Threat and Vulnerability Management

Logo
Presented by

Simon Leech (Director, Hewlett Packard Enterprise) and John B. Oseh (Information Security Consultant, Handensbanken Plc, UK)

About this talk

In this presentation we cover the Threat and Vulnerability Management (TVM) domain, which features ten control specifications aimed at helping both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) proactively identify and mitigate security threats and vulnerabilities in the cloud environment. These controls are designed to address evolving threats that could impact assets, security architectures, and solution components. According to the Shared Security Responsibility Model (SSRM), CSPs and CSCs share responsibilities for implementing TVM controls. CSPs are responsible for identifying, assessing, reporting, and remediating vulnerabilities related to infrastructure, network devices, virtualization technologies, operating systems, and platform applications. CSCs, on the other hand, focus on vulnerabilities in their applications and APIs, including security settings and access misconfigurations. Effective collaboration between CSPs and CSCs in implementing TVM controls enhances the overall cloud security posture by addressing vulnerabilities throughout the entire cloud infrastructure, from the underlying platforms to the deployed applications.
Related topics:

More from this channel

Upcoming talks (7)
On-demand talks (952)
Subscribers (72298)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa