Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Contact Us
Terms and Conditions
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Connect
The Inner Circle
Communities
Directory
Learn
Certificates & Trainings
Cloudbytes Webinars
Blog
Videos
Cloud Security
Zero Trust
Technology Maps
Cloud Security Map
Zero Trust Map
Engage
Volunteer
Opportunities
Events
Financial Services Industry
Research Working Groups
Private Community
View Only
Community Home
Discussion
100
Library
71
Events
0
Members
195
Back to discussions
Expand all
|
Collapse all
Financial Services Meeting - 5/25/22
1.
Financial Services Meeting - 5/25/22
0
Like
Alex Kaluza
Posted May 26, 2022 04:56:00 PM
Edited by Alex Kaluza May 26, 2022 04:57:12 PM
|
view attached
Reply
Reply Privately
Options Dropdown
Financial Services Meeting - 5/25/22
CSA Events and Updates
Chapter Events
- Summer
Advancing Zero Trust Principles
- May 26
th
Threat detection & response virtual workshop
- May 26
th
API MythBusters: Crushing Five Security Myths that are Crushing Your Safety
- June 2
nd
RSA Conference 2022
- June 6
th
-9
th
A Guided Approach to Support Your Zero Trust Strategy
- June 29
th
SECtember 2022
- September 26
th
CCSK Digital Badge
-
In partnership with Credly, CSA will be providing digital badges to qualified holders of the CCSK v.3 and v.4.
Zero Trust Advancement Center
-
CSA's mission is to create research, training, professional credentialing and provide an online center for additional curated Zero Trust resources. These tools will enable enterprises to understand and implement Zero Trust principles into business planning, enterprise architectures and technology deployments.
Financial Services Research in Development
Cloud Usage in the Financial Services Sector v2
Draft
- Reevaluate the previous
Cloud Usage in the Financial Services Sector
publication with an updated version focusing on relevant topics for the modern financial services industry landscape
Domains for the next survey in progress:
Data privacy/sharing:
GDPR / Schrems 2
Vendor risk assessments:
SaaS provider -> subcontractor to CSP
Encryption/key:
Secrets (short lived etc) lifecycle management:
Compliance infra for SaaS/PaaS decentralized/centralized environments
In regards to those standards, what are the most significant challenges?
Are those compliance requirements and challenges related to specific types of business?
Is there one particular standard that your organization uses as an internal compliance policy baseline (e.g. that you correlate or map other compliance requirements to)?
Mapping to CAIQ/CCM for global regulatory compliance
Application / Ops:
end-to-end understanding/visibility, maturity, documentation (DevOps as a forcing function highlighting gaps in Application teams understanding and appreciation for Ops) / Incident Preparedness within Ops
Agile maturity:
how are orgs benchmarking their maturity within agile adoption
BCP:
region migration (e.g. in response to geo-political events): tension between availability zones vs region (particularly in context of SaaS providers)
How satisfied are you with CSPs evidencing DR/BCP readiness?
Partial vs total failure: e.g. AAD disruption impacting one or more key business processes vs. ransomware attack that impacts live + backup
SOC:
logging/visibility/response, level of integration with internal/3rd party SOCs
SaaS integration with SOC
- is it happening?
Institution SOC
lo
gging/visibility/response, level of integration with internal/3rd party SOCs
Lift and Shift:
nuances within risk assessment process (example of using cloud keystore vs. "secretless" service where secrets are managed through an intermediary CSP service. XXX needs work
Incident response:
Emerging threats: how are vendors identifying and mitigating emerging threats and how do you gain evidence/assurance that mitigating controls are both in place and effective?
What level of communication are institutions experiencing in relation to threats that target the CSP itself vs CSP client base?
Zero Trust / Multi-cloud:
Are you implementing ZTR in a single OR multi-cloud environment?
If yes to above, where are you in your zero trust journey (ref: Gartner model?)
Are you using any supporting security services (e.g. IDaaS, CASB, EDR)?
What is the implementation balance between Native zero trust vendor capability vs in-house
Financial security startup company evaluations
Proposal
- Have 30 minutes of each monthly call for a working session, and 30 minutes for a "shark tank" style session with security companies having 10 minutes to pitch and receive feedback
Could be a way to increase participation from Financial Institutions
Next Zoom Meeting:
June 22
nd
8:00 AM PT
https://cloudsecurityalliance.zoom.us/j/94151107820
Agenda, guest speaker TBA
Cloud Usage in the Financial Services Sector v2 development
------------------------------
Alex Kaluza
Research Coordinator
Cloud Security Alliance
------------------------------
Attachment(s)
Financial Services 5_25_22.pptx
1.23 MB
1 version
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Privacy Notice
|
Terms & Conditions
Copyright 2022. All rights reserved.
Powered by Higher Logic