cloud controls matrix work group session
DESCRIPTION
Sean Cordero President of Cloudwatchmen , Co-chair CCM, CSA Evelyn de Souza Data Center Security Strategist, Cisco, Co-chair CCM, CSA. Cloud Controls Matrix Work Group Session . Who Controls What in the Cloud Ecosystem?. CSA Security Guidance v3.0. - PowerPoint PPT PresentationTRANSCRIPT
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Cloud Controls Matrix Work Group Session
Sean Cordero President of Cloudwatchmen, Co-chair CCM, CSAEvelyn de Souza Data Center Security Strategist, Cisco, Co-chair CCM, CSA
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Who Controls What in the Cloud Ecosystem?
CSA Security Guidance v3.0
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Cloud Controls Matrix (CCM)CSA Security Guidance 3.0x 3 new control domains to address new ways cloud data is accessedImproved clarity and cohesiveness of control domains
Mobile SecuritySupply Change Management, Transparency and AccountabilityInteroperability and Portability
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CCM Release PipelineVersion 1.x Releases – 1.0 (April 2010), 1.01 (Oct 2010), 1.1 (Dec 2010), v1.2 (Aug 2011), v1.3 Aprill, 2013,
v1.4 (TBD)
Next Full Revision Release – April 2013
CCM 1..3 Align to Security Guidance 3.0
CCM 1.4
Baseline Control Assurance Framework for Cloud Security – mapped to:
**COBIT 4.1**HIPAA / HITECH ActISO/IEC 27001:2005**NIST Special Publication (SP) 800-53 Rev 3FedRAMP 3.0PCI DSS v2.0BITS Shared AssessmentsGAPPJericho ForumNERC CIPAICPA Trust Services Principles & Criteria (TSP)
**CCM .xx Future Pipeline Mapping Considerations:• Open Data Center Alliance (ODCA)• HIPAA/HITECH Act (CSA HIMG)• COBIT 5 (Information Security)• NIST SP 800-53 Rev 4• Slovenian Information Commissioner on Privacy
Guidance for Cloud Computing• New Zealand Information Security Manual
(NZISM)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Your Call to Action
Become involved as a subject matter expert and a reviewer for upcoming releases
Advise on different standards that we should consider mapping in going forward
Implement the CCM in your organization’s compliance reporting tools
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Thank You