Presented by - Arun Vivek IYER (Head of Cloud & Container Security – Cyber Security Services, Standard Chartered Bank & Co-chair, CCM ABS Mapping WG, CSA)
In the technology space, there are also multiple frameworks and guidelines available, such as the above-mentioned TRM, ISO/IEC 27001 & 27002 and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP and the Cloud Computing Implementation Guide (CCIG) v2.0 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies. Because of this complex landscape, cross-mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. This presentation will cover the mapping exercise the CSA WG did to evaluate the similarities and gaps between CCIG and the numerous frameworks mapped in the Cloud Controls Matrix (CCM). Singapore FIs who are already in line with CCIG will benefit through being able to easily identify and fulfill additional controls (gaps) on top of the CCIG to achieve adherence to another targeted framework within CCM, which is useful when expanding to other markets.