Claim Ownership

Author:

Subscribed: 0Played: 0
Share

Description

 Episodes
Reverse
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles,AT 101) and the CSA Cloud Controls Matrix.Requirements for the cloud can be quite different than non-cloud environments, so a generic approach to security compliance is not a viable solution for providing evidence of assurance in the cloud.Unique considerations must be given to:• Understanding the scope of the cloud computing environment.• Do the current security controls cover the unique aspects of the cloud environment?• Can the current risk assessment capture the risks correctly?• Audit trails that prove the effectivenessJoin me as I interview one of two Principles from Schellman, Ryan Mackie and Gary Nelson as they take you on a journey down the road to Cloud Attestation and provide details of the audit,  advice on implementation and the value proposition. 
As we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. - How  can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design)- Urgency for daily scans- How the CCM and STAR Program can facilitate reducing risk and understanding the Shared Responsibility Model.- What to expect in 2022 (more supply chain attacks expected)Get the answers to all these topics and more as we interview Farshad Abasi, Founder and Chief Security Officer of Forward Security. In this episode, we discuss software design and development, network and system architecture and cybersecurity, management. 
STAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud security requirements on CSPs. The CSA Cloud Controls Matrix (CCM) is the de-facto standard for cloud security assurance and compliance, widely used in assessing cloud security performance of cloud implementations.Ribose Achieved the world’s first STAR Certification with CSA Cloud Controls Matrix v4 that was released in January 2021. Recorded live from Hong Kong, Ronald Tse; CEO and founder of RIBOSE, takes us through their journey with STAR over the years and discusses the value, ROI and future of STAR and the work being done to increase the value of the auditing and compliance landscape.
As the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes can help company's succeed.CSA is dedicated to keep our followers up-to-date on these changes and how they may affect the users and provide guidance and information on what can be expected moving forward as well as what organizations should be concerned about as well as tips on preparing for these changes.Listen as we interview Ryan Mackie of Schellman and Eric Hibbard of Samsung, both members of SC27 and discuss the most critical changes already released as well as those yet to come and what organizations can expect as well as what you should be thinking about.
In order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respond to attacks. But IT organizations often struggle to understand the priorities and the appropriate approach to mitigate risk and minimize the impact of ransomware. With more tools and software, organizations many times throw money at technology solutions and do not address people and processes not to mention sector-specific controls to help detect, prevent, respond to ransomware not to mention other malware attacks.Listen as we discuss the subject and solutions with Greg Edwards; CEO of CryptoStopper.In this episode we get into:Practical steps to defend against RansomewareThe importance of implementing sector-specific controls as there is no "Onesize fits all solution".The powerful impact you can have by including all of People, Process and Technology
Cloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging.  With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procurement process can be a daunting task for clients since each cloud service provider shows its security methods unique ways, making comparisons between sellers time-consuming. CSA facilitates this process. "We take security very seriously, focusing on protecting our customers and ourselves. In a constantly shifting landscape, we map out security threats and risks to plan current and future dangers. As the next step in our security journey, we’ve joined the Cloud Security Alliance (CSA), where we will be actively participating in an organization that raises awareness for cloud security best practices globally. With our membership, we will help and participate in cloud security-specific research, education, certification, events, and products". ~Nick Murison; Ardoq~ Listen as we interview Nick Murison; CISO of Adoq and explore yet another case of how organizations are utilizing the STAR program and associated tools to help them improve their security posture meet compliance requirements and decrease risk and complexity.
Through a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance schemes, and has observed that many security requirements and control objectives in different standards are largely overlapping.As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of duplicated work that unduly increases costs and complexity.The idea behind the MPRF is not to create yet another cloud certification or auditing architecture. Instead, it aims to provide a unified method of systematic and consistent activities with the goal of minimizing the burden and complexity of compliance and obtaining certification.CSA partners with organizations like the Center for Internet Security (CIS) and The Cyber Risk Institute as well as our approved Assessment Firms to work together to build a process that eliminates redundancy, complexity, reduces cost and facilitates lower risk all the while building a culture of resiliency.Join us as we interview representatives from CIS, CRI and Shellman and discuss this State of the art in cloud service monitoring and certification.
Saxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation.This milestone in the bank’s technology aspirations means Saxo Bank qualifies for and adheres to the highest and most comprehensive principles in terms of transparency, privacy, security and harmonization of standards across its IT systems, services and infrastructure that supports the business and different client segments from back-office systems to open APIs. The CSA STAR Level 2 attestation is verified and validated by a third-party auditor.The admission to the CSA and STAR Level 2 attestation demonstrates Saxo’s commitment to holistic security and is set to further accelerate the bank’s growth as a capital markets solutions provider for partners looking to run their investment infrastructure as a Service.Listen as we interview Mads Hasling; Group CISO at Saxo Bank and he takes us on the journey to STAR Attestation from implementation, to successful attestation to looking at and measuring the ROI.
The  mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-Suite.Join us as we interview Illena Armstrong;  President of CSA and discuss the details about the CSA CxO as well as what are the biggest challenges for the "C-Suite" in today's environment, how the CxO initiative will help mitigate risk and some tips on how to engage with high-ranking officers of a company.
"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environments rapidly change. Security teams are stretched thin trying to continuously map the desired business outcomes to disparate product configurations in these environments"."What we lack as an industry is a cohesive and a high-level approach to enabling security teams to deliver cybersecurity outcomes. A different approach to security is needed".~Vishwas Manral, Forbes Councils Member~Join us as we interview Vishwas Manral Forbes Councils Member, founder and CEO at NanoSec (acquired by McAfee) and chief cloud architect of cloud security at McAfee as well as co-chair of the Cloud Security Alliance, Silicon Valley. We discuss a more powerful common sense approach to laying the ground work for a more robust cybersecurity posture that will ensure organizations are more resilient by using the core business requirements as the input. 
The Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The CCM is considered the de-facto standard for cloud security and privacy.Listen as we interview Harry Lu; The current Co-Chair of the Cloud Security Alliance Cloud Control Matrix Working Group and discuss the CCM, the advantages it brings to organizations, how it mitigates risk, the benefits, and how it facilitates the reduction of complexity in a business, plus an insight into the just-released CCM V4 and the future of the CCM.
The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks, and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publicly available to all clients.Join us as we interview Chris Dixon; Governance, Risk & Compliance Manager at TokenEx  and listen as he takes us on their journey utilizing the CCM and STAR including What problems does it solve or how did it help mitigate risk?How has using the CCM helped Tokenex reach some of its security targets?What are the major benefits?
As organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that enables third party audit review to give security teams the support and trust they require to enable this move to the cloud.Listen as we interview Ashwin Chaudhary Director and CEO of Accedere group and discuss STAR Attestation, the advantages of SOC2 plus CCM, and the business value it brings to organizations.
As a cloud service provider (CSP) customer engagement is crucial. It impacts customer loyalty, which directly impacts the bottom line. The potential cost of incompetent customer engagement should be concerning to CSPs.The lines between cloud providers and cloud consumers keep getting fuzzier every day. What are the main challenges of cloud computing that users face?What is the growing paradigm shift in what users will expect from CSP’s moving forward as a minimum requirement? What are the top 3 or 4 risks of cloud computing they should be aware of on their end?Get answers to these questions and more as we interview Jennifer "Jen" Chermoshnyuk; Security and Trust Engineer for GitHub and shed some light on this critical subject matter. 
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix.1. What is CSA STAR & SOC2? What is CSA STAR & SOC2? 2. What are the prevalent business drivers which lead to the necessity of obtaining a CSA STAR & SOC2 attestation?3. Why should my business plan for a CSA STAR & SOC2 rather than react to the demand for the attestation?Join us as we interview Audrey Katcher; partner of RubinBrown’s Business Advisory Services Group, overseeing the group’s Information Technology Risk Services. She also serves as the Open Certification Framework Working group liaison for AICPA and made a significant contribution to the STAR Attestation guidelines.Listen as Audrey answers these questions and more regarding STAR Attestation and the assessment process.    
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.Listen as we interview Larry Greenblatt, Information Security Specialist at QAD as he takes us through his journey to CSA STAR Certification from business case to implementation to through the audit process as well as discussing the ROI and the importance the maturity evaluation and how this has facilitated improving their business overall.
IoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges – presenting a huge opportunity but risk as well. With SMART Cites and SMART Nations emerging, a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world’s 9 billion people will be city-dwellers by 2050, it’s vital we ensure cities provide a safe and pleasant environment that is sustainable and resilient to change. Listen as we interview David Mudd, Global Digital and Connected Product Certification Director with BSI Group and discuss these pressing issues as well as how IoT can make a positive impact on the environment and the business community in general as well as how CSA is working with industry through the development of the CSA IoT Control Matrix.
Excerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers at the upcoming CSA Summit at RSA!
2019 was another great year for CSA and it sets the stage for an even greater year in 2020.Listen to this insightful interview with Jim Reavis; Co-Founder and CEO of the Cloud Security Alliance as he provides a look back at the accomplishments and milestones achieved in 2019 and provides a look into the journey we will be taking in 2020.If you're not already, it is a great starting point to get involved with CSA and it's massive cloud community.
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.Listen as we interview Willibert Fabritius; Global Head of Information Security and Business Continuity of BSI Group and take the journey with us down the road to Level 2 CSA STAR Certification including use cases on implementation and auditing best practices.
Comments 
Download from Google Play
Download from App Store