© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.

Slides:



Advertisements
Similar presentations
Agenda What is Compliance? Risk and Compliance Management
Advertisements

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
Cloud Security Alliance Research & Roadmap June 2012
Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Open Compliance & Ethics Group (
Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,
Copyright © 2013 Cloud Security Alliance CSA Speed Talk: “STAR &CCSK – An Update on Provider and User Certification”
The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division.
Copyright © 2011 Cloud Security Alliance Keynote.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
CloudAudit Working Group Update April CloudAudit Charter Provide a common interface and namespace that allows cloud computing providers to automate.
Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
The ISO/IEC family Lynda Cooper Co-author ISO20000 Project editor ISO20000 part 1 Principal UK Expert to ISO group ITIL Expert.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SecureAware Building an Information Security Management System.
Cloud Security Alliance Research & Roadmap Jim Reavis Executive Director August 2011.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
3rd Party Audits and Regulatory Inspections Food Industry Perspective
Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.
Roles and Responsibilities
Cloud Security Alliance Research & Roadmap
12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:
IRIS - International Railway Industry Standard The Quality Standard for the Railway Industry ACRI Prague, 2nd April 2008 Angela de Heymer Manager Quality.
ISO IEC Requirements- 380 Requirements Checklist and Compliance Assessment This is a focused and well-organized Assessment Checklist with in-depth.
Copyright © 2011 Cloud Security Alliance Cloud Security Alliance Research & Roadmap Jim Reavis, Executive Director, CSA.
© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Shared Assessment Committees Update ©2012 The Shared Assessments Program. All Rights Reserved.
Service Organization Controls (SOC) Overview Shared Assessment Member Forum Presentation April 10, 2012.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Mitigating Risk 2015 SEWP Acquisition Summit and Training 1 December 8-10, 2015.
PRIVACYRELIABILIT Y SECURITY Secures against attacks Protects confidentiality, integrity, and availability of data and systems Helps manage risk Protects.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.
SE513 Software Quality Assurance Lecture12: Software Reliability and Quality Management Standards.
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
ONLINE KNOWLEDGE PRODUCT OF SAP GRC Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA
ProcessFrame QMS Is a Quality Management System that Supports ISO 9001:2015 Standard and Runs on the Microsoft Azure Cloud Platform MICROSOFT AZURE ISV.
Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.
Cloud Solutions: Getting the Security and Controls Right July 20, 2016.
Cloud Adoption Framework
WELCOME TO IQCS CERTIFICATION PRIVATE LIMITED (INDIA)
ISO 37001: Anti-Bribery Management System Standard
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
JU September Stakeholder Engagement Conference Webinar #1
Partner Logo Veropath Offers a Next-Gen Expense Management SaaS Technology Solution, Built Specifically to Harness Big Data Analytics Capabilities in Azure.
IT and Project Management Best Practice Training
Microsoft SAM Managed Service Program
ISO 37001: Anti-Bribery Management System Standard
education.oracle.com/cloud
Assessing the Security of the Cloud
ISO 37001: Anti-Bribery Management System Standard
Microsoft SAM Managed Service Program
One-Stop Shop Manages All Technical Vendor Data and Documentation and is Globally Deployed Using Microsoft Azure to Support Asset Owners/Operators MICROSOFT.
Shared Assessment Committees Update
Harness the competitive advantages of Power BI and obtain business-critical insights with Adastra’s enterprise analytics platform using Microsoft Azure.
Microsoft SAM Managed Service Program
2/22/2019 7:48 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
ISO 37001: Anti-Bribery Management System Standard
How to address security, cost, IT and migration concerns
Chapter # 8 Quality Management Standards
ISO 37001: Anti-Bribery Management System Standard
How To Identify and Reduce Business Risk
Final Rule on Foreign Supplier Verification Programs
Successfully build your GDPR offer – and how Microsoft can help
LMS Meeting Agenda- Jan. 24, 2019
Presentation transcript:

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM

Agenda © Cloud Security Alliance, 2015 Overview of the CCM CSA STAR & The CCM Industry Adoption and the CCM Looking Ahead: CCM 2016

Overview of the CCM © Cloud Security Alliance, Industry standard for Cloud supply chain security & risk management: Delineates control ownership (Provider, Customer) An anchor for security and compliance posture measurement Provides a framework of 16 control domains Controls map to global regulations and security standards Industry Driven Effort: 120+ Peer Review Participants Participants: AICPA, Microsoft, McKesson, ISACA, Oracle Backbone of the Open Certification Framework and STAR

Industry Adoption of the CCM © Cloud Security Alliance, CSA STAR Certification Based on ISO/IEC 27001:2013 and CCM 3.x Provides enhanced assessment to provide full visibility. Flexible assessment that can be tailored through the Statement of Applicability. CSA and AICPA Cloud Attestation Third party assessment program of cloud providers officially known as CSA Security Trust & Assurance Registry (STAR) Attestation. Enables enhanced, cloud-specific AICIPA SOC 2 Reporting. Illustrative SOC2 with CCM provided on AICPA site.

CCM Developments Q to Q CAIQ and CCM Minor Updates (released 12/11/15) Minor mapping corrections Corrections to control specifications Filled in missing Architecture, Corporate, Supplier Relationship where missing CCM Training Course Under Development Candidate Mappings Released (2/29/16) ISO ISO ISO Mapping Roadmap Shared Assessments New Zealand BSI Germany

Looking Ahead: CCM 2016 Next CCM Release: Planned for 2016 Guidance 4.0 – Alignment w/ CCM Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact

Call to Action Peer Review of ISO 27002, 27017, Mappings Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact ccm-

Contact Information © Cloud Security Alliance, Sean Cordero

? ? ? ? © Cloud Security Alliance, 2015

SaaS CSA STAR Watch © Cloud Security Alliance, CSA STAR Watch: Subscription based, SaaS tool to manage CCM compliance. Delivers CCM/CAIQ Delivered in a multi-user database. Enables control delegation for assessors. Open Beta started announced at CSA Summit (4/20) Envision integration with STAR and GRC consoles Visit the CSA booth in the South Hall (to the right of the main entrance) # 2621 Demos at 4pm (Tuesday and Wednesday) Interested? Contact w/ Subject Line “CSA STAR Watch

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.