© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.

Slides:



Advertisements
Similar presentations
Agenda What is Compliance? Risk and Compliance Management
Advertisements

Copyright © 2011 Cloud Security Alliance DANIELE CATTEDDU CSA Managing Director EMEA.
| dd-mm-yyy | Author Region | Sector | Division | Department Introduction Objectives of the Could opportunity assessment are to : ▶ identify applications,
Cloud Security Alliance Research & Roadmap June 2012
Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.
The CCM framework consists of 11 Control Areas that are important to be measured, especially when comparing between different cloud provider offering.
Enabling traceability and transparency with standards-based regulatory reporting Dr. Said Tabet Senior Technologist and Industry Standards Strategist Office.
Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Cloud Services Measurement, Audit – and Standards Martin Kuppinger Founder and Principal Analyst, KuppingerCole
DCIM-B221
Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports.
Copyright © 2013 Cloud Security Alliance CSA Speed Talk: “STAR &CCSK – An Update on Provider and User Certification”
Cloud Security Challenges Today and Tomorrow NameTitle February 2011.
Advancing Government through Collaboration, Education and Action Cloud Computing Working Group Stacy Cleveland, Chair.
Copyright © 2011 Cloud Security Alliance Keynote.
CloudAudit Working Group Update April CloudAudit Charter Provide a common interface and namespace that allows cloud computing providers to automate.
Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.
Cloud Vendor Security INFOSEC ASSESSMENTS & REPORTS.
BRC Global Standards. Trust in Quality. Exploring the Standard BRC Global Standard for Packaging and Packaging Materials.
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
SOC1 vs. SOC2 vs. SOC3 Source: ryServices/Pages/AICPASOC3Report.aspx.
Cloud Security Challenges Today and Tomorrow Aloysius Cheang Asia Pacific Strategy Advisor April 2011.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.
Security and Privacy Services Cloud computing point of view October 2012.
Cloud Security Alliance Research & Roadmap Jim Reavis Executive Director August 2011.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.
Cloud Security Alliance Research & Roadmap
12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:
TFTM Deliverable Self Assessment and Attestation Program Discussion Deck TFTM Committee June 25, IDESG TFTM Committee1.
About Sally Smoczynski Background in process improvement Consultant in Information Security, Service Management and Business Continuity Strong experience.
Copyright © 2011 Cloud Security Alliance Cloud Security Alliance Research & Roadmap Jim Reavis, Executive Director, CSA.
© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems.
Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010.
Daniel Cuschieri Information Security Distance Learning Weekend Conference August 2013.
Shared Assessment Committees Update ©2012 The Shared Assessments Program. All Rights Reserved.
Service Organization Controls (SOC) Overview Shared Assessment Member Forum Presentation April 10, 2012.
PRIVACYRELIABILIT Y SECURITY Secures against attacks Protects confidentiality, integrity, and availability of data and systems Helps manage risk Protects.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.
BRC Packaging ISSUE 5 Global Standard for Packaging and Packaging Materials.
ISO :2015 Documentation kit for Accreditation of Certifying Body - by Global Manager Group
A Methodology to Evaluate the Trustworthiness and Security Compliance of Cloud Service Providers Sasko Ristov Ss. Cyril and Methodius University, Skopje,
Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.
Primary Steps for Achieving ISO Certification.
Cloud Solutions: Getting the Security and Controls Right July 20, 2016.

Oracle Cloud Ahmed Afif Monrat Course: Cluster, Grid, Cloud
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Cyber Risk Presentation to the Board of Directors
JU September Stakeholder Engagement Conference Webinar #1
Partner Logo Veropath Offers a Next-Gen Expense Management SaaS Technology Solution, Built Specifically to Harness Big Data Analytics Capabilities in Azure.
Service Organization Control (SOC)
Streamlining Vendor Risk Management with the HECVAT
Microsoft SAM Managed Service Program
education.oracle.com/cloud
Accelerate your compliance journey Key customer concerns Product value
Assessing the Security of the Cloud
Developing a Baseline On Cloud Security Jim Reavis, Executive Director
Microsoft SAM Managed Service Program
CACUBO Risk Management and Cloud Security
One-Stop Shop Manages All Technical Vendor Data and Documentation and is Globally Deployed Using Microsoft Azure to Support Asset Owners/Operators MICROSOFT.
Shared Assessment Committees Update
Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.
Microsoft SAM Managed Service Program
How to address security, cost, IT and migration concerns
IT Management Services Infrastructure Services
Presentation transcript:

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ

Agenda © Cloud Security Alliance, 2015 Overview of the CCM Overview of the CAIQ CSA STAR & The CCM Industry Adoption and the CCM CSA STAR Watch Looking Ahead: CCM

Overview of the CCM © Cloud Security Alliance, Industry standard for Cloud supply chain security & risk management: Delineates control ownership (Provider, Customer) An anchor for security and compliance posture measurement Provides a framework of 16 control domains Controls map to global regulations and security standards Industry Driven Effort: 120+ Peer Review Participants Participants: AICPA, Microsoft, McKesson, ISACA, Oracle Backbone of the Open Certification Framework and STAR

Overview of the CAIQ © Cloud Security Alliance, Consensus Assessment Initiative Questionnaire A series of yes/no control assertion questions that a cloud consumer or cloud auditor may ask of a cloud provider. Based directly off of the CCM security controls Broken out by SaaS, PaaS, and IaaS layers Companion to the CSA Guidance and CSA Cloud Controls Matrix (CCM) Helps organizations build the necessary assessment processes for engaging with cloud providers Helps cloud providers assess their own security posture Industry Driven Effort: 120+ Peer Review Participants Participants: AICPA, Microsoft, McKesson, ISACA, Oracle

Launched in 2011, the CSA STAR is the first step in improving transparency and assurance in the cloud. The STAR is a publicly accessible registry that documents the security controls provided by cloud computing offerings Based on a multilayered structure defined by Open Certification Framework Working Group Searchable registry to allow cloud customers to asses the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR: SECURITY, TRUST & ASSURANCE REGISTRY © Cloud Security Alliance, 2014.

Industry Adoption of the CCM © Cloud Security Alliance, CSA STAR Certification Based on ISO/IEC 27001:2013 and CCM 3.x Provides enhanced assessment to provide full visibility. Flexible assessment that can be tailored through the Statement of Applicability. CSA and AICPA Cloud Attestation Third party assessment program of cloud providers officially known as CSA Security Trust & Assurance Registry (STAR) Attestation. Enables enhanced, cloud-specific AICIPA SOC 2 Reporting. Illustrative SOC2 with CCM provided on AICPA site.

SaaS CSA STAR Watch © Cloud Security Alliance, CSA STAR Watch: Subscription based, SaaS tool to manage CCM compliance. Delivers CCM/CAIQ Delivered in a multi-user database. Enables control delegation for assessors. Open Beta started announced at CSA Summit (4/20) Envision integration with STAR and GRC consoles Visit the CSA booth in the South Hall (to the right of the main entrance) # 2621 Demos at 4pm (Tuesday and Wednesday) Interested? Contact w/ Subject Line “CSA STAR Watch

Looking Ahead: CCM Next CCM Release: Planned for to remain stable throughout 2015 New Candidate Mappings (2015) FEDRAMP ISO NIST Cyber Security Framework Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact

Contact Information © Cloud Security Alliance, Sean Cordero Laura Posey

? ? ? ? © Cloud Security Alliance, 2015

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.