29. www.cloudsecurityalliance.org
GRC Stack
GRC Stack
Family of 4 research projects
Cloud Controls Matrix (CCM)
Consensus Assessments Initiative (CAI)
Cloud Audit
Cloud Trust Protocol (CTP)
Impact to the Industry
Developed tools for governance, risk
and compliance management in the
cloud
Technical pilots
Provider certification through STAR
program
Control
Requirements
Provider
Assertions
Private,
Community &
Public Clouds
73. About the Cloud Security Alliance
• Global, not-for-profit organization: 56,000 members
• Building security best practices for next generation IT
• Research and Educational Programs
• Cloud Provider Certification: CSA STAR
• User Certification: CCSK
• Awareness and Marketing
• The globally authoritative source for Trust in the Cloud
www.cloudsecurityalliance.org
“To promote the use of best practices for providing security assurance within Cloud Computing,
and provide education on the uses of Cloud Computing to help secure all other forms of
computing.”
73
74. CSA Fast Facts
• Founded in 2009
• 56,000+ individual members, 70+ chapters globally
• 190+ corporate members
• Major cloud providers, tech companies, infosec leaders, DoD, the Fortune 100 and
much more
• Offices in Seattle USA, Singapore, Helsinki Finland
• Over 40 research projects in 30+ working groups
• Strategic partnerships with governments, research institutions,
professional associations and industry
74
75. Thanks
Phil Agcaoili
Co-Founder & Board Member, Southern CISO Security Council
Distinguished Fellow and Fellows Chairman, Ponemon Institute
Founding Member, Cloud Security Alliance (CSA)
Inventor & Co-Author, CSA Cloud Controls Matrix,
GRC Stack, Security, Trust and Assurance Registry (STAR), and
CSA Open Certification Framework (OCF)
Contributor, NIST Cybersecurity Framework version 1
@hacksec
https://www.linkedin.com/in/philA