The Continuous Audit Metrics Catalog

Presented by

Max Pritikin, Principal Software Engineer, Cisco Systems

About this talk

Cloud providers can take full advantage of continuous auditing once standards and best practices for automated assurance tooling exist. We have translated a subset of CCMv4 controls into quantitative characteristics of the cloud service in the form of ISO/IEC 19086 SLOs. The proposed practices for these metrics highlight interconnections between domains and demonstrates how even a small number of metrics can provide assurance for a large number of security objectives. This approach enables organizations to review and measure practices for effectiveness and supports automated certification and evaluation goals such as are found in CMMC Level4 and EU-SEC requirements.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (901)
Subscribers (65473)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa