Eleftherios,
Happy Holidays!
I'd like to participate, helping to support the initiative, including extending with additional guidelines, and operationalizing results - integrating into the Global Cyber First Responder (training/certification) initiative we are leading for public and private critical infrastructure (CI) protection, working with DHS, federal agencies, state/local agencies, tribal, territorial, National White Collar Crime Center (NW3C), Fusion Centers, and critical infrastructure sector organizations and experts. Cyber response roles, responsibilities and competencies from a proactive and reactive perspective, and alignment of physical/cyber/cyber-physical response protocols.
Beginning the first of the year, DHS will be developing a supporting Security Resilience Table-Top Exercise working with DHS Physical and Cyber Exercise Divisions . Scenario - Physical, Cyber, Cyber-Physical including Cognitive Security injects (Disinformation, Misinformation, Malign Influence).
Needless to say, shared cloud infrastructure and security responsibilities need to be incorporated into Cyber First Responder competencies, roles and responsibilities and the supporting exercise,, and vice-versa, Cyber First Responder responsibilities integrated into the
CCMv4 framework.
I look forward to discussing in greater detail and learning how I can assist to support the SSRM. Exciting 2023!
------------------------------
Deborah Kobza
President/EO
International Association of Certified ISAOs (IACI)
------------------------------
Original Message:
Sent: Dec 06, 2022 05:13:22 AM
From: Eleftherios Skoutaris
Subject: SSRM Project Announcement - Call for Participation
Dear Members,
CSA and the CCM WG are interested to kick-off a new project for developing guidelines that pertain to the Shared Security Responsibility Model (SSRM) and that are to be tailored to each of the total of 197 CCMv4 control specifications.
Introduction
The Shared Security Responsibility Model (SSRM) is inherent to the use of cloud services. It is essential that cloud service customers (CSCs) are fluent in, and up to date on, how they and their cloud service providers (CSPs) share the responsibility for securing their cloud footprint.
The Cloud Controls Matrix (CCM) and existing framework of its underlying components are already SSRM-enhanced and aid CSPs and CSCs delineate their part of controls ownership and implementation responsibility. Nevertheless, a complete SSRM guidance for all controls in the CCMv4 is currently missing.
Objective
The objective of the project is to extend the CCMv4 framework by developing additional guidelines that pertain to the Shared Security Responsibility Model in order to educate cloud customers and help them better understand their security responsibilities within the shared cloud infrastructure.
AWS Support
The project will be supervised by the WG co-chairs and is to be further evaluated & enhanced by AWS, who represents the project from the standpoint of the Cloud Service Provider. In that direction, CCM WG co-chair David Nickles (AWS) is working to provide the CCM WG with AWS input.
Timeline
Project is expected to kick-off on December 15th and be completed end of Q3 2023, according to the established 2022-2023 project timeline.
Industry practitioners, cloud security experts, who have a good understanding & experience on the SSRM (especially from cloud controls' implementation standpoint) and are interested in participating & contributing to this project, are kindly invited to contact me.
Best regards,
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------