health or other sensitive data and information stored in our systems?
	~~# Do we fully understand the [[Informatics (academic field)\|informatics]] strengths and gaps within our organization?~~
	~~# Do we fully understand the risks associated with cloud computing and how to best mitigate them?~~
	~~# Are we willing to take the time to compare the operational effectiveness, costs, risks, and security concerns of multiple cloud providers before we make a decision?~~
	~~# How bad can things go wrong if we (or the cloud provider) are attacked?~~
	~~# What will we (and the cloud provider) do to proactively detect, prevent, and remediate security breaches?~~
	~~# What will our back-up and protection mechanisms be to mitigate data loss due to fire or other catastrophic events both on-premises and in the cloud?~~

Shawndouglas at 22:53, 27 July 2023

2023-07-27T22:53:15Z

← Older revision	Revision as of 22:53, 27 July 2023
Line 1:	Line 1:
		===6.3 What questions should you ask yourself?===
		[[File:Cloud Computing (6648686983).jpg\|right\|350px]]Here we provide a concise listing of questions your organization should be asking internally at various steps of a cloud project. If you've followed a formal project management path, your lab may have asked many of these questions already during goal setting, scope setting, risk assessment, and requirement documentation. If so, fantastic; you have most of the answers. However, if prior cloud project management steps failed to address them, now is certainly the time, before you start your laboratory's provider research in earnest. While these questions are loosely ordered in a traditional project management path, their order is not significant otherwise. Just be sure your laboratory has considered or will be considering these questions.<ref name="AgilentCloud19">{{cite web \|url=https://www.agilent.com/cs/library/whitepaper/public/whitepaper-cloud-adoption-openlab-5994-0718en-us-agilent.pdf \|format=PDF \|title=Cloud Adoption for Lab Informatics: Trends, Opportunities, Considerations, Next Steps \|author=Agilent Technologies \|publisher=Agilent Technologies \|date=21 February 2019 \|accessdate=28 July 2023}}</ref><ref name="APHLBreaking17">{{cite web \|url=https://www.aphl.org/aboutAPHL/publications/Documents/INFO-2017Jun-Cloud-Computing.pdf \|format=PDF \|title=Breaking Through the Cloud: A Laboratory Guide to Cloud Computing \|author=Association of Public Health Laboratories \|publisher=Association of Public Health Laboratories \|date=2017 \|accessdate=28 July 2023}}</ref><ref name="IFAhelp20">{{cite web \|url=https://www.mynewlab.com/blog/a-helpful-guide-to-cloud-computing-in-a-laboratory/ \|title=A Helpful Guide to Cloud Computing in a Laboratory \|work=InterFocus Blog \|publisher=InterFocus Ltd \|date=05 October 2020 \|accessdate=28 July 2023}}</ref><ref name="O'MalleyIsMov21">{{cite web \|url=https://www.securityroundtable.org/is-moving-operational-technology-to-the-cloud-a-good-idea/ \|title=Is Moving Operational Technology to the Cloud a Good Idea? \|author=O'Malley, K. \|work=SecurityRoundtable.org \|date=19 February 2021 \|accessdate=28 July 2023}}</ref><ref name="EusticeUnder18">{{cite web \|url=https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing \|title=Understand the intersection between data privacy laws and cloud computing \|author=Eustice, J.C. \|work=Legal Technology, Products, and Services \|publisher=Thomson Reuters \|date=2018 \|accessdate=28 July 2023}}</ref><ref name="DonnellyTheOVH21">{{cite web \|url=https://www.computerweekly.com/news/252498983/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users \|archiveurl=https://web.archive.org/web/20210408103340/https://www.computerweekly.com/news/252498983/OVHCloud-datacentre-fire-Assessing-the-after-effects-on-datacentre-operators-and-cloud-users \|title=The OVHCloud fire: Assessing the after-effects on datacentre operators and cloud users \|author=Donnelly, C. \|work=ComputerWeekly \|date=08 April 2021 \|archivedate=08 April 2021 \|accessdate=28 July 2023}}</ref>

		# What do we hope to achieve by transitioning operations to the cloud?
		# Who among staff is best able to act as a go-between with the executive team in order to increase support for cloud adoption?
		# Have we developed a comprehensive project plan with goals, objectives, benefits, etc. and how cloud computing factors into them?
		# If not, who can be trusted to develop and implement such a cloud computing plan for our lab, or the organization as a whole?
		# Do we fully understand the regulations and accreditation requirements that drive security for our organization and its data?
		# What proficiencies and skills do lab technicians and IT staff currently have in computing, and cloud computing in particular?
		# Have we polled our users and relevant stakeholders about how they currently use existing computing services and access their data as part of their workflow? (For example, if internet access isn't readily available in the lab, this will have to change with cloud.)
		# What kind of data are we putting in the cloud?
		# Has anyone conducted an independent assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of health or other sensitive data and information stored in our systems?
		# Do we fully understand the [[Informatics (academic field)\|informatics]] strengths and gaps within our organization?
		# Do we fully understand the risks associated with cloud computing and how to best mitigate them?
		# Are we willing to take the time to compare the operational effectiveness, costs, risks, and security concerns of multiple cloud providers before we make a decision?
		# How bad can things go wrong if we (or the cloud provider) are attacked?
		# What will we (and the cloud provider) do to proactively detect, prevent, and remediate security breaches?
		# What will our back-up and protection mechanisms be to mitigate data loss due to fire or other catastrophic events both on-premises and in the cloud?

Shawndouglas: Blanked the page

2021-09-06T13:12:02Z

Blanked the page

← Older revision		Revision as of 13:12, 6 September 2021
Line 1:		Line 1:
	~~==6. Closing remarks==~~
	~~<blockquote>Cybersecurity is much more than a matter of IT.<br /> <br />- Stéphane Nappo, CISO of Société Générale</blockquote>~~

	After working through this guide, the quote of Stéphane Nappo should ring true; there's more to cybersecurity than focusing on information technology and technological expertise. Yes, those remain important elements of the recipe for cybersecurity success, but more ingredients are involved. First, the organization needs to not only want to improve cybersecurity, but it also needs enthusiastic support of that goal from leadership. Without support and encouragement from the higher levels in the form of active participation and financial buy-in, it's difficult to change the organizational culture. Second, the cybersecurity strategy isn't going to simply coalesce; it requires strong project management and a clearly defined plan. Without them, implementation of any cybersecurity measures will be, at best, haphazard and minimally effective. Third, effective communication, training, response, and monitoring plans are required to get full buy-in from personnel and associated third parties, as well as to ensure cyber attacks are held to a minimum and, when they do happen, they are addressed rapidly and efficiently. Without those elements, any implemented cybersecurity plan will lack potency over the long term, leaving the organization more prone to cyber attacks and financial consequence.

	This guide has hopefully provided you with all the considerations required to develop an effective, living cybersecurity plan for your organization. As part of that development effort, this guide has also addressed the benefits and uses of cybersecurity standards frameworks. The decision of which frameworks to choose isn't to be taken lightly; however, when chosen and implemented well, they have the potential to assist the organization with developing their overall cybersecurity strategy. The frameworks' security control, program development, and risk management elements can help deduce gaps between current system state and desired system state, as well as gaps in internal expertise, hardware, and policy. Most frameworks are also build on or mapped to other existing standards and frameworks, which have been developed by a broad consensus of interested individuals with expertise in cybersecurity and the fields requiring it. Regulatory bodies have also shaped those standards and frameworks, meaning that the organization that effectively uses cybersecurity standards frameworks in their plan development will be prepared at go-live for conformance to regulations.

	Finally, this guide has also included an appendix of NIST SP 800-53 controls with slightly more simplified language, as well as additional resources to give the controls a clearer context. Additionally, they are linked to the LIMSpec, an evolving set of specifications for laboratory informatics solutions and their development. For those outside the laboratory industry, that inclusion will likely not mean much; however, you've hopefully still gained insight from the contents of this guide. For those working in laboratories, particularly those with laboratory informatics solutions or seeking to purchase them, the mappings to LIMSpec provide additional value in ensuring those informatics solutions are providing the cybersecurity functionality critical to your laboratory's success.

	Regardless of what industry you work in, how many people make up your organization, or what technology you're using, remind yourself that ignoring cyber threats has consequences. Even if your primary cyber asset is only your business website, that asset can still be compromised. It takes awareness, planning, and dedication to fighting the growing body of cyber threats, but given tools such as this guide, you'll succeed in your organizational goals towards being more security-aware and cyber-prepared.

Shawndouglas: /* 6. Closing remarks */

2020-07-23T19:14:51Z

6. Closing remarks

← Older revision		Revision as of 19:14, 23 July 2020
Line 1:		Line 1:
	==6. Closing remarks==		==6. Closing remarks==
	<blockquote>~~Cyber-Security~~ is much more than a matter of IT.<br /> <br />- Stéphane Nappo, CISO of Société Générale</blockquote>		<blockquote>Cybersecurity is much more than a matter of IT.<br /> <br />- Stéphane Nappo, CISO of Société Générale</blockquote>

	After working through this guide, the quote of Stéphane Nappo should ring true; there's more to cybersecurity than focusing on information technology and technological expertise. Yes, those remain important elements of the recipe for cybersecurity success, but more ingredients are involved. First, the organization needs to not only want to improve cybersecurity, but it also needs enthusiastic support of that goal from leadership. Without support and encouragement from the higher levels in the form of active participation and financial buy-in, it's difficult to change the organizational culture. Second, the cybersecurity strategy isn't going to simply coalesce; it requires strong project management and a clearly defined plan. Without them, implementation of any cybersecurity measures will be, at best, haphazard and minimally effective. Third, effective communication, training, response, and monitoring plans are required to get full buy-in from personnel and associated third parties, as well as to ensure cyber attacks are held to a minimum and, when they do happen, they are addressed rapidly and efficiently. Without those elements, any implemented cybersecurity plan will lack potency over the long term, leaving the organization more prone to cyber attacks and financial consequence.		After working through this guide, the quote of Stéphane Nappo should ring true; there's more to cybersecurity than focusing on information technology and technological expertise. Yes, those remain important elements of the recipe for cybersecurity success, but more ingredients are involved. First, the organization needs to not only want to improve cybersecurity, but it also needs enthusiastic support of that goal from leadership. Without support and encouragement from the higher levels in the form of active participation and financial buy-in, it's difficult to change the organizational culture. Second, the cybersecurity strategy isn't going to simply coalesce; it requires strong project management and a clearly defined plan. Without them, implementation of any cybersecurity measures will be, at best, haphazard and minimally effective. Third, effective communication, training, response, and monitoring plans are required to get full buy-in from personnel and associated third parties, as well as to ensure cyber attacks are held to a minimum and, when they do happen, they are addressed rapidly and efficiently. Without those elements, any implemented cybersecurity plan will lack potency over the long term, leaving the organization more prone to cyber attacks and financial consequence.

Shawndouglas at 18:35, 20 December 2019

2019-12-20T18:35:58Z

← Older revision		Revision as of 18:35, 20 December 2019
Line 5:		Line 5:

	This guide has hopefully provided you with all the considerations required to develop an effective, living cybersecurity plan for your organization. As part of that development effort, this guide has also addressed the benefits and uses of cybersecurity standards frameworks. The decision of which frameworks to choose isn't to be taken lightly; however, when chosen and implemented well, they have the potential to assist the organization with developing their overall cybersecurity strategy. The frameworks' security control, program development, and risk management elements can help deduce gaps between current system state and desired system state, as well as gaps in internal expertise, hardware, and policy. Most frameworks are also build on or mapped to other existing standards and frameworks, which have been developed by a broad consensus of interested individuals with expertise in cybersecurity and the fields requiring it. Regulatory bodies have also shaped those standards and frameworks, meaning that the organization that effectively uses cybersecurity standards frameworks in their plan development will be prepared at go-live for conformance to regulations.		This guide has hopefully provided you with all the considerations required to develop an effective, living cybersecurity plan for your organization. As part of that development effort, this guide has also addressed the benefits and uses of cybersecurity standards frameworks. The decision of which frameworks to choose isn't to be taken lightly; however, when chosen and implemented well, they have the potential to assist the organization with developing their overall cybersecurity strategy. The frameworks' security control, program development, and risk management elements can help deduce gaps between current system state and desired system state, as well as gaps in internal expertise, hardware, and policy. Most frameworks are also build on or mapped to other existing standards and frameworks, which have been developed by a broad consensus of interested individuals with expertise in cybersecurity and the fields requiring it. Regulatory bodies have also shaped those standards and frameworks, meaning that the organization that effectively uses cybersecurity standards frameworks in their plan development will be prepared at go-live for conformance to regulations.

			Finally, this guide has also included an appendix of NIST SP 800-53 controls with slightly more simplified language, as well as additional resources to give the controls a clearer context. Additionally, they are linked to the LIMSpec, an evolving set of specifications for laboratory informatics solutions and their development. For those outside the laboratory industry, that inclusion will likely not mean much; however, you've hopefully still gained insight from the contents of this guide. For those working in laboratories, particularly those with laboratory informatics solutions or seeking to purchase them, the mappings to LIMSpec provide additional value in ensuring those informatics solutions are providing the cybersecurity functionality critical to your laboratory's success.

			Regardless of what industry you work in, how many people make up your organization, or what technology you're using, remind yourself that ignoring cyber threats has consequences. Even if your primary cyber asset is only your business website, that asset can still be compromised. It takes awareness, planning, and dedication to fighting the growing body of cyber threats, but given tools such as this guide, you'll succeed in your organizational goals towards being more security-aware and cyber-prepared.

Shawndouglas: Created page with "==6. Closing remarks==
Cyber-Security is much more than a matter of IT.

- Stéphane Nappo, CISO of Société Générale
After workin..."

2019-12-20T18:22:36Z

Created page with "==6. Closing remarks== <blockquote>Cyber-Security is much more than a matter of IT.<br /> <br />- Stéphane Nappo, CISO of Société Générale</blockquote> After workin..."

New page

==6. Closing remarks==
<blockquote>Cyber-Security is much more than a matter of IT.<br /> <br />- Stéphane Nappo, CISO of Société Générale</blockquote>

After working through this guide, the quote of Stéphane Nappo should ring true; there's more to cybersecurity than focusing on information technology and technological expertise. Yes, those remain important elements of the recipe for cybersecurity success, but more ingredients are involved. First, the organization needs to not only want to improve cybersecurity, but it also needs enthusiastic support of that goal from leadership. Without support and encouragement from the higher levels in the form of active participation and financial buy-in, it's difficult to change the organizational culture. Second, the cybersecurity strategy isn't going to simply coalesce; it requires strong project management and a clearly defined plan. Without them, implementation of any cybersecurity measures will be, at best, haphazard and minimally effective. Third, effective communication, training, response, and monitoring plans are required to get full buy-in from personnel and associated third parties, as well as to ensure cyber attacks are held to a minimum and, when they do happen, they are addressed rapidly and efficiently. Without those elements, any implemented cybersecurity plan will lack potency over the long term, leaving the organization more prone to cyber attacks and financial consequence.

This guide has hopefully provided you with all the considerations required to develop an effective, living cybersecurity plan for your organization. As part of that development effort, this guide has also addressed the benefits and uses of cybersecurity standards frameworks. The decision of which frameworks to choose isn't to be taken lightly; however, when chosen and implemented well, they have the potential to assist the organization with developing their overall cybersecurity strategy. The frameworks' security control, program development, and risk management elements can help deduce gaps between current system state and desired system state, as well as gaps in internal expertise, hardware, and policy. Most frameworks are also build on or mapped to other existing standards and frameworks, which have been developed by a broad consensus of interested individuals with expertise in cybersecurity and the fields requiring it. Regulatory bodies have also shaped those standards and frameworks, meaning that the organization that effectively uses cybersecurity standards frameworks in their plan development will be prepared at go-live for conformance to regulations.