Download
1 / 6
120 likes | 498 Views
Sean Cordero President of Cloudwatchmen , Co-chair CCM, CSA Evelyn de Souza Data Center Security Strategist, Cisco, Co-chair CCM, CSA. Cloud Controls Matrix Work Group Session . Who Controls What in the Cloud Ecosystem?. CSA Security Guidance v3.0.
E N D
Sean Cordero President of Cloudwatchmen, Co-chair CCM, CSA Evelyn de Souza Data Center Security Strategist, Cisco, Co-chair CCM, CSA Cloud Controls Matrix Work Group Session
Who Controls What in the Cloud Ecosystem? CSA Security Guidance v3.0
3 new control domains to address new ways cloud data is accessed Improved clarity and cohesiveness of control domains Mobile Security Supply Change Management, Transparency and Accountability Interoperability and Portability Cloud Controls Matrix (CCM)CSA Security Guidance 3.0x
Version 1.x Releases – 1.0 (April 2010), 1.01 (Oct 2010), 1.1 (Dec 2010), v1.2 (Aug 2011), v1.3 Aprill, 2013, v1.4 (TBD) Next Full Revision Release – April 2013 CCM 1..3 Align to Security Guidance 3.0 CCM 1.4 Baseline Control Assurance Framework for Cloud Security – mapped to: **COBIT 4.1 **HIPAA / HITECH Act ISO/IEC 27001:2005 **NIST Special Publication (SP) 800-53 Rev 3 FedRAMP 3.0 PCI DSS v2.0 BITS Shared Assessments GAPP Jericho Forum NERC CIP AICPA Trust Services Principles & Criteria (TSP) CCM Release Pipeline **CCM .xx Future Pipeline Mapping Considerations: • Open Data Center Alliance (ODCA) • HIPAA/HITECH Act (CSA HIMG) • COBIT 5 (Information Security) • NIST SP 800-53 Rev 4 • Slovenian Information Commissioner on Privacy Guidance for Cloud Computing • New Zealand Information Security Manual (NZISM)
Your Call to Action • Become involved as a subject matter expert and a reviewer for upcoming releases • Advise on different standards that we should consider mapping in going forward • Implement the CCM in your organization’s compliance reporting tools
