© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.

Slides:



Advertisements
Similar presentations
Agenda What is Compliance? Risk and Compliance Management
Advertisements

1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Cloud Security Alliance Research & Roadmap June 2012
Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.
Enabling traceability and transparency with standards-based regulatory reporting Dr. Said Tabet Senior Technologist and Industry Standards Strategist Office.
Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Open Compliance & Ethics Group (
Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,
Copyright © 2013 Cloud Security Alliance CSA Speed Talk: “STAR &CCSK – An Update on Provider and User Certification”
Copyright © 2011 Cloud Security Alliance Keynote.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
CloudAudit Working Group Update April CloudAudit Charter Provide a common interface and namespace that allows cloud computing providers to automate.
Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit PaaS from an Applications Perspective Charles McGuinness Director,
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)
SOC1 vs. SOC2 vs. SOC3 Source: ryServices/Pages/AICPASOC3Report.aspx.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
SecureAware Building an Information Security Management System.
Cloud Security Alliance Research & Roadmap Jim Reavis Executive Director August 2011.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
SODA Archiving October 2013
Managing Third Party Risk In a world fraught w/Risk Trust In the Cloud How are you Protecting Customer Data? February 26, 2014 Case Study Vincent Campitelli.
WebTrust SM/TM Principles and Criteria for Certification Authorities CA Trust Jeff
Cloud Security Alliance Research & Roadmap
12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:
Singapore: Benefits from Secure Clouds
Mark Estberg, John Howie Senior Directors Microsoft Corporation SESSION CODE: SIA317.
Copyright © 2011 Cloud Security Alliance Cloud Security Alliance Research & Roadmap Jim Reavis, Executive Director, CSA.
© Cloud Security Alliance, 2015 Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems.
Cloud Security: Critical Threats and Global Initiatives Jim Reavis, Executive Director July, 2010.
Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,
Shared Assessment Committees Update ©2012 The Shared Assessments Program. All Rights Reserved.
Service Organization Controls (SOC) Overview Shared Assessment Member Forum Presentation April 10, 2012.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Gaining Unprecedented Visibility into Microsoft Dynamics CRM with Halo’s Pipeline Advisor, Powered by the Microsoft Azure Cloud Platform MICROSOFT AZURE.
Alliance Key Manager for Windows Azure Puts Encryption Key Management and Data Breach Security at Your Fingertips COMPANY PROFILE: TOWNSEND SECURITY Townsend.
PRIVACYRELIABILIT Y SECURITY Secures against attacks Protects confidentiality, integrity, and availability of data and systems Helps manage risk Protects.
SE513 Software Quality Assurance Lecture12: Software Reliability and Quality Management Standards.
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
V Global Forum on Fighting Corruption and Safeguarding Integrity – South Africa Trade and Customs Partnership to fight against corruption and safeguard.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.
Task Performance Group Provides Cutting-Edge E-Commerce B2B EDI Integration Using MegaXML SaaS Solution on Microsoft Azure Cloud Platform MICROSOFT AZURE.
Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Cloud Solutions: Getting the Security and Controls Right July 20, 2016.
ISO 37001: Anti-Bribery Management System Standard
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Cyber Risk Presentation to the Board of Directors
JU September Stakeholder Engagement Conference Webinar #1
Partner Logo Veropath Offers a Next-Gen Expense Management SaaS Technology Solution, Built Specifically to Harness Big Data Analytics Capabilities in Azure.
Local Austin Security Groups
Microsoft SAM Managed Service Program
ISO 37001: Anti-Bribery Management System Standard
education.oracle.com/cloud
Assessing the Security of the Cloud
ISO 37001: Anti-Bribery Management System Standard
به نام خداوند بخشنده و مهربان.
Microsoft SAM Managed Service Program
One-Stop Shop Manages All Technical Vendor Data and Documentation and is Globally Deployed Using Microsoft Azure to Support Asset Owners/Operators MICROSOFT.
Shared Assessment Committees Update
Microsoft SAM Managed Service Program
ISO 37001: Anti-Bribery Management System Standard
How to address security, cost, IT and migration concerns
ISO 37001: Anti-Bribery Management System Standard
How To Identify and Reduce Business Risk
Presentation transcript:

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM

Agenda © Cloud Security Alliance, 2015 Overview of the CCM CSA STAR & The CCM Industry Adoption and the CCM Looking Ahead: CCM 2016

Overview of the CCM © Cloud Security Alliance, Industry standard for Cloud supply chain security & risk management: Delineates control ownership (Provider, Customer) An anchor for security and compliance posture measurement Provides a framework of 16 control domains Controls map to global regulations and security standards Industry Driven Effort: 120+ Peer Review Participants Participants: AICPA, Microsoft, McKesson, ISACA, Oracle Backbone of the Open Certification Framework and STAR

Industry Adoption of the CCM © Cloud Security Alliance, CSA STAR Certification Based on ISO/IEC 27001:2013 and CCM 3.x Provides enhanced assessment to provide full visibility. Flexible assessment that can be tailored through the Statement of Applicability. CSA and AICPA Cloud Attestation Third party assessment program of cloud providers officially known as CSA Security Trust & Assurance Registry (STAR) Attestation. Enables enhanced, cloud-specific AICIPA SOC 2 Reporting. Illustrative SOC2 with CCM provided on AICPA site.

Looking Ahead: CCM Next CCM Release: Planned for to remain stable throughout 2015 Guidance 4.0 – Alignment w/ CCM Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact

Call to Action Peer Review of ISO Mappings in Q Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact ccm-

Contact Information © Cloud Security Alliance, Sean Cordero

? ? ? ? © Cloud Security Alliance, 2015

SaaS CSA STAR Watch © Cloud Security Alliance, CSA STAR Watch: Subscription based, SaaS tool to manage CCM compliance. Delivers CCM/CAIQ Delivered in a multi-user database. Enables control delegation for assessors. Open Beta started announced at CSA Summit (4/20) Envision integration with STAR and GRC consoles Visit the CSA booth in the South Hall (to the right of the main entrance) # 2621 Demos at 4pm (Tuesday and Wednesday) Interested? Contact w/ Subject Line “CSA STAR Watch

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.