I have to check back with Dell in regards to what I could publish in Miro as a template, I feel strongly the TCI map should be fine, but I might have to anonymize the product line and org structures a bit more. I would ask that they setup an alert on the github page I created and I will update the readme when I find out. The link again is
https://github.com/edhagopian/DHCFWith regards to adopting the CCM, that's a much longer post. Then just a quick response. It starts with having your policies and standards in order, aligning the CCM to it along with your respective NIST 800-53 controls (which map within CCM), then applying the matrix that maps CCM to the ESA which will give you a chance to speak to the capabilities that will drive alignment to your controls. There is then a whole "coverage, and compliance" aspect to it.. I'd ask them to DM me on twitter @edhagopian and we can begin a discussion.
------------------------------
Ed Hagopian
Manager
Dell
------------------------------
Original Message:
Sent: Feb 02, 2021 02:37:32 PM
From: Jaclyn Parton
Subject: CloudBytes Connect Q&A
Thanks for a successful first day of the event. We had a few questions come through.
@John Yeoh and @Ed Hagopian / @Ed Hagopian these questions came through for the CSA Open Source Frameworks presentations if you could please chime in with any answers you may have, that would be great.
1. Are you willing to share any of your Miro diagrams, mappings, etc. as templates? I could see them as being useful to some of our clients.
2. Is it possible to share the mindmap?
3. Thank you, Ed. That was fantastic and amazing work. Any guidance you can provide on how to actually adopt the CCM and how to go about addressing the 17 domains a 190+ controls? I didn't quite understand how you adopted and then developed the controls
@Rachel Kelsesky here are a couple of questions that came through for Nik Fuller's presentation, Identifying Risky Vendors: 7 Warning Signs You Shouldn't Ignore.
1. What do you suggest for going beyond the self-assessment questionnaire and verifying the responses?
2. Would you be able to share a template/toolkit with a set of areas or (even better) questions that are used as part of the vendor assessment?
Thanks all!
------------------------------
Jaclyn Parton
Marketing Coordinator
Cloud Security Alliance
Bellingham WA
Original Message:
Sent: Feb 02, 2021 08:02:25 AM
From: Jaclyn Parton
Subject: CloudBytes Connect Q&A
Hi All,
We want to give space for follow-up questions that any CloudBytes Connect attendees may have after a session. Please just list the session in your response to this thread and we will do our best to connect you with the speaker or presenter.
Thanks for joining us, we are looking forward to an awesome week.
If you haven't registered for CloudBytes Connect it starts this morning and you can do so for free here.
------------------------------
Jaclyn Parton
Marketing Coordinator
Cloud Security Alliance
Bellingham WA
------------------------------