SlideShare a Scribd company logo

CSA STAR Webinar (FINAL).pdf

A
AmyPoblete3

CSA STAR Update

Internet
1 of 23
Download to read offline
WEBINAR: COMPLIANCE UPDATE: CSA STAR Presented by: Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance Ashish Kirtikar, President, UK & Europe, ControlCase
Agenda © ControlCase. All Rights Reserved. 2 A. Introduction to Speakers B. What is CSA STAR? C. CSA STAR Levels of Assessment D. CSA STAR Domains E. STAR Registry F. The Italian Mandate G. Q&A HITRUST Certification
A. © ControlCase. All Rights Reserved. 3 Introduction to our Speakers
Speakers © ControlCase. All Rights Reserved. 4 Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance Daniele is an information security and risk management practitioner, a technologies expert, and a privacy evangelist with 15+ years of experience. He is the co-founder and executive of the CSA Open Certification Framework / STAR Program. Ashish Kirtikar, ControlCase President, UK & Europe Ashish has 15+ years of experience and proficiency in information & network security, information risk management, cyber security, resilience, security architecture design, information security auditing, and governance within stipulated deadlines.
WHAT IS CSA STAR? B. © ControlCase. All Rights Reserved. 5
What is CSA STAR? © ControlCase. All Rights Reserved. 6 Founded in 2011, the CSA STAR stands for Security, Transparency, Assurance and Risk program. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Additionally, publishing to the CSA STAR Registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to.
Why the STAR Program © ControlCase. All Rights Reserved. 7 The cloud computing market is very heterogenous with common needs and issues: • How to define trust in the cloud? • How to foster accountability? • How to evaluate risk? • How to measure assurance? • How to simplify compliance and procurement? • The goal of the STAR Program is to support any organization to effectively and efficiently address those question
STAR Pillars and Ecosystems © ControlCase. All Rights Reserved. 8
CSA STAR LEVELS OF ASSESSMENT C. © ControlCase. All Rights Reserved. 9
CSA STAR Levels of Assessment © ControlCase. All Rights Reserved. 10 CSA STAR Level 1: Self-Assessment Organizations can submit one or both the security and privacy self-assessments. Organizations should pursue Level 1 if they are: • Operating in a low-risk environment. • Wanting to offer increased transparency around the security controls they have in place. • Looking for a cost-effective way to improve trust and transparency. CSA STAR Level 2: Third Party Audit Allows organizations to build off other industry certifications and standards to make them specific for the cloud. Organizations should pursue Level 2 if they are: • Operating in a medium-to-high risk environment • Already holding or adhering to the following: ISO27001, SOC 2 • Looking for a cost-effective way to increase assurance for cloud security and privacy.
STAR Certification Framework © ControlCase. All Rights Reserved. 11
CSA STAR DOMAINS D. © ControlCase. All Rights Reserved. 12
What are the CSA Star Domains? © ControlCase. All Rights Reserved. 13 1. Information Protection Program 2. Endpoint Protection 3. Portable Media Security 4. Mobile Device Security 5. Wireless Security 6. Configuration Management 7. Vulnerability Management 8. Network Protection 9. Transmission Protection 10. Password Management 11. Access Control 12. Audit Logging & Monitoring 13. Education, Training and Awareness 14. Third Party Assurance 15. Incident Management 16. Business Continuity & Disaster Recovery 17. Risk Management 18. Physical & Environmental Security 19. Data Protection & Privacy
What are the CCM Components? © ControlCase. All Rights Reserved. 14 1. Information Protection Program 2. Endpoint Protection 3. Portable Media Security 4. Mobile Device Security 5. Wireless Security 6. Configuration Management 7. Vulnerability Management 8. Network Protection 9. Transmission Protection 10. Password Management 11. Access Control 12. Audit Logging & Monitoring 13. Education, Training and Awareness 14. Third Party Assurance 15. Incident Management 16. Business Continuity & Disaster Recovery 17. Risk Management 18. Physical & Environmental Security 19. Data Protection & Privacy
THE STAR REGISTRY E. © ControlCase. All Rights Reserved. 15
STAR Registry © ControlCase. All Rights Reserved. 16 LAUNCHED IN 2011 CSA STAR is the first step in improving transparency and assurance in the cloud TRUSTED & AUTHORITATIVE Has the ambition to be the trusted and authoritative repository of Cloud-GCR related data PUBLICLY ACCESSIBLE & SEARCHABLE The Registry allows cloud customers to review the security and privacy controls provided by cloud computing offerings KNOW CLOUD SERVICE PROVIDER’S POSTURE Helps users to assess the security AND PRIVACY posture of providers BASED ON CSA STANDARDS AND BEST PRACTICES FILE MANAGEMENT Suitable for all categories business and personal presentation SECURITY TRUST ASSURANCE RISK REGISTRY
STAR Registry © ControlCase. All Rights Reserved. 17 SECURITY TRUST ASSURANCE RISK REGISTRY
THE ITALIAN MANDATE F. © ControlCase. All Rights Reserved. 18
The Italian Mandate © ControlCase. All Rights Reserved. 19 Italy has taken a step forward in recognizing the importance of cloud security by making it clear that they’re adopting the Cloud Controls Matrix and STAR Program as key pillars within their framework for defining security requirements for cloud services offered for public administration.
The Italian Mandate Overview © ControlCase. All Rights Reserved. 20 The Italian Agency for National Cybersecurity (ACN) recently reaffirmed the key role of the CCM and the STAR Program as part of the definition of security requirements for cloud services offered for public administration and their certification. In 2022, the Italian Government published a tender for the creation of a National Cloud via Public-Private Partnership, mandating compliance with CSA STAR Level 2.
The Italian Mandate Overview The new minimum-security requirements, communicated by the ACN, apply to data classified into 3 levels of importance: © ControlCase. All Rights Reserved. 21 Ordinary Critical Strategic
Q & A G. © ControlCase. All Rights Reserved. 22
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com

Recommended

Transformationplus Cyber Security Offering v10
Transformationplus Cyber Security Offering v10Transformationplus Cyber Security Offering v10
Transformationplus Cyber Security Offering v10Prabir Saha
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingCloudSecurityAllianceAustralia
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
John Godwin's Presentation at Digital Leaders Conference 2015
John Godwin's Presentation at Digital Leaders Conference 2015John Godwin's Presentation at Digital Leaders Conference 2015
John Godwin's Presentation at Digital Leaders Conference 2015Digital Leaders
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 

Recommended

Transformationplus Cyber Security Offering v10
Transformationplus Cyber Security Offering v10Transformationplus Cyber Security Offering v10
Transformationplus Cyber Security Offering v10Prabir Saha
 
Global Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingGlobal Mandate to Secure Cloud Computing
Global Mandate to Secure Cloud ComputingCloudSecurityAllianceAustralia
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
John Godwin's Presentation at Digital Leaders Conference 2015
John Godwin's Presentation at Digital Leaders Conference 2015John Godwin's Presentation at Digital Leaders Conference 2015
John Godwin's Presentation at Digital Leaders Conference 2015Digital Leaders
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossCloudSecurityAllianceAustralia
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCloudSecurityAllianceAustralia
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA AnnouncementsCSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA AnnouncementsPhil Agcaoili
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015Ray Bugg
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA AustraliaCloudSecurityAllianceAustralia
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Elastic Cloud keynote
Elastic Cloud keynoteElastic Cloud keynote
Elastic Cloud keynoteElasticsearch
 
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Amazon Web Services
 
Checklist for Competent Cloud Security Management
Checklist for Competent Cloud Security ManagementChecklist for Competent Cloud Security Management
Checklist for Competent Cloud Security ManagementCloud Credential Council
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Jason Mashak
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdfEng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElasticsearch
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 

More Related Content

Similar to CSA STAR Webinar (FINAL).pdf

Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA AnnouncementsCSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA AnnouncementsPhil Agcaoili
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015Ray Bugg
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01promediakw
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Elastic Cloud keynote
Elastic Cloud keynoteElastic Cloud keynote
Elastic Cloud keynoteElasticsearch
 
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Amazon Web Services
 
Checklist for Competent Cloud Security Management
Checklist for Competent Cloud Security ManagementChecklist for Competent Cloud Security Management
Checklist for Competent Cloud Security ManagementCloud Credential Council
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Jason Mashak
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElasticsearch
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 

Similar to CSA STAR Webinar (FINAL).pdf (20)

Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA AnnouncementsCSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Elastic Cloud keynote
Elastic Cloud keynoteElastic Cloud keynote
Elastic Cloud keynote
 
Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both Cloud-Based Innovation and Information Security - Choose Both
Cloud-Based Innovation and Information Security - Choose Both
 
Checklist for Competent Cloud Security Management
Checklist for Competent Cloud Security ManagementChecklist for Competent Cloud Security Management
Checklist for Competent Cloud Security Management
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber Attacks
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!
 
7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf
 
Elastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factoryElastic, DevSecOps, and the DOD software factory
Elastic, DevSecOps, and the DOD software factory
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 

Recently uploaded

Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

CSA STAR Webinar (FINAL).pdf

  • 1. WEBINAR: COMPLIANCE UPDATE: CSA STAR Presented by: Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance Ashish Kirtikar, President, UK & Europe, ControlCase
  • 2. Agenda © ControlCase. All Rights Reserved. 2 A. Introduction to Speakers B. What is CSA STAR? C. CSA STAR Levels of Assessment D. CSA STAR Domains E. STAR Registry F. The Italian Mandate G. Q&A HITRUST Certification
  • 3. A. © ControlCase. All Rights Reserved. 3 Introduction to our Speakers
  • 4. Speakers © ControlCase. All Rights Reserved. 4 Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance Daniele is an information security and risk management practitioner, a technologies expert, and a privacy evangelist with 15+ years of experience. He is the co-founder and executive of the CSA Open Certification Framework / STAR Program. Ashish Kirtikar, ControlCase President, UK & Europe Ashish has 15+ years of experience and proficiency in information & network security, information risk management, cyber security, resilience, security architecture design, information security auditing, and governance within stipulated deadlines.
  • 5. WHAT IS CSA STAR? B. © ControlCase. All Rights Reserved. 5
  • 6. What is CSA STAR? © ControlCase. All Rights Reserved. 6 Founded in 2011, the CSA STAR stands for Security, Transparency, Assurance and Risk program. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Additionally, publishing to the CSA STAR Registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to.
  • 7. Why the STAR Program © ControlCase. All Rights Reserved. 7 The cloud computing market is very heterogenous with common needs and issues: • How to define trust in the cloud? • How to foster accountability? • How to evaluate risk? • How to measure assurance? • How to simplify compliance and procurement? • The goal of the STAR Program is to support any organization to effectively and efficiently address those question
  • 8. STAR Pillars and Ecosystems © ControlCase. All Rights Reserved. 8
  • 9. CSA STAR LEVELS OF ASSESSMENT C. © ControlCase. All Rights Reserved. 9
  • 10. CSA STAR Levels of Assessment © ControlCase. All Rights Reserved. 10 CSA STAR Level 1: Self-Assessment Organizations can submit one or both the security and privacy self-assessments. Organizations should pursue Level 1 if they are: • Operating in a low-risk environment. • Wanting to offer increased transparency around the security controls they have in place. • Looking for a cost-effective way to improve trust and transparency. CSA STAR Level 2: Third Party Audit Allows organizations to build off other industry certifications and standards to make them specific for the cloud. Organizations should pursue Level 2 if they are: • Operating in a medium-to-high risk environment • Already holding or adhering to the following: ISO27001, SOC 2 • Looking for a cost-effective way to increase assurance for cloud security and privacy.
  • 11. STAR Certification Framework © ControlCase. All Rights Reserved. 11
  • 12. CSA STAR DOMAINS D. © ControlCase. All Rights Reserved. 12
  • 13. What are the CSA Star Domains? © ControlCase. All Rights Reserved. 13 1. Information Protection Program 2. Endpoint Protection 3. Portable Media Security 4. Mobile Device Security 5. Wireless Security 6. Configuration Management 7. Vulnerability Management 8. Network Protection 9. Transmission Protection 10. Password Management 11. Access Control 12. Audit Logging & Monitoring 13. Education, Training and Awareness 14. Third Party Assurance 15. Incident Management 16. Business Continuity & Disaster Recovery 17. Risk Management 18. Physical & Environmental Security 19. Data Protection & Privacy
  • 14. What are the CCM Components? © ControlCase. All Rights Reserved. 14 1. Information Protection Program 2. Endpoint Protection 3. Portable Media Security 4. Mobile Device Security 5. Wireless Security 6. Configuration Management 7. Vulnerability Management 8. Network Protection 9. Transmission Protection 10. Password Management 11. Access Control 12. Audit Logging & Monitoring 13. Education, Training and Awareness 14. Third Party Assurance 15. Incident Management 16. Business Continuity & Disaster Recovery 17. Risk Management 18. Physical & Environmental Security 19. Data Protection & Privacy
  • 15. THE STAR REGISTRY E. © ControlCase. All Rights Reserved. 15
  • 16. STAR Registry © ControlCase. All Rights Reserved. 16 LAUNCHED IN 2011 CSA STAR is the first step in improving transparency and assurance in the cloud TRUSTED & AUTHORITATIVE Has the ambition to be the trusted and authoritative repository of Cloud-GCR related data PUBLICLY ACCESSIBLE & SEARCHABLE The Registry allows cloud customers to review the security and privacy controls provided by cloud computing offerings KNOW CLOUD SERVICE PROVIDER’S POSTURE Helps users to assess the security AND PRIVACY posture of providers BASED ON CSA STANDARDS AND BEST PRACTICES FILE MANAGEMENT Suitable for all categories business and personal presentation SECURITY TRUST ASSURANCE RISK REGISTRY
  • 17. STAR Registry © ControlCase. All Rights Reserved. 17 SECURITY TRUST ASSURANCE RISK REGISTRY
  • 18. THE ITALIAN MANDATE F. © ControlCase. All Rights Reserved. 18
  • 19. The Italian Mandate © ControlCase. All Rights Reserved. 19 Italy has taken a step forward in recognizing the importance of cloud security by making it clear that they’re adopting the Cloud Controls Matrix and STAR Program as key pillars within their framework for defining security requirements for cloud services offered for public administration.
  • 20. The Italian Mandate Overview © ControlCase. All Rights Reserved. 20 The Italian Agency for National Cybersecurity (ACN) recently reaffirmed the key role of the CCM and the STAR Program as part of the definition of security requirements for cloud services offered for public administration and their certification. In 2022, the Italian Government published a tender for the creation of a National Cloud via Public-Private Partnership, mandating compliance with CSA STAR Level 2.
  • 21. The Italian Mandate Overview The new minimum-security requirements, communicated by the ACN, apply to data classified into 3 levels of importance: © ControlCase. All Rights Reserved. 21 Ordinary Critical Strategic
  • 22. Q & A G. © ControlCase. All Rights Reserved. 22
  • 23. THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com