CSA Research by CSA Norway Chapter
Mange spør seg hvordan gjennomføre risikovurderinger og ivareta kontroll med skyleverandører i en modell med delt ansvar. CSA Norway Chapter har oppdatert mapping av CCM v4 (Cloud Controls Matrix) mot kravene i Norm for informasjonssikkerhet og personvern i helse- og omsorgssektoren (Normen). Ved å benytte CCM-rammeverket blir det enklere for kunder og leverandører å snakke samme språk når sikkerheten i en skyløsning skal vurderes.
Du kan laste ned excel ark her:
CSA-mapping-mot-Normens-krav.xlsxCSA har utarbeidet en kryssreferanse som viser hvilke kapitler i Normen som omhandler de ulike kontrollområdene i CCM versjon 4.0.3. Kryssreferansen gir oversikt over hvilke deler av Normen som kan innebære at det må stilles konkrete krav til sikkerhet i en skyleveranse. Normen versjon 6.0 inneholder et vedlegg med 294 krav med referanser til blant annet ISO27001 og lovhjemler. CSA sin mapping angir hvilke ulike kontroller fra CCM som anses relevante for at skybaserte tjenester skal tilfredsstille kravene i Normen. Control ID korresponderer også med CAIQ (Consensus Assessments Initiative Questionnaire v4.0.2) hvor hver Control ID er brutt ned i ett eller flere spørsmål som kan besvares med ja, nei eller ikke relevant.
Flere skyleverandører har publisert sin cloud security self assessment eller attestation og disse kan lastes ned fra CSA sine websider:
https://cloudsecurityalliance.org/star/registry/amazonhttps://cloudsecurityalliance.org/star/registry/microsoft/https://cloudsecurityalliance.org/star/registry/google
CSA Research Artifact Library Access
Over the last 11 years, we have developed an extensive library of over 400 artifacts that speak to many different topics in cloud security. Accessing and downloading research has just become easier through our Research Artifacts Publications Library. Below are a few must-read artifacts:
Engaging CSA Research
https://cloudsecurityalliance.org/research/
As chapter members you have the opportunity to influence, leverage and participate in all aspects of CSA's Research Lifecycle by engaging our Working Groups, Open Peer Reviews, Surveys. You also have access to over 200 previously recorded CloudBytes webinars, which are a great way to stay educated on the latest trends in cloud security and earn CPE credits.
When in Doubt - Join a CSA Working Group!
https://cloudsecurityalliance.org/research/working-groups/
Above is the link to our active working groups spanning many different domains of cloud security. Simply click the working group microsite and you'll have access to the working group description, charter, latest artifact releases and upcoming meetings. By joining a working group you'll have intimate access to the latest technical documents in development, invited to working group calls and opportunities to collaborate with SME's. To get started with joining a working group, you will need to create a profile on our community platform Circle.
Circle - Your gateway to CSA resources, discussions and working groups!
https://circle.cloudsecurityalliance.org/home
Once you've signed up a Circle profile, please make sure to join your Chapter community. Below are a few steps to follow:
- Click on'Sign In' at the top, and sign in using your preferred mode (Google, LinkedIn, Microsoft, email).
- Once you're in, you can click on 'Communities', then 'All Communities'.
- Look for the group of your choice on the list and click 'Join'.