TiE Cloud Event - Becky  Swain - Cloud Security Alliance (CSA)
Upcoming SlideShare
Loading in...5
×
 

TiE Cloud Event - Becky Swain - Cloud Security Alliance (CSA)

on

  • 709 views

Feb 2nd - TiE Cloud Event

Feb 2nd - TiE Cloud Event

Statistics

Views

Total Views
709
Views on SlideShare
709
Embed Views
0

Actions

Likes
1
Downloads
12
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • National Institute of Standards and Technology (NIST) – Promotes the effective and secure use of the technology within the U.S. Federal Government, and, therefore, leading a number of efforts to develop cloud standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders.Standards Acceleration to Jumpstart the adoption of Cloud Computing (SAJACC)Strategy to build a US Government (USG) Cloud Computing Technology RoadmapSecurity Assessment & Authorization for U.S. Government Cloud Computing (FedRAMP) – Based on NIST SP 800-37 R1 and SP800-53 as a proposed Assessment and Authorization (A&A) for U.S. Government Cloud ComputingChapter 1: Cloud Computing Security Requirement Baseline (SP 800-53)Chapter 2: Continuous MonitoringChapter 3: Potential Assessment & Authorization Approach (SP 800-37R1)
  • ISO/IEC JTC 1 is Joint Technical Committee 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) with a mandate to develop, maintain, promote and facilitate IT standards required by global markets meeting business and user requirements concerning:the design and development of IT systems and toolsthe performance and quality of IT products and systemsthe security of IT systems and informationthe portability of application programsthe interoperability of IT products and systemsthe unified tools and environmentsthe harmonized IT vocabulary, andthe user-friendly and ergonomically-designed user interfacesWork is conducted by subcommittees (SC) dealing with a particular field and SCs may be comprised of several working groups (WGs).ITU TelecommunicationStandardizationSector (ITU-T) – 1 of 3 sectors (divisions or units) of the International Telecommunication Union (ITU) that coordinates standards for telecommunications.Mission is to ensure the efficient and timely production of standards covering all fields of telecommunications on a worldwide basis, as well as defining tariff and accounting principles for international telecommunication services, and as part of the ITU (UN specialized agency), its standards carry formal international weight.In addition to the ITU-T Recommendations, which have non-mandatory status until they are adopted in national laws, ITU-T is also the custodian of a binding international treaty, the International Telecommunication Regulations (ITRs).The technical work, the development of Recommendations, of ITU-T is managed by Study Groups (SGs).
  • ITU TelecommunicationStandardizationSector (ITU-T) – 1 of 3 sectors (divisions or units) of the International Telecommunication Union (ITU) that coordinates standards for telecommunications.Mission is to ensure the efficient and timely production of standards covering all fields of telecommunications on a worldwide basis, as well as defining tariff and accounting principles for international telecommunication services, and as part of the ITU (UN specialized agency), its standards carry formal international weight.In addition to the ITU-T Recommendations, which have non-mandatory status until they are adopted in national laws, ITU-T is also the custodian of a binding international treaty, the International Telecommunication Regulations (ITRs).The technical work, the development of Recommendations, of ITU-T is managed by Study Groups (SGs).

TiE Cloud Event - Becky  Swain - Cloud Security Alliance (CSA) TiE Cloud Event - Becky Swain - Cloud Security Alliance (CSA) Presentation Transcript

  • CSA’s Leading Role in the Development of Emerging Cloud Security Standards Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • About Us• Global, not-for-profit, 501(c)6 organization• Over 29,000 individual members, 120 corporate members, 60 chapters• Building best practices and a trusted cloud ecosystem• Agile philosophy, rapid development of applied research • Balance compliance with risk management • Reference models: build using existing standards • Identity: a key foundation of a functioning cloud economy • Champion interoperability • Enable innovation • Advocacy of prudent public policy• Launching Innovation Initiative at RSA 2012 Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • Tools CSA Provides Today• Assessment• User Certifications• Best Practices• Provider Assessments• Procurement• Standards Creations Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • SAJACC USG FedRAMP • Chapter 1 – Security Requirements (SP 800-53 R3 ++) • Chapter 2 – Continuous Monitoring • Chapter 3 – Assessment & Authorization (SP 800-37 R1) SCAP & XCCDF Publications: • SP 800-144 (Security & Privacy Guidelines) • SP 800-145 (Definition) • SP 800-146 DRAFT (Synopsis & Recommendations)Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • JTC 1/SC 27  Cloud Security & Privacy Joint WG • WG 1 – 27017 (Controls) • WG 4 – NWIP 27036-5 (Supplier Risk Requirements) • WG 5 – NWIP 27xxxx (Data Protection Guidelines for Public Cloud) JTC 1/SC 38  Cloud Computing Study Group (SGCC)  WG3 • cloud-o-0079 (Ecosystem) • cloud-o-0080 (Reference Architecture) • cloud-o-0081 (Infrastructure) • cloud-o-0082 (Resource Management) • cloud-o-0083 (Security) • cloud-o-0084 (SDO Overview) • cloud-o-0085 (Benefits)Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • Focus Group on Cloud Computing (FG Cloud) • WG 1 (Benefits & Requirements) • WG 2 (SDO Gap Analysis & Roadmap) SG 13  Cloud SG 17  Telecom Security • X.ccsec (Security Guidelines) • X.srfcts (Security Requirements & Framework) • X.sfcse (Security Functional Requirements for SaaS)Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • Help Us Secure Cloud Computing • www.cloudsecurityalliance.org • info@cloudsecurityalliance.org • LinkedIn: www.linkedin.com/groups?gid=1864210 • Twitter: @cloudsa Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org