Cloud Control Matrix (CCM) – Foundation

This training course is designed to provide training for CSA’s Cloud Controls Matrix (CCM), which is a part of CSA’s GRC Stack toolkit. The course will also provide an introduction to the Consensus Assessments Initiative Questionnaire (CAIQ) and CSA Security, Trust & Assurance Registry (STAR).

Course curriculum will center on:

  • Introduction to Cloud
  • Introduction & Purpose of Cloud Controls Matrix
  • Cloud Controls Matrix Structure
  • Cloud Controls Matrix Domains
  • Intro to CAIQ and STAR, the Future, Summary

Trainer: Jon-Michael C. Brook
Max participants: 30
Cost: $599 (full conference attendee)
/ $699 (Expo attendee)


Upon completion of this training, the attendee should be able to use the CCM and CAIQ to be able to:

For a cloud vendor:

  • Comply with fundamental cloud security principles and requirements included in relevant security standards and legislations
  • Assess the security posture
  • Compare yourself with competitors and industry benchmark

For a cloud customer or cloud auditor:

  • Assess the overall level of security offered by cloud provider
  • Build the necessary assessment processes for engaging with cloud providers
  • Leverage the mapping with other industry-accepted security standards, regulations, and controls frameworks (such as ISACA COBIT, FERPA, AICPA, ISO/IEC 27001/27002, NIST, Jericho Forum, NERC CIP, PCI DSS and the CSA Guidance document) to reduce audit complexity
  • Normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud

This session is recommended for:

  • Enterprise Security Admins
  • Software Developers
  • Pen Testers
  • Information Security Students

There are no details regarding additional Attendee requirements at this time.

Meet Your Trainer

Jon-Michael C. Brook

Jon-Michael C. Brook is a certified, 22-year practitioner of Cybersecurity, cloud and privacy. He is the principal contributor to certification sites for privacy and cloud security, and published books on privacy. He received numerous awards and recognitions during his time with Raytheon, Northrop Grumman and Symantec, and holds patents and trade secrets in intrusion detection, GUI design and semantic data redaction. Brook is recognized as a Research Fellow with the Cloud Security Alliance, and currently co-chairs the CSA’s Top Threats to Cloud Security Working Group. He previously co-chaired the Cloud Broker working group and contributed to several CSA publications including the Enterprise Architecture. He is a certified trainer for the CSA’s Certificate of Cloud Security Knowledge (CCSK), teaching the CCSK+ training at Black Hat conferences. Brook co-developed training for the Cloud Controls Matrix (CCM), the cloud security standard and internationally-accepted GRC framework.