CCM Implementation Guidelines v2
Featured Episode
Logging and Monitoring
In this presentation we focus on the Logging and Monitoring domain, which includes thirteen control specifications that help both Cloud Service Providers
(CSPs) and Cloud Service Customers (CSCs) collect, store, analyze, and report on activities and events in their cloud environments. These controls are
All episodes
Date
Business Continuity Management and Operational Resilience (BCR)
Debjyoti Mukherjee (Associate Director, Cloud Governance, RBC) and David Skrdla (Senior IT Auditor, CamGen Partners)
In this presentation, we introduce the CCM business Continuity Management and Operational Resilience domain, comprising eleven control specifications.
This domain focuses on protecting the availability of essential business processes, infrastructure, and services. It aims to minimize disruptions and ma
Change Control and Configuration Management
Geoff Bird (CISO, Mount Street) and Johan Olivier (Security and Compliance Director, Qorus Docs)
This presentation explores the Change Control and Configuration Management (CCCM) domain of the Cloud Control Matrix (CCM). With its nine control
specifications, this domain focuses on mitigating risks associated with configuration changes to information technology (IT) assets by adherence to a r
Cryptography, Encryption and Key Management
Akshay Bhardwaj (Security Business Lead, Sprinklr Inc.) and Kerry Steele (Principal, Payments and Cloud Advisory, Coalfire Systems Inc.)
In this presentation we explore the Cryptography, Encryption, and Key Management (CEK) domain within the Cloud Control Matrix (CCM) that comprises
twenty-one control specifications. The CEK domain focuses on safeguarding Cloud Service Customers' (CSCs) data through cryptographic techniques,
Data Security and Privacy Lifecycle Management
Arpitha Kaushik (Senior Manager Technical Risk, Marvell Technology Inc.) and Yazad Khandhadia (Head of Architecture, Emirates NBD)
In this presentation we explore the Data Security and Privacy Lifecycle Management (DSP) domain, which includes nineteen control specifications focused on
privacy and data security. These controls are globally applicable and not tied to any specific industry, country, or regulation, though they reflect com
Identity and Access Management
Gaurav Gupta (Deputy CISO, Lord Abbett & Co) and Michael O. Bayere (Principal Officer, CSA Assurance, LLC)
In this presentation we introduce the Identity and Access Management (IAM) domain, which includes sixteen control specifications aimed at helping both
Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) follow security best practices for managing identities and access to cloud resourc
Infrastructure and Virtualization Security
Simon Leech (Director, Hewlett Packard Enterprise) and John B. Oseh (Information Security Consultant, Handensbanken Plc, UK)
In this presentation we delve into the Infrastructure and Virtualization Security (IVS) domain, which comprises nine control specifications designed to guide
both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) in securing infrastructure and virtualization technologies. This domain cover
Threat and Vulnerability Management
Simon Leech (Director, Hewlett Packard Enterprise) and John B. Oseh (Information Security Consultant, Handensbanken Plc, UK)
In this presentation we cover the Threat and Vulnerability Management (TVM) domain, which features ten control specifications aimed at helping both Cloud
Service Providers (CSPs) and Cloud Service Customers (CSCs) proactively identify and mitigate security threats and vulnerabilities in the cloud environ
Governance, Risk Management and Compliance
David Souto Real (Enterprise Security Architect, Airbus) and David Skrdla (Senior IT Auditor, CamGen Partners)
In this presentation we introduce the*Governance, Risk Management, and Compliance (GRC) domain of CCM, which consists of eight control specifications.
These controls are designed to help Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) ensure that their governance, enterprise risk
Human Resources - Security Implementation Best Practices
Johan Olivier (Security and Compliance Director, QorusDocs)
In this presentation we focus on the Human Resources (HRS) security domain, which comprises thirteen control specifications designed to help cloud
organizations manage risks associated with insider threats. These controls ensure that personnel handling sensitive data are trustworthy, properly trai
Application and Interface Security
Ankit Sharma (Security Officer, Compute BU Cisco Systems) and Duronke Owoleso (CRO, The Security Bench)
In this presentation, we introduce the CCM's Application and Interface Security (AIS) domain. With seven control specifications, the AIS domain is focused on
securing the software and interfaces used within cloud environments. It helps organizations identify and mitigate risks during the design and develop
Audit and Assurance
Ashwin Chaudhary (CEO, Accedere Inc.) and Swaminathan R (VP Compliance Audits, Accedere Inc.)
In this presentation we introduce the Audit and Assurance (A&A) domain within the Cloud Control Matrix (CCM). The A&A domain, consisting of six control
specifications, plays a pivotal role in guiding both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) to build the confidence required
Security Incident Management, E-Discovery, and Cloud Forensics
Alana James-Aikins (Senior Security Advisor, Cyber CGI) and Tulika Ghosh (Vice President, Global Investment Banking Company)
In this presentation we introduce the Security Incident Management, E-Discovery, and Cloud Forensics (SEF) domain, which comprises eight control
specifications critical for managing and responding to security incidents, conducting e-discovery, and performing forensics in the cloud. These control
Universal Endpoint Management
Michael Ratemo (Principal Security Consultant, Cyber Security Simplified) and John B. Oseh (Information Security Consultant, Handelsbanken Plc. UK)
In this presentation we explore Universal Endpoint Management (UEM) domain of the Cloud Controls Matrix, which includes fourteen control specifications
focused on mitigating risks associated with endpoints, including mobile devices. The primary concerns in endpoint security relate to user behavior and
Interoperability and Portability
Akash Verma (Continuous Assurance Engineering, Google Cloud)
In this presentation we explore the Interoperability and Portability (IPY) domain of the Cloud Control Matrix (CCM), which comprises four control specifications
aimed at ensuring secure and seamless data exchange across multiple platforms and Cloud Service Providers (CSPs). These controls help Cloud Servi
Logging and Monitoring
Rajashekar Yasani, Senior Cloud Security Engineer, and Akshar Bhardwaj, Security Business Lead
In this presentation we focus on the Logging and Monitoring domain, which includes thirteen control specifications that help both Cloud Service Providers
(CSPs) and Cloud Service Customers (CSCs) collect, store, analyze, and report on activities and events in their cloud environments. These controls are