The Inner Circle

 View Only
  • 1.  CloudBytes Connect Q&A

    Posted Feb 02, 2021 08:02:00 AM
    Hi All,

    We want to give space for follow-up questions that any CloudBytes Connect attendees may have after a session. Please just list the session in your response to this thread and we will do our best to connect you with the speaker or presenter.

    Thanks for joining us, we are looking forward to an awesome week.


    If you haven't registered for CloudBytes Connect it starts this morning and you can do so for free here.

    ------------------------------
    Jaclyn Parton
    Marketing Coordinator
    Cloud Security Alliance
    Bellingham WA
    ------------------------------


  • 2.  RE: CloudBytes Connect Q&A

    Posted Feb 02, 2021 02:38:00 PM
    Thanks for a successful first day of the event. We had a few questions come through.

    @John Yeoh and @Ed Hagopian / @Ed Hagopian these questions came through for the CSA Open Source Frameworks presentations if you could please chime in with any answers you may have, that would be great.

    1. Are you willing to share any of your Miro diagrams, mappings, etc. as templates? I could see them as being useful to some of our clients.
    2. Is it possible to share the mindmap?​​​​​​
    3. Thank you, Ed. That was fantastic and amazing work. Any guidance you can provide on how to actually adopt the CCM and how to go about addressing the 17 domains a 190+ controls? I didn't quite understand how you adopted and then developed the controls


    @Rachel Kelsesky here are a couple of questions that came through for Nik Fuller's presentation, Identifying Risky Vendors: 7 Warning Signs You Shouldn't Ignore.

    1. What do you suggest for going beyond the self-assessment questionnaire and verifying the responses?
    2. Would you be able to share a template/toolkit with a set of areas or (even better) questions that are used as part of the vendor assessment?


    Thanks all!



    ​​

    ------------------------------
    Jaclyn Parton
    Marketing Coordinator
    Cloud Security Alliance
    Bellingham WA
    ------------------------------



  • 3.  RE: CloudBytes Connect Q&A

    Posted Feb 03, 2021 09:11:00 AM
    I have to check back with Dell in regards to what I could publish in Miro as a template, I feel strongly the TCI map should be fine, but I might have to anonymize the product line and org structures a bit more. I would ask that they setup an alert on the github page I created and I will update the readme when I find out. The link again is https://github.com/edhagopian/DHCF

    With regards to adopting the CCM, that's a much longer post. Then just a quick response. It starts with having your policies and standards in order, aligning the CCM to it along with your respective NIST 800-53 controls (which map within CCM), then applying the matrix that maps CCM to the ESA which will give you a chance to speak to the capabilities that will drive alignment to your controls. There is then a whole "coverage, and compliance" aspect to it.. I'd ask them to DM me on twitter @edhagopian and we can begin a discussion.




    ------------------------------
    Ed Hagopian
    Manager
    Dell
    ------------------------------



  • 4.  RE: CloudBytes Connect Q&A

    Posted Feb 04, 2021 11:00:00 AM
    Day 2 went great and we gathered all the questions and have tagged speakers and reps here for answers!  Keep the questions coming!


    @Daniele Catteddu
    @Eleftherios Skoutaris@Shawn Harris@Sean Cordero


      • If I counted correctly, the controls went from 133 to 197, or an increase of 64 controls. Adding that many new controls seems to be going in the wrong direction, at least in the face of simplification, Can you comment?

      • Why is the key differentiator between SIG And CAIQ? What are the key benefits for an organization to adopt CAIQ over SIG?

      • Does CCSK4 exam cover CCMV4?

      • Do we expect Vendor Management to implement/manage the CCM or is that only an audit function?

      • What does those number difference means...for example V3 is 3 V4 is 6 in A&A?


    @Chris Parkerson a question on Adobe's presentation: How does the Common control platform compare to the industry standard GRC solutions such as Archer, Zen Archer....?


    ------------------------------
    Melisa Williams
    Event Manager
    CSA
    ------------------------------



  • 5.  RE: CloudBytes Connect Q&A

    Posted Feb 04, 2021 01:25:00 PM
    That's a wrap! Thanks, everyone for an awesome event. 

    @John Yeoh There is one question that came through today during your session, Research Roadmap:

    Are OSCAL, compliance-as-code, or security compliance automation on the research roadmap?

    ------------------------------
    Jaclyn Parton
    Marketing Coordinator
    Cloud Security Alliance
    Bellingham WA
    ------------------------------