Hi,
In searching the artifacts I found that various publications included change management controls. However, I could not find a publication whose subject was change management. Nor is there a change management working group.
@Craig Balding@Jim de Haas
------------------------------
Michael Roza CPA, CISA, CIA
------------------------------
Original Message:
Sent: Jun 24, 2020 04:01:31 PM
From: Alex Kaluza
Subject: Financial Services Meeting Minutes 6/24/20
Financial Services Meeting Minutes 6/24/20
- Intro
- Joining and using the FSSP Circle group to follow past and present initiatives.
- Reviewed previous FSSP Releases.
- CSA Events Calendar
- CSA Cloudbytes Connect (July)
- SECtember (September) - Have a speaker from the FSSP working group present?
- Previous Financial Services Publications
- Cloud Usage in the Financial Services Sector
- Cloud Octagon Model for Risk Assessment in the Cloud
- Financial Services 2020-21 Charter
- Released: June 9, 2020
- This Charter covers the scope and responsibility of the FSSP working group, potential initiatives, and reference publications contributing to the impact of cloud and technology adoption in Financial services.
- Guest Speaker: Michael Roza - Cloud Security Alliance – Contributing Author & Research Volunteer
- Six Pillars of DevSecOps: Automation
- This paper is still in development and early release, however comes from the Six Pillars of DevSecOps primary document: https://cloudsecurityalliance.org/press-releases/2019/08/09/csa-releases-the-six-pillars-of-devsecops-report
- Michael gave an overview of the paper, and fielded questions from the group.
- Used the Secure Deployment Lifecycle - Polices, Standards, Controls, and Best Practices chart as reference for discussion.
- CSA DevSecOps Software Delivery Pipeline - Triggers, activities, setting up and maintenance of pipelines.
- Risk-prioritized factors, delivery pipeline framework, securing applications, and automation best practices were also covered.
- Proposed Initiatives
- Security & compliance dashboards for devops teams on AWS/Azure
- DevSecOps - Bring security tools and practices to DevOps
- Does your organisation use cloud native security and compliance dashboards?
- Do you offer training to your devops teams on how to use those dashboards?
- Blockchain for Financial Services
- A DLT Security Framework for the Financial Services Sector.
- What are the challenges in risk assessments in blockchain?
- Serverless Security
- How do you secure FaaS?
- How do you implement IAM?
- Next Meeting
- Wednesday, July 22nd at 8 AM PT
- If anyone has a financial services topic of interest they would like brought up at the next meeting please let myself, or one of the Co-Chair's know.
------------------------------
Alex Kaluza
Research Coordinator
Cloud Security Alliance
------------------------------