North Texas Chapter

 View Only
Back to discussions
Expand all | Collapse all

Leveraging the CAIQ and CCM - Chapter Event

  • 1.  Leveraging the CAIQ and CCM - Chapter Event

    Posted Sep 28, 2021 10:46:00 AM

    Join us November 18th to learn how the CAIQ and CCM can equip your organization with the tools necessary to properly assess potential cloud technologies using commonly accepted industry standards and documented security controls.

    Date/Time: November 18th @11:30am (Central Time)

    Link: https://us06web.zoom.us/j/81471516532?pwd=NWNpM3dEQUlTQXJaZitWeXRHeHpWZz09

    Passcode: 681661

    In 1997, Professor Ramnath Chellappa of Emory University coined the term, "Cloud."  5 years later, Amazon Web Services (AWS) launched its initial public cloud offering in 2002.  By 2018, the global cloud computing market exceeded $270B; and recent events, like the COVID-19 pandemic, have served as accelerants for this cloud explosion with expectations to exceed $620B by 2023.

    Along with this voracious appetite for cloud technologies, numerous security vulnerabilities have been exposed; and today, one of the most critical challenges for many organizations is understanding how to evaluate potential cloud service providers.

    Since 2008, the Cloud Security Alliance (CSA) has defined standards, certifications, and best practices to help ensure secure cloud environments. The Consensus Assessments Initiative Questionnaire (CAIQ - pronounced "CAKE") is a CSA survey designed to give consumers and auditors the ability to assess the security capabilities and Cloud Controls Matrix (CCM) compliance of cloud service providers.

    The CCM is a CSA cybersecurity control framework for cloud computing composed of more than 130 control objectives across 16 domains of cloud technology, such as:

    • Application and Interface Security
    • Audit Assurance and Compliance
    • Business Continuity Management and Operations Resilience
    • Change Control and Configuration Management
    • Data Security and Information Lifecycle Management
    • Datacenter Security
    • Encryption and Key Management
    • Governance and Risk Management
    • Human Resources
    • Identity and Access Management
    • Infrastructure and Virtualization Security
    • Interoperability and Portability
    • Mobile Security
    • Security Incident Management, E-Discovery, and Cloud Forensics
    • Supply Chain Management, Transparency and Accountability
    • Threat and Vulnerability Management



    ------------------------------
    Todd Edison
    Chapter Relations Manager
    Cloud Security Alliance
    Bellingham WA
    ------------------------------