SlideShare a Scribd company logo
How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue
SCF Founder & SureCloud’s VP of Product
26th January 2021
Speakers
Tom Cornelius: SCF’s Founder & Contributor
Alex Brown: SureCloud's VP of Product
*Secure Controls Framework (SCF)
Compliance programs…
Regulations Laws Standards
Policies Requirements Rules
…come from a
number of angles
Compliance programs…
Regulations
Laws
Standards
Policies Requirements
Rules
…overlap and pull in
different directions
Compliance programs…
Regulations
Laws
Standards
Policies
Requirements
Rules
Compliance
…how do you bring
them together?
• Align Regulations and Standards?
Identify and align multiple overlapping
requirements and obligations
• Reduce Compliance burden?
Remove silos, consolidate programs,
become more proactive
Using SureCloud with the Secure Controls Framework helps to…
…identify and resolve overlapping requirements
• SCF metaframework control content
• Pre-mapped across 110+ regulations and standards
Using SureCloud with the Secure Controls Framework helps to…
…reduce the compliance burden
• SureCloud solution to operationalize, consolidate and oversee
multiple compliance programs
• SCF built-in maturity model; help to build minimum
requirements
DEMO
Is the Secure Controls Framework (SCF) – the right choice for you?
How might I adopt a metaframework if I already use an internal
framework?
Practical steps to implement a metaframework into your existing
program
1
2
3
4
5
6
7
Develop a vision, mission and strategy for your organization
Adopt appropriate cybersecurity and privacy principles
Develop policies, standards and procedures
Identify a target maturity state
Implement appropriate controls
Use controls to assess risk and maturity
Metricize control execution
Carry on your education and get in touch!
www.securecontrolsframework.com
www.surecloud.com
learnmore@surecloud.com
- @SureCloud
Alex Brown
Tom Cornelius

More Related Content

Similar to How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue

The Journey to Mainframe DevOps
The Journey to Mainframe DevOpsThe Journey to Mainframe DevOps
The Journey to Mainframe DevOps
Micro Focus
 
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
Turja Narayan Chaudhuri
 
Adopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceAdopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with Confidence
Kevin Hakanson
 
Salesforce DevOps Streamlining Development Processes.pdf
Salesforce DevOps Streamlining Development Processes.pdfSalesforce DevOps Streamlining Development Processes.pdf
Salesforce DevOps Streamlining Development Processes.pdf
TechForce Services
 
8 Ways to Boost Your DevOps Efforts
8 Ways to Boost Your DevOps Efforts8 Ways to Boost Your DevOps Efforts
8 Ways to Boost Your DevOps Efforts
Lucy Zeniffer
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
Ulf Mattsson
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
Michele Chubirka
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organization
AlgoSec
 
Devops
DevopsDevops
DevOps Implementation Roadmap
DevOps Implementation RoadmapDevOps Implementation Roadmap
DevOps Implementation Roadmap
SofiaCarter4
 
Best DevOps course Online & Classroom Training Naresh-IT
Best DevOps course Online & Classroom Training Naresh-ITBest DevOps course Online & Classroom Training Naresh-IT
Best DevOps course Online & Classroom Training Naresh-IT
manoharjgpsolutions
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
Puppet
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Amazon Web Services
 
Question 11.1 You are working on a DevOps project that involves .pdf
Question 11.1 You are working on a DevOps project that involves .pdfQuestion 11.1 You are working on a DevOps project that involves .pdf
Question 11.1 You are working on a DevOps project that involves .pdf
farhanafurniture
 
6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your Business6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your Business
Skillmine Technology Consulting
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cycle
vulsec123
 
DevOps Presentation.pptx
DevOps Presentation.pptxDevOps Presentation.pptx
DevOps Presentation.pptx
Abdullah al Mamun
 
Ensuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityEnsuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps Security
Dev Software
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
Denim Group
 
sdlc- introduction.pptx
sdlc- introduction.pptxsdlc- introduction.pptx
sdlc- introduction.pptx
BhavsarAnsh
 

Similar to How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue (20)

The Journey to Mainframe DevOps
The Journey to Mainframe DevOpsThe Journey to Mainframe DevOps
The Journey to Mainframe DevOps
 
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
 
Adopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceAdopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with Confidence
 
Salesforce DevOps Streamlining Development Processes.pdf
Salesforce DevOps Streamlining Development Processes.pdfSalesforce DevOps Streamlining Development Processes.pdf
Salesforce DevOps Streamlining Development Processes.pdf
 
8 Ways to Boost Your DevOps Efforts
8 Ways to Boost Your DevOps Efforts8 Ways to Boost Your DevOps Efforts
8 Ways to Boost Your DevOps Efforts
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organization
 
Devops
DevopsDevops
Devops
 
DevOps Implementation Roadmap
DevOps Implementation RoadmapDevOps Implementation Roadmap
DevOps Implementation Roadmap
 
Best DevOps course Online & Classroom Training Naresh-IT
Best DevOps course Online & Classroom Training Naresh-ITBest DevOps course Online & Classroom Training Naresh-IT
Best DevOps course Online & Classroom Training Naresh-IT
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
 
Question 11.1 You are working on a DevOps project that involves .pdf
Question 11.1 You are working on a DevOps project that involves .pdfQuestion 11.1 You are working on a DevOps project that involves .pdf
Question 11.1 You are working on a DevOps project that involves .pdf
 
6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your Business6 Resons To Implememnt DevOps In Your Business
6 Resons To Implememnt DevOps In Your Business
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cycle
 
DevOps Presentation.pptx
DevOps Presentation.pptxDevOps Presentation.pptx
DevOps Presentation.pptx
 
Ensuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityEnsuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps Security
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
 
sdlc- introduction.pptx
sdlc- introduction.pptxsdlc- introduction.pptx
sdlc- introduction.pptx
 

Recently uploaded

Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 

Recently uploaded (20)

Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 

How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue

  • 1. How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue SCF Founder & SureCloud’s VP of Product 26th January 2021
  • 2. Speakers Tom Cornelius: SCF’s Founder & Contributor Alex Brown: SureCloud's VP of Product *Secure Controls Framework (SCF)
  • 3. Compliance programs… Regulations Laws Standards Policies Requirements Rules …come from a number of angles
  • 6. • Align Regulations and Standards? Identify and align multiple overlapping requirements and obligations • Reduce Compliance burden? Remove silos, consolidate programs, become more proactive
  • 7. Using SureCloud with the Secure Controls Framework helps to… …identify and resolve overlapping requirements • SCF metaframework control content • Pre-mapped across 110+ regulations and standards
  • 8. Using SureCloud with the Secure Controls Framework helps to… …reduce the compliance burden • SureCloud solution to operationalize, consolidate and oversee multiple compliance programs • SCF built-in maturity model; help to build minimum requirements
  • 10. Is the Secure Controls Framework (SCF) – the right choice for you? How might I adopt a metaframework if I already use an internal framework?
  • 11. Practical steps to implement a metaframework into your existing program 1 2 3 4 5 6 7 Develop a vision, mission and strategy for your organization Adopt appropriate cybersecurity and privacy principles Develop policies, standards and procedures Identify a target maturity state Implement appropriate controls Use controls to assess risk and maturity Metricize control execution
  • 12. Carry on your education and get in touch! www.securecontrolsframework.com www.surecloud.com learnmore@surecloud.com - @SureCloud Alex Brown Tom Cornelius

Editor's Notes

  1. Tom: Tom Cornelius currently serves as both the Senior Partner at ComplianceForge and Senior Director at the Secure Controls Framework (SCF) Council. The SCF was founded as a way to provide a free cybersecurity and privacy metaframework that businesses can use to help become both secure and compliant. He believes in knowledge being half the battle for organizations in grappling cybersecurity and data protection issues, where the SCF can be a crucial tool for an organization to clearly understand its necessary controls, based on its applicable statutory, regulatory and contractual obligations. Alex: Alex Brown oversees the definition and delivery of all SureCloud’s product solutions across both GRC and Cybersecurity. Alex previously held senior product management positions at US-based technology companies; Veritas Technologies and Symantec, where he helped bring numerous information management, software and SaaS, solutions to market across EMEA, the Americas and Asia Pacific.
  2. What are your biggest compliance headaches? Overlapping compliance requirements  Inconsistent documentation of controls Reporting on an organisational compliance status