proposal for an european cloud security certification
play

Proposal for an European Cloud Security Certification Scheme for the - PowerPoint PPT Presentation

Mar 30, 2024 •14 likes •144 views

Proposal for an European Cloud Security Certification Scheme for the EU An update by the CSP Certification WG with Q&A Objectives 1. The objective of the group is to explore the possibility of developing a European Cloud Certification

  1. Proposal for an European Cloud Security Certification Scheme for the EU An update by the CSP Certification WG with Q&A

  2. Objectives 1. The objective of the group is to explore the possibility of developing a European Cloud Certification Scheme in the context of the Cybersecurity Act (Title III, esp. Art. 47 (1)) and come up with a recommendation 2. Such a scheme would facilitate a free movement of data and enable a better comparability of Cloud Services Important to note Our Guiding principles ● We are developing a recommendation for a ● Do not reinvent the wheel , but build European Cloud Certification Scheme that we upon what is out there will present to ENISA, European ● Balanced representation Commission, member states and any other ● Aim for the highest common relevant stakeholder denominator for security assurance ● ENISA will be responsible for setting up the scheme in accordance with the Cybersecurity Act

  3. Working Methodology What are the What are the tools: Challenges: ● Strong approved Governance document ● Safeguard a balanced composition of the ● Comprehensive approved Rules of Procedure WG document ○ Supply side vs. demand side ● Monitor attendance and relevant contribution ○ Big companies vs. SME vs. public ● Webinar formats by default every two weeks users/authorities with actions and deliverables assigned to ○ EU centric drafting members ● Quarterly rotating plenary sessions ● Openness, Transparency and ● Online Collaborative tool with: Inclusiveness ○ Community site for discussion and ● Pooling relevant expertise and experience information interchange between drafting ● Promote commitment and effective members contribution ○ A Blog website for the general public (http://cspcerteurope.blogspot.com/)

  4. Working Group Composition All members Observer members Drafting members Access Partnership Accenture Co-chairs CISCO AMAZON ● Helmut Fallmann, FABASOFT (CSP) CISPE ANSSI ● Borja Larrumbide, BBVA-EBF (User) CTO Security Networks AG BBVA/European Banking Federation Rapporteur DINSIC Bitkom/Deutsche Bundesdruckerei Danish Business Authority Bosch GmbH ● Hans Graux, Timelex Google BSI Drafting members: 23=>27 HUAWEI Danish Tax Authority Outscale Deutsche Börse Group Observer members: 14=>23 OVH Fabasoft PWC Fraunhofer/EU Cert/CSA European Commision: 6 SALESFORCE IBM Sistemas de Datos/Digital SME JPMorgan ● DG-CONNECT SCOPE EUROPE LEET Security ● DG-DIGIT Upcloud Oodrive ● JRC VARAM ORACLE ● DG-JUST VdTuev Orange VMWare PWC Santander bank SAP TECNALIA Trusted Cloud UCIMU/Confidustria/Business Europe UNINFO VDMA/BDI Zeker Online

  5. Governance ● Governance document ● Rules of procedure Public ● Collaboration tool (Drafting members can edit and observers can read approved documents) Relevant expertise & ○ Working docs folder (Drafting members only) CSP CERT legitimate interest ○ Minutes folder (all members) Observers ○ Governance, Rules and policies folder (all members) Balanced/Commitment/ ○ Baseline documents folder (all members) effectiveness ○ Glossary (all members) DM ○ Community site (Drafting members only) ○ Webconference bi-weekly audios (Drafting members only) Transparency ○ Blog site: http://cspcerteurope.blogspot.com/ ○ Emails exceptionally used so as to use Collaboration tool How to become a member? Rejection/request to designate Confirmation via email including Confirmation of recepit of expression of interest will NO real expert Send expression of interest with short justification and CV Co-chairs evaluate to: expertise/experience follow. next steps and legitimate cspcerteurope@gmail.com interest. Fulfilled? Observer member *Also application form in blog YES Drafting member (expertise and commitment is required)

  6. Milestones Milestone 3 Milestone 2 To develop a recommendation for a European Cloud Certification Scheme which provides for a clear and To make a comparative analysis of the different conformity comprehensive set of security requirements at given assessment methodologies in existence (most prominent ones) level(s) of assurance in accordance with the requirements set out in the Cybersecurity Act. Conformity Assessment Methodology Continuity & Robustness of: • Reporting Continuous • Monitoring compliance High Independence, trust and/or expertise Over a period of time Regular One time Low Independence, trust and/or expertise Underlying standards / requirements / controls Incomplete Very comprehensive (Assurance Levels) Milestone 1 To agree on a comprehensive set of underlying detailed security objectives.

  7. 2017 Sept Self Regulatory Process Roadmap 2017-2018 ● D a t a 2 E 0 c 1 o ● 7 n ) F o F m D y ●Mobilization of ( & P C a S C c y A k b a relevant S e g r e s e p e ( t S Stakeholder c 2 u e 0 r p i 1 t t 7 y ) P a c k a g e ● K i c k - 2 o f 0 f 1 o 7 f ) t w ●Preparatory phase o W G (Governance & s ( 1 2 composition) t h D e c ● F i r s t ●Approval of governance A o f p f r i c i i l a 2 l and RoP & work on first 0 m 1 8 e e ) deliverable (22nd June t i n g o 2018) f W G ( 1 7 t h ●Political agreement on Free Flow of Data between Council and Parliament ● R o m e ● 1 P 7 t p a h l r ● e i M o n s f a 5 p i t l e O r h l y e s c o n ( a t t a o o 1 f n n b 6 J r d y e e t u h l ( w r y 2 1 4 2 & e 2 t c h 0 s o 0 1 & t 1 a m 8 8 r ) p t ) l m e i t l e ●Trialogues on Cybersecurity Act in e d s t o n e progress ● O p e n m c i l o e n s s t u o n l t e a t i 3 o n d r ● o a f V f t i e n n o a f D p ● e l M e c n e i a l m e r s y b c t o e ( o n r 6 m t e 2 h p 0 2 & 2018 Dec l 1 e & 8 t 7 e ) d 3 t h

  8. Update on draft of milestone 1 Start with the most commonly used standards in Europe from Cloud Certification/attestation based on a study funded by the European Commision and led by Tecnalia

  9. Update on draft of milestone 1 Use ENISA Cloud Certification Schemes Metaframework (CCSM) paper as a reference

  10. Update on draft of milestone 1 Create a high level Gap Analysis based on C5 (BSI), SecNumCloud (ANSSI), ISO 27002/27017/27018, ENISA CCSM and map them to a new Cloud Category based on the Tecnalia study

  11. Update on draft of milestone 1 For each Cloud Category create control objectives mapped to it´s requirements and if feasible reference it to existing implementation standards or documents

  12. Update on draft of milestone 1 For each Cloud Category create control objectives mapped to it´s requirements and if feasible reference it to existing implementation standards or documents

  13. Q&A! Q&A! Q&A! Q&A! cspcerteurope@gmail.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Public-Private proposal for a European Cloud Security Certification Scheme C5 success story and

Public-Private proposal for a European Cloud Security Certification Scheme C5 success story and

Berlin 2 nd April 2019 Public-Private proposal for a European Cloud Security Certification Scheme C5 success story and the way forward to a European certification for cloud services Clemens Doubrava Head of Section of Information Security in

367 views • 36 slides
Final Public-Private recommendation for a European Cloud Security Certification Scheme Timeline

Final Public-Private recommendation for a European Cloud Security Certification Scheme Timeline

Amsterdam 12 th June 2019 Final Public-Private recommendation for a European Cloud Security Certification Scheme Timeline To explore the possibility of developing a European Cloud Certification Scheme in the context of the Cybersecurity Act

663 views • 42 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.1/D4.1

EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.1/D4.1

EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.1/D4.1 EU-SEC D4.1 SI-MPA audit report 30 January, 2019 1 In Introduction The deliverable (D4.1) present an execution of audit pilot in the

278 views • 8 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.4/D4.4

EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.4/D4.4

EU EU-SEC The European Security Certification Framework EU-SEC working package 4 (WP4) T4.4/D4.4 EU-SEC D4.4 Fabasoft & PwC Pilot on Framework Verification 1 Assumptions & Approach I. Assumption: Fabasoft ha a Star attestation and

226 views • 5 slides
Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to assure that safety & security concerns, vulnerabilities, and hazards are adequately addressed prior to the initiation of service. Safety and

97 views • 9 slides
EGI-InSPIRE Cloud Security Implementations/Policies/Certification Sven Gabriel, sveng@nikhef.nl

EGI-InSPIRE Cloud Security Implementations/Policies/Certification Sven Gabriel, sveng@nikhef.nl

EGI-InSPIRE Cloud Security Implementations/Policies/Certification Sven Gabriel, sveng@nikhef.nl Nikhef http://nikhef.nl EGI-CSIRT https://wiki.egi.eu/wiki/EGI CSIRT:Main Page EGI Federated Clouds F2F meeting 13/14 Jan 2014, Oxord, UK 1

716 views • 27 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Cloud Security EGI

571 views • 16 slides
European services e-card Brussels, 22 nd May 2017 1 1.2 Why a proposal on a European Services

European services e-card Brussels, 22 nd May 2017 1 1.2 Why a proposal on a European Services

EFTA workshop on the COM proposal for a European services e-card Brussels, 22 nd May 2017 1 1.2 Why a proposal on a European Services e-Card? a. Rationale behind the proposal b. Main features of the proposal c. Key benefits of an e-card

754 views • 41 slides
Reasons for proposal Member States and national social partners have tackled this differently and

Reasons for proposal Member States and national social partners have tackled this differently and

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on transparent and predictable working conditions in the European Union MEUSAC Consultation Session 21 st May 2018 1 Reasons for proposal In the last 25 years,

374 views • 26 slides
Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography Group Microsoft Research Applications/Scenarios Secure Outsourcing for Business Electronic Health Records Interactive Scientific Publishing

452 views • 4 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
FY 2019 Results Presentation CLOUD TRANSFORMATION JOURNEY Being an european cloud leader for

FY 2019 Results Presentation CLOUD TRANSFORMATION JOURNEY Being an european cloud leader for

FY 2019 Results Presentation CLOUD TRANSFORMATION JOURNEY Being an european cloud leader for non-stop business companies in the cloud transformation era. Milan, March 19 th 2020 Disclaimer This document has been prepared by Wiit S.p.A. (the

330 views • 8 slides
Active for a successful Going & Being Public! Juni 2013 Content Deutsche Brse Listing

Active for a successful Going & Being Public! Juni 2013 Content Deutsche Brse Listing

Deutsche Brse Listing Partner-Network - Active for a successful Going & Being Public! Juni 2013 Content Deutsche Brse Listing Partner-Network Advantages for Deutsche Brse Listing Partner Admission process and fees Contacts 2

255 views • 7 slides
T7 Cloud Simulation On-demand access simulation December 2016 T7 Cloud Simulation December 2016

T7 Cloud Simulation On-demand access simulation December 2016 T7 Cloud Simulation December 2016

T7 Cloud Simulation On-demand access simulation December 2016 T7 Cloud Simulation December 2016 T7 Cloud Simulation In a Nutshell T7 Cloud Simulation allows members and customers to Control the market: Create your own order

314 views • 9 slides
DB1 Ventures Strategic Partner of Choice September 2017 1 Strictly Confidential & Legally

DB1 Ventures Strategic Partner of Choice September 2017 1 Strictly Confidential & Legally

DB1 Ventures Strategic Partner of Choice September 2017 1 Strictly Confidential & Legally Privileged Deutsche Brse Group Contents 1 4 Portfolio Companies Mission and Vision 2 5 Core Team Focus Areas and Value Proposition 3 6

198 views • 9 slides
LEAD RESEARCH TEAM: Erin Francis-Cummings Myha Gallagher President & CEO Senior Director of

LEAD RESEARCH TEAM: Erin Francis-Cummings Myha Gallagher President & CEO Senior Director of

LEAD RESEARCH TEAM: Erin Francis-Cummings Myha Gallagher President & CEO Senior Director of Research W E H A V E W O R K E D W I T H 2 0 0 + T R A V E L & T O U R I S M C L I E N T S Destination Analysts is a market research

1.1k views • 80 slides
United Nations Conference on Trade and Development (UNCTAD) 45 Partner Exchanges Listing over

United Nations Conference on Trade and Development (UNCTAD) 45 Partner Exchanges Listing over

Dr. Anthony Miller Co-coordinator, Sustainable Stock Exchanges Initiative Investment & Enterprise Division United Nations Conference on Trade and Development (UNCTAD) 45 Partner Exchanges Listing over 22,500 companies Named by Forbes US $40+

240 views • 19 slides
Weathering the storm* Budget 2009 PwC *connectedthinking Market capitalisation of banks

Weathering the storm* Budget 2009 PwC *connectedthinking Market capitalisation of banks

Weathering the storm* Budget 2009 PwC *connectedthinking Market capitalisation of banks Citigroup HSBC 255 JP Morgan 215 165 RBS UBS 12 116 0 19 97 85 4.6 35 June 2007/ # Jan 2008 Goldman January 2009 Societe Deutsche Sachs

466 views • 30 slides
Corporate Presentation July 2010 Primary Listing TSX: FSY Website www.forsysmetals.com

Corporate Presentation July 2010 Primary Listing TSX: FSY Website www.forsysmetals.com

Corporate Presentation July 2010 Primary Listing TSX: FSY Website www.forsysmetals.com 1 Cautionary Note Concerning Forward Looking Statements Cautionary Note Concerning Forward Looking Statements Some of the statements contained in

191 views • 17 slides
Module 3 Chapter 3.2 Subchapter 3.2.3 (1) Processing and marketing Slideshow 1: Agricultural

Module 3 Chapter 3.2 Subchapter 3.2.3 (1) Processing and marketing Slideshow 1: Agricultural

Module 3 Chapter 3.2 Subchapter 3.2.3 (1) Processing and marketing Slideshow 1: Agricultural long value chains Prof. Dr. Wolf Lorleberg, Rolf Morgenstern, Bernd Plling SWUAS, Soest, Germany Overview Examples of common value chain:

329 views • 9 slides

More recommend