Last year, CSA’s Continuous Audit Metrics Working Group released the first catalog of cloud security metrics. Many cloud customers think a certification obtained once a year after a third-party audit isn’t enough anymore, and that it’s time to move towards automated tools that continuously assess the effectiveness of an information system. In other words, they find it’s time to shift to the world of security metrics.
The metrics in this catalog aim to support internal CSP governance, risk, and compliance (GRC) activities and provide a helpful baseline for service-level agreement transparency → https://csaurl.org/htpab9
#cloudsecurity #compliance #riskmanagement