Hi [[ session.user.profile.firstName ]]

Toward a European Certification Scheme for Cloud Services

In 2019, the Cybersecurity Act became law in Europe, establishing a European Certification Framework. In November 2019, the European Commission tasked ENISA with designing a candidate scheme for cloud services. This work is currently underway. This presentation will first describe the Cybersecurity Act's Certification Framework, and then provide a high-level status on the ongoing work on the scheme for cloud services.
Recorded May 28 2020 42 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Eric Vétillard, ENISA
Presentation preview: Toward a European Certification Scheme for Cloud Services

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Zero Trust Security: An Enterprise Guide Jul 14 2021 1:00 pm UTC 60 mins
    Jerry W. Chapman, Optiv Security
    Join the CSA Triangle Chapter and Jerry W. Chapman from Optiv Security as they bring you an enterprise guide to Zero Trust Security.

    Jerry W. Chapman has been with Optiv Security for 15 years developing and delivering Identity and Access Management (IAM) solutions. With 18+ years of experience in Identity, Jerry has been successfully enabling clients in designing and implementing an IAM strategy that aligns with both their security and business objectives. His job role also includes architecture, engineering and software development as well as software architecture and support. As a subject matter expert in IAM solutions, Jerry supports other cybersecurity practices and experts in positioning Identity and Data as a core component within their enterprise security infrastructure. He also is a key spokesperson for Optiv's Zero Trust strategy.
  • Getting Sassy With SASE Recorded: May 20 2021 61 mins
    Mike Jordan, Founder/Principal of 23Advisory and contributing Cloud Security Alliance | Delaware Valley Board Member
    Join the CSA Delaware Valley and Triangle chapters and our panel of experts in discussing the emerging technologies and challenges around SASE (Secure Access Service Edge).


    By tuning in to this panel discussion one can expect to come away with an understanding of what SASE is, the problems it solves, and what a well thought out implementation looks like. Our panel of experts will discuss multi-cloud use cases, how to operationalize the service and the impact SASE has on digital transformation initiatives.
    Confirmed Speakers

    Panelist – Larry Bilker, EVP CIO of Pyramid Healthcare
    Panelist – Barrett Gobeyn, CISO for UnitedHealthcare
    Panelist – Richard Scott, Chief Security Architect at Optum
    Panelist – Greg Young, VP of Cybersecurity of Trend Micro

    Moderator – Mike Jordan, Founder/Principal of 23Advisory and contributing Cloud Security Alliance | Delaware Valley Board Member
  • Blockchain in the Quantum Era Recorded: Apr 30 2021 12 mins
    Ashish Mehta, Co-chair for Blockchain Working Group, and Bruno Huttner, Co-chair for Quantum Safe Security Working Group
    CSA recently released a document provides an introduction to DLT/blockchain technology, some of its representative applications, and an overview of the leading post-quantum algorithm candidates that are actively being pursued. In this webinar, Ashish Mehta, Co-chair for the Blockchain/DLT Working Group, and Bruno Huttner, Co-chair for the Quantum-safe Security Working Group, talk about what to expect in the document.
  • C-Suite Success in an Age of Digital Transformation Recorded: Apr 15 2021 23 mins
    Illena Armstrong, CSA
    It’s no surprise that organizations of all sizes have embraced the cloud in some capacity, especially this last year as we all contend with a global pandemic. What may be surprising to some of CISOs and other executive stakeholders, however, have been the myriad challenges they face as they move their organizations’ journeys along in their digital transformations. For instance, not only do concerns about network security or regulatory compliance come up when embracing cloud environments, worries concerning a lack of cloud security expertise on staff, too few team members to manage the migrations of various workloads to the cloud, and integrations with current IT infrastructures also plague their embrace of often multiple cloud offerings. With the goal of better supporting the C-suite and the evolution of their cloud strategies, CSA is in the throes of establishing a C-level initiative to help address these and still other challenges. During this talk, we’ll share an initial look at the pillars underpinning this offering and just a few of the components that it ultimately may comprise.
  • Cloud Controls Compliance Assessment for Small and Mid sized XaaS Providers Recorded: Apr 15 2021 66 mins
    Ricky Arora, BP; Rolf Becker, UBS; Friedrich Rub, Raiffeisen Group; Nicolas Weibel, Swiss Re
    Many small service providers have seemingly great and good value service offerings, which are mostly cloud-based. Yet, it is often that exactly these small service providers may have limited security awareness, resulting in uncontrolled and unwanted exposure of sensitive data. The European User Group Enterprise & Cloud Data Protection, together with the Cloud Security Alliance are proposing to establish a trusted cloud controls assessment and certification service for such small service providers who may not be in a position to run through a comprehensive CSA STAR L2 or SOC2 certification but still want to be able to offer an acceptable level of assurance to their clients. The intention is to raise security standards for small cloud-based services, establish an industry-standard trusted assurance level, and reduce overall effort spent by service providers and their clients due to multiple and extensive assessments performed for the same service.
  • The CSA Enterprise Architecture Recorded: Apr 15 2021 30 mins
    Jon Michael Brook
    Overview of the CSA Enterprise Architecture.
  • Cloud Security Under the NIS Directive Recorded: Apr 15 2021 30 mins
    Marnix Dekker, ENISA
    Marnix will speak about the cloud security provisions in the NIS Directive, the work ENISA has been doing with the EU Member States on implementing these provisions, and briefly touch on other relevant policy developments like the EU cloud certification scheme and the Commission's NIS2 proposal, which aims to update the current NIS DIrective, and which brings cloud services into the category of essential services.
  • On the Road to Zero Trust Recorded: Apr 15 2021 32 mins
    Bob Flores & Juanita Koilpillai, CSA Zero Trust WG
    In this session you will learn how to navigate the various technologies and processes to transform your organisation to fundamentally change the effectiveness of security and data sharing across DoD networks.
  • What An Auditor Needs to Know About Cloud Computing Recorded: Apr 15 2021 33 mins
    Moshe Ferber, Cloud Security Expert
    As cloud computing continues to grow and mature, it becomes clear that proper governance, risk management and audit processes play vital roles in assuring cloud workloads are secure. In this presentation, we will review the foundation of cloud governance programs that every cloud professional should know: cloud policy, provider evaluation methodologies and risk management frameworks.
  • Taking Control of IoT: An Enterprise Perspective Recorded: Apr 14 2021 23 mins
    Hillary Baron, CSA
    The proliferation of Internet of Things (IoT) devices has dramatically changed the connected ecosystems in homes and enterprises over the past decade. Many enterprises have implemented these devices for the endless potential of these devices to address current business challenges and improve overall efficiency. To do this these devices collect data on everything from the mundane to highly confidential. Due to the nature of the data being collected, IoT devices are of the utmost importance to secure. However, this is a difficult task for many enterprises. This presentation will answer the questions...
  • How Do We Tell Security Truths That Might Hurt? Recorded: Apr 14 2021 29 mins
    Edward Amoroso, TAG Cyber LLC
    Eleven uncomfortable truths (inspired by an iconic classic note from Edsger Dijkstra) are shared about the current state of cybersecurity.
  • Strategia e tattica nella protezione dei container e microservizi Recorded: Mar 22 2021 59 mins
    Paolo Foti, CSA Italy; Yvette Agostini, CSA Italy; Marco Rottigni, Qualys
    I container applicativi e le architetture dei microservizi vengono utilizzate, come definito nel documento NIST SP 800-180, per progettare, sviluppare ed implementare applicazioni software che sfruttano metodologie di sviluppo agili come il DevOps.
    L’agilità e il dinamismo dei container applicativi richiedono tuttavia alcune attenzioni in tema di sicurezza, con l’obiettivo di preservare la sicurezza ed integrità dell’intero Software Development Life Cycle.
    CSA Italy presenterà alcune raccomandazioni di CSA elaborate nell’ambito del gruppo di lavoro «Application Containers and Microservices» (https://cloudsecurityalliance.org/research/working-groups/containerization/), mentre QUALYS ci farà vedere come implementare una security “built-in” nelle tre fasi del ciclo di vita di un container (build, ship, run) e supportare l’identificazione della superficie vulnerabile per difendere in modo attivo la fase di runtime.
  • How do you get into a CyberSecurity or Cloud Security Career in 2021? Recorded: Mar 18 2021 61 mins
    CSA Triangle Chapter
    How do you get into a CyberSecurity or Cloud Security Career in 2021?



    Panelists:

    Caroline Wong

    Caroline is the CSO at Cobalt.io, a Pentest as a Service (PtaaS) platform that simplifies security and compliance needs of DevOps-driven teams with workflow integrations and high-quality talent on-demand.

    Caroline is a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga and is also an author. Her writings have helped many in DevSecops and Security Metrics.

    Email: caroline@cobalt.io





    My-Ngoc "Menop" Nguyen

    Menop is An accomplished, highly skilled, solutions-oriented Executive with notable success in leading, growing, maturing, and sustaining businesses and is a SANS Certified instructor holding the GSLC, GSTRT, GPEN and GCIH certifications and is a SANS certified instructor. She is also CISSP certified and is the current CEO of Secured IT Solutions, a Las Vegas based security firm that specializes in Cyber Security, IT and management consulting.

    Email: myngocn@gmail.com



    Jessica Donahue

    Hays

    Principal CyberSecurity Account Manager

    Jessica Donahue is a Principal Account Manager at Hays, specializing in Cybersecurity. Located in Raleigh, NC, she is a consultant, advisor, and expert in the Triangle on Security, IT, and Tech hiring and recruiting. Jessica helps her clients with their hiring strategy and provides valuable market insight and information on salary trends. She connects her clients with highly qualified and skilled candidates who meet their hiring needs through contract, contract-to-hire and full time employment. If you are having trouble filling your Cybersecurity position, reach out to Jessica!

    Email: jessica.donahue@hays.com
  • Cloud Breach Incident Response & Forensics Recorded: Mar 16 2021 62 mins
    Mike Raggo, Cloud Security Engineer, CloudKnox Security
    Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look among the plethora of services available through Cloud Service Providers such as AWS and Azure. In this session we'll enumerate sources of forensic evidentiary data among the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real world breaches will be highlighted providing practical approaches to exposing the attacker's methods and compromise.

    Speaker: Mike Raggo, Cloud Security Engineer, CloudKnox Security

    Michael T. Raggo has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in products including Samsung, Checkpoint, and Netgear. His current research focuses on hybrid cloud security risks and threats. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
  • CCSK Training and Certification Guidelines & Introduction to the CCM Recorded: Mar 11 2021 52 mins
    Eleftherios Skoutaris, Innovation Analyst, CSA EMEA, & Ryan Bergsma, Training Director, CSA
    Join the CSA South Florida Chapter as we explore the Certificate of Cloud Security Knowledge (CCSK). The Certificate of Cloud Security Knowledge (CCSK) enables everyone the ability to utilize cloud services more securely and speak with confidence about cloud security concerns. The CCSK gives a broad overview of cloud security and affords critical insights into issues such as data security, key management and identity and access management.

    This event will introduce Cloud Controls Matrix (CCM), a cloud security controls framework specifically designed to provide fundamental security principles that guide cloud service vendors toward the most secure practices and to assist prospective cloud customers in assessing the overall security of cloud providers.
  • Level Up Your Detection and Response in SaaS Apps Recorded: Jan 27 2021 49 mins
    Ben Johnson, CTO & Co-Founder, Obsidian Security
    Presented by: CSA Washington DC Metro Chapter

    SaaS powers the modern workplace, as organizations move their critical business systems such as email, collaboration, sales and marketing to third-party SaaS applications. With more and more of the business data sitting in these cloud applications, threat-focused teams need to figure out how to run detection and incident response workflows on systems they don’t own and control. Obsidian CTO and former NSA engineer Ben Johnson will discuss how you can get better at detecting, investigating, and responding to unwanted behavior such as unauthorized access across multiple SaaS platforms using native cloud capabilities and third-party systems.

    Speaker: Ben Johnson, CTO & Co-Founder, Obsidian Security

    Speaker Bio: Ben Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded Carbon Black and most recently served as the company's Chief Security Strategist. As the company's original CTO, he led efforts to create the powerful capabilities that helped define the next-generation endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as a cyber engineer in an advanced intrusion operations division for the intelligence community. Ben is active in the cybersecurity community, where he is a technical advisor to the US FISA Court and sits on the boards of multiple security startups.

    Ben earned a bachelor's degree in computer science from the University of Chicago and a master's degree in computer science from Johns Hopkins University. He lives in Newport Beach, CA with his wife and three sons.
  • Come posso fidarmi di un fornitore Cloud ? Recorded: Jan 27 2021 69 mins
    Alberto Manfredi, Mauro Palmigiani, Umberto Pirivano
    Dalla qualifica AGID alla nuova iniziativa CSA Trusted Cloud Provider.
    Nel 2020 abbiamo assistito ad un’ulteriore conferma della crescita del mercato cloud italiano, in particolare dei modelli di servizio SaaS grazie anche alla riconversione di applicazioni precedentemente sviluppate, ed installate, on-premise. Stanno inoltre acquisendo un’importanza rilevante le conformità a leggi e norme sulla cyber security e privacy. Alcune delle domande a cui si è chiamati a rispondere in un dialogo cliente-fornitore sono pertanto:
    ho ancora il controllo delle mie informazioni ?
    Il fornitore ha esperienza nella gestione in sicurezza del nuovo servizio in cloud ?
    Come valuto la fiducia del fornitore cloud ?
    CSA propone dal 2021 un percorso di qualifica per Fornitori Cloud chiamato CSA Trusted Cloud Provider. Ne parleremo con il nostro partner Palo Alto Networks alla luce della loro esperienza nell’ambito della qualificazione dei loro servizi SaaS sul marketplace AGID dei fornitori Cloud per la PA italiana (cloud.italia.it). Nell'ottica del modello di shared responsibility per la cloud security, PaloAlto Networks ci mostrerà le best practice che i clienti dovrebbero considerare per ottenere una postura di sicurezza adeguata qualunque sia il loro grado di maturità nell'adozione di IT in cloud.
  • Dealing with an Adolescent Cloud Recorded: Dec 15 2020 40 mins
    Ross Young, CISO of Caterpillar Financial Services Corporation
    Summary: Would you like to learn how to secure the cloud? This webcast will go in depth on AWS's 7 secure design principles and walk you through a variety of open source tools that your organization can deploy to secure a cloud environment. For each principle we will demonstrate a Fundamental and Advanced approaches to transform any organization


    Speaker Name: Ross Young

    Speaker info: CISO of Caterpillar Financial Services Corporation, SANS Instructor, Johns Hopkins University Instructor, CISO Tradecraft Podcast Co-Host, and Creator of the OWASP Threat and Safeguard Matrix (TaSM)

    Speaker profile: https://www.linkedin.com/in/mrrossyoung/
  • Le principali minacce nel Cloud: analisi di 9 attacchi e cosa abbiamo imparato Recorded: Dec 14 2020 55 mins
    Paolo Foti, CSA Italy e Marco Rottigni, EMEA Qualys
    Il webinar e’ organizzato da CSA Italy e Qualys con l'obiettivo di analizzare le best practice di cloud security sulla base di 9 attacchi rilevati verso aziende importanti a livello internazionale, valutando successivamente l'applicabilità di alcuni approcci e soluzioni disponibili che aiutino ad identificare la superficie vulnerabile, arricchire il contesto , prioritizzare il rimedio e mantenere una visione dinamicamente aggiornata sull’inventario delle risorse cloud e la postura di sicurezza.
  • The Shift to Cloud-Based, Intelligent Ecosystems Recorded: Oct 28 2020 60 mins
    Paul Kurtz, Bob Gourley, Chase Cunningham,& John Yeoh (moderator)
    In a document titled “Cloud-Based, Intelligent Ecosystems” CSA proposes a call to action for security executives to break the endless cycle of iterative tool adoption and, instead, move to data-centric security operations, driving integration and automation leveraging cloud-based fusion. Here, we break down the white paper and open discussion on redefining intelligence, sharing data, today’s overabundance of security tools, and more.

    What you’ll learn:
    - How “intelligence” is being redefined in the industry
    - The challenges of integrating data from internal security tools and external threat feeds.
    - How to build a Cloud-based, secure, intelligent ecosystem
Exploring the latest research from CSA.
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Toward a European Certification Scheme for Cloud Services
  • Live at: May 28 2020 8:00 am
  • Presented by: Eric Vétillard, ENISA
  • From:
Your email has been sent.
or close