The Inner Circle

Expand all | Collapse all

IDEAS WANTED: Birds of a Feather Sessions

  • 1.  IDEAS WANTED: Birds of a Feather Sessions

    Posted 30 days ago
    Hello Community!

    CSA would like to host more birds of feather sessions to discuss security topics that may be top of mind to your or your customer's organization. We want to hear from our CSA Community to help build our calendar of peer to peer learning/discussion opportunities. The goal of these sessions would be to produce new guidance documents, develop new tools to use in practice, research new/disruptive technology or develop new education/awareness materials to help address topics that are identified by YOU and other members of our CSA community. If you have any ideas for topics, please add a comment below or contact Thanks in advance for your ideas!

    J.R. Santos
    Chief Customer Officer

  • 2.  RE: IDEAS WANTED: Birds of a Feather Sessions

    Posted 29 days ago
    Hi there,
    Working on finance institution, major topic is the handling of sensitive data off-premises in shared responsibilities models, thus addressing technological topics such;
    - new encryption models to provide full control to the customer and prohibiting access to any party not concerned in the use of the data (secure enclaves using Intel SGX, homomorphic encryption)
    - data classification and rights management governance; not new as a topic, but only now enterprises are widely implementing such solutions
    - central policy automation and enforcement, with adaptive SLA based on defined terms by customer

    I think we should address these topics more pragmatically, sharing each other experiences and know how to achieve better competencies and common understanding. I like the proposition to address some open questions and drive creation of guidelines and adoptions of methodologies and tools.

    Best regards,
    Danilo Becca
    IT Group Compliance

    Becca Danilo
    Cornèr Banca SA

  • 3.  RE: IDEAS WANTED: Birds of a Feather Sessions

    Posted 29 days ago
    Hi. I think the BOF session idea is (in general, and in this case) excellent.

    If you're interest, the OMG Cloud WG (which has a formal liaison with CSA) created a couple years ago a slide deck and a webinar, which are both available publicly (the webinar reply lasts about an hour):
    January 10, 2018 - Webinar: Security for Cloud Computing: 10 Steps to Ensure Success Version 3.0
    Download the presentation (PDF) | Watch the video on YouTube

    Since this will soon be 3 years old, and we tend to revise the most important guidance every three years (v1.0 was published in 2012, v2.0 in 20155) we at OMG would be interested in CSA feedback and in any possibility of working jointly on a Version 4.0 to be issued some time in 2021. A brainstorm session to give us feedback would be fantastic.

    Claude Baudoin
    Domain Expert