This training course is designed to provide training for CSA’s Cloud Controls Matrix (CCM), which is a part of CSA’s GRC Stack toolkit. The course will also provide an introduction to the Consensus Assessments Initiative Questionnaire (CAIQ) and CSA Security, Trust & Assurance Registry (STAR).
Course curriculum will center on:
Introduction to Cloud
Introduction & Purpose of Cloud Controls Matrix
Cloud Controls Matrix Structure
Cloud Controls Matrix Domains
Intro to CAIQ and STAR, the Future, Summary
Trainer: Jon-Michael C. Brook Max participants: 30 Cost: $599 (full conference attendee)
/ $699 (Expo attendee)
KEY LEARNING OBJECTIVES
Upon completion of this training, the attendee should be able to use the CCM and CAIQ to be able to:
For a cloud vendor:
Comply with fundamental cloud security principles and requirements included in relevant security standards and legislations
Assess the security posture
Compare yourself with competitors and industry benchmark
For a cloud customer or cloud auditor:
Assess the overall level of security offered by cloud provider
Build the necessary assessment processes for engaging with cloud providers
Leverage the mapping with other industry-accepted security standards, regulations, and controls frameworks (such as ISACA COBIT, FERPA, AICPA, ISO/IEC 27001/27002, NIST, Jericho Forum, NERC CIP, PCI DSS and the CSA Guidance document) to reduce audit complexity
Normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud
This session is recommended for:
Enterprise Security Admins
Software Developers
Pen Testers
Information Security Students
There are no details regarding additional Attendee requirements at this time.
Meet Your Trainer
Jon-Michael C. Brook
Jon-Michael C. Brook is a certified, 22-year practitioner of Cybersecurity, cloud and privacy. He is the principal contributor to certification sites for privacy and cloud security, and published books on privacy. He received numerous awards and recognitions during his time with Raytheon, Northrop Grumman and Symantec, and holds patents and trade secrets in intrusion detection, GUI design and semantic data redaction. Brook is recognized as a Research Fellow with the Cloud Security Alliance, and currently co-chairs the CSA’s Top Threats to Cloud Security Working Group. He previously co-chaired the Cloud Broker working group and contributed to several CSA publications including the Enterprise Architecture. He is a certified trainer for the CSA’s Certificate of Cloud Security Knowledge (CCSK), teaching the CCSK+ training at Black Hat conferences. Brook co-developed training for the Cloud Controls Matrix (CCM), the cloud security standard and internationally-accepted GRC framework.