Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.

Published byShawn Edwards Modified over 8 years ago

Similar presentations

Presentation on theme: "© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM."— Presentation transcript:

1 © Cloud Security Alliance, 2015 Sean Cordero, Chair CCM

2 Agenda © Cloud Security Alliance, 2015 Overview of the CCM CSA STAR & The CCM Industry Adoption and the CCM Looking Ahead: CCM 2016

3 Overview of the CCM © Cloud Security Alliance, 2014. Industry standard for Cloud supply chain security & risk management: Delineates control ownership (Provider, Customer) An anchor for security and compliance posture measurement Provides a framework of 16 control domains Controls map to global regulations and security standards Industry Driven Effort: 120+ Peer Review Participants Participants: AICPA, Microsoft, McKesson, ISACA, Oracle Backbone of the Open Certification Framework and STAR

4 Industry Adoption of the CCM © Cloud Security Alliance, 2014. CSA STAR Certification Based on ISO/IEC 27001:2013 and CCM 3.x Provides enhanced assessment to provide full visibility. Flexible assessment that can be tailored through the Statement of Applicability. CSA and AICPA Cloud Attestation Third party assessment program of cloud providers officially known as CSA Security Trust & Assurance Registry (STAR) Attestation. Enables enhanced, cloud-specific AICIPA SOC 2 Reporting. Illustrative SOC2 with CCM provided on AICPA site.

5 CCM Developments Q2-2015 to Q1-2016 CAIQ and CCM Minor Updates (released 12/11/15) Minor mapping corrections Corrections to control specifications Filled in missing Architecture, Corporate, Supplier Relationship where missing CCM Training Course Under Development Candidate Mappings Released (2/29/16) ISO 27002 ISO 27017 ISO 27018 Mapping Roadmap Shared Assessments New Zealand BSI Germany

6 Looking Ahead: CCM 2016 Next CCM Release: Planned for 2016 Guidance 4.0 – Alignment w/ CCM Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact ccm-leadership@cloudsecurityalliance.orgccm-leadership@cloudsecurityalliance.org

7 Call to Action Peer Review of ISO 27002, 27017, 27018 Mappings Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact ccm- leadership@cloudsecurityalliance.orgccm- leadership@cloudsecurityalliance.org

8 Contact Information © Cloud Security Alliance, 2014. Sean Cordero email: sean.cordero@email: sean.cordero@optiv.com Twitter: @sean_cordero

9 ? ? ? ? © Cloud Security Alliance, 2015

10 SaaS CSA STAR Watch © Cloud Security Alliance, 2014. CSA STAR Watch: Subscription based, SaaS tool to manage CCM compliance. Delivers CCM/CAIQ Delivered in a multi-user database. Enables control delegation for assessors. Open Beta started announced at CSA Summit (4/20) Envision integration with STAR and GRC consoles Visit the CSA booth in the South Hall (to the right of the main entrance) # 2621 Demos at 4pm (Tuesday and Wednesday) Interested? Contact research@cloudsecurityalliance.org w/ Subject Line “CSA STAR Watch BETA”.research@cloudsecurityalliance.org

Download ppt "© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM."

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
Cloud Security Alliance Research & Roadmap June 2012

Cloud Security Alliance Research & Roadmap June 2012
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,

Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Open Compliance & Ethics Group (www.oceg.org)

Open Compliance & Ethics Group (
Www.cloudsecurityalliance.org Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,

Copyright © 2014 Cloud Security Alliance Security Certification for Cloud Services : The CSA STAR Certification Daniele Catteddu,
Www.cloudsecurityalliance.org Copyright © 2013 Cloud Security Alliance CSA Speed Talk: “STAR &CCSK – An Update on Provider and User Certification”

Copyright © 2013 Cloud Security Alliance CSA Speed Talk: “STAR &CCSK – An Update on Provider and User Certification”
The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division.

The Human Firewall Creating a security aware workforce APPLIED INFORMATION SERVICES Andrew Breakwell Business Development Director Compliance Division.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Keynote.

Copyright © 2011 Cloud Security Alliance Keynote.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
CloudAudit Working Group Update April 2011. CloudAudit Charter Provide a common interface and namespace that allows cloud computing providers to automate.

CloudAudit Working Group Update April CloudAudit Charter Provide a common interface and namespace that allows cloud computing providers to automate.
Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.

Building trust in the Cloud: the CSA perspective Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance © Cloud Security.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
The ISO/IEC 20000 family Lynda Cooper Co-author ISO20000 Project editor ISO20000 part 1 Principal UK Expert to ISO group ITIL Expert.

The ISO/IEC family Lynda Cooper Co-author ISO20000 Project editor ISO20000 part 1 Principal UK Expert to ISO group ITIL Expert.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SecureAware Building an Information Security Management System.

SecureAware Building an Information Security Management System.
Cloud Security Alliance Research & Roadmap Jim Reavis Executive Director August 2011.

Cloud Security Alliance Research & Roadmap Jim Reavis Executive Director August 2011.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.

Similar presentations

Ads by Google