The Inner Circle

 View Only

  • 1.  metric implementation for control my CSP

    Posted Nov 28, 2023 08:27:00 AM

    HELLO,

    Please I need to implement some KPI to monitor the security, data or the efficiency of my CSP.

     can I have tips?



    ------------------------------
    Landry cesard WAMBO
    Consultant
    Efrei-Paris
    ------------------------------


  • 2.  RE: metric implementation for control my CSP

    Posted Nov 29, 2023 07:47:00 AM
    A good place to start is asking are aligned with CSA STAR. CSA STAR provides a comprehensive framework for assessing cloud security, encompassing various domains and controls. You can use the CSA STAR Cloud Controls Matrix (CCM) as a reference to identify relevant metrics that align with your objectives. If your CSP is not already on the STAR Registry, ask them to provide a CSA CAIQ Self-Assessment. CSA provides a STAR Provider Verification Template that you can modify and send to your suppliers. You can use the completed CAIQ as a baseline.
    There are also CCMv4.0 Auditing GuidelinesThis document contains auditing guidelines for each control specification within the CCM version 4. The CCM is a detailed controls framework aligned with CSA's Security Guidance for Critical Areas of Focus in Cloud Computing. Version 4, published in 2021, includes additional new components, such as the CCM v4.0 Implementation Guidelines and these auditing guidelines.

    Before you dive into specific metrics, clearly define your overall objectives for monitoring your CSP. What aspects of security, data, or efficiency are most important to you? For each objective, define specific metrics that can be measured and tracked over time. Ensure that the metrics are meaningful, measurable, achievable, relevant, and time-bound (SMART). You can access the Continuous Audit Metrics Catalog to help with this process.

    Continuously review and refine your KPIs as your cloud environment evolves and your objectives change. Adapt your metrics and data collection methods to reflect the changing landscape.

    Hope this helps.
    John A DiMaria; CSSBB, AMBCI, HISP, MHISP, CERP
    CSA STAR Program Director
    Cloud Security Alliance
    m:+1 314 374-9752





    This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.



    Original Message