1 / 6

Security Controls

Controls. Wells Fargo Technology Controls Cube. Business Controls. Regulatory Controls. Security Controls. The Technology Controls Cube defines controls across three dimensions to establish clear accountability and ensure completeness of coverage Controls – Defines the requirement

sherburne
Download Presentation

Security Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Controls Wells Fargo Technology Controls Cube Business Controls Regulatory Controls Security Controls • The Technology Controls Cube defines controls across three dimensions to establish clear accountability and ensure completeness of coverage • Controls – Defines the requirement • Operations – Defines how the control is implemented and who is responsible for implementing the control • Technology Stack – Defines where the control is implemented in the technology stack Applications Data Services IT Management Services Security Services Platform Services Infrastructure Services Operations Tech Stack

  2. Full Stack Automation (FSA) Scope for DevSecOps Controlsdeployed in a uniform manner across the technology stack by leveraging Full Stack Automation • Cross-organizational, engineering practice and capability that breaks down barriers and establishes collaboration between development, security, and operations organizations using automation to focus on rapid, frequent delivery of secure infrastructure and software to production • Encompasses intake to release of software and manages those flows predictably, transparently, and with minimal human intervention/effort – from Sunrise to Sunset • Provides built-in security controls through automation of the software development lifecycle along with enablement of security monitoring and integration with cyber threat management

  3. Full Stack Automation (FSA) for DevSecOps IT Management Servceis Supply Chain / Vendor Management Change Management Incident, Event/ Problem Management Release/ Deploy Management IT Financial Management Asset/ Configuration Management Knowledge Management App Infrastructure Platform (middleware) Templates Security Full Stack Automation Images Artifact Repository Environment Libraries App Configs Virtual Perimeter CI CD PaaS Orchestrator IaaS Testing VCS Accounts, sub-nets, network isolation, Encryption, IAM Security Services Application Information Security Cyber Defense Management Center Identity / Access Management Information Security Risk Management Infrastructure Information Security Workforce Accountability Third Party Information Security Vulnerability Management

  4. Controls The Security Controls are a baseline of the FedRAMP controls in NIST SP 800-53 tailored to Wells Fargo’s environment, standards, and responsibilities in developing and maintaining our cloud services. FedRAMPis a highly regarded controls framework in the security and risk community that allows for traceability to our various regulatory requirements and industry-recognized risk management frameworks. The Security Controls form the baseline of controls from which business controls and regulatory controls can be layered.

  5. The “Technology” and “Operations” components of the Technology Controls Cube are in alignment with the services and capabilities outlined in the Wells Fargo IT Service Model and the Wells Fargo IT Capability Model Technology Stack and Operations

  6. Cost of Fixing Defects Across the Lifecycle

More Related