The intent of this session is to review the structure of the course that is designed to provide training for CSA's Cloud Controls Matrix (CCM) which is a part of CSA’s GRC Stack toolkit. The course will also provide an introduction to Consensus Assessments Initiative Questionnaire (CAIQ) and CSA STAR Program.
On completion of this training course, the learner will be able to:
(as a cloud vendor) assess the cloud security and comply with fundamental cloud security principles using CCM; assess the security posture using CAIQ
(as a cloud customer or auditor) assess the overall security risk of a cloud provider using the CCM; build the necessary assessment processes for engaging with cloud providers using CAIQ
implement the CCM controls framework which is divided into 16 domains that are cross-walked to other industry-accepted security standards, regulations, and controls frameworks (such as ISACA COBIT, FERPA, AICPA, ISO/IEC 27001/27002, NIST, Jericho Forum, NERC CIP, PCI DSS and the CSA Guidance document) to reduce audit complexity
normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud
strengthen information security control environments by delineating control guidance by the service provider and consumer, and by differentiating according to cloud model type and environment