 |
Cloud security alliance has released cloud control matrix which is a cyber-security control framework for cloud computing, composed of 133 control objectives that are structured in 16 domains. It can be used as a guide to determine which security controls should be implemented by which actor for the systematic assessment of a cloud implementation. The controls in the CCM are mapped against industry-accepted security standards, regulations, and control frameworks including but not limited to: ISO 27001/27002/27017/27018, NIST SP 800-53, AICPA TSC, ENISA Information Assurance Framework, German BSI C5, PCI DSS, ISACA COBIT, NERC CIP, and many others. The control matrix defines various protective/defensive metrics that can be used for safeguarding various threats that are discussed in the Top 10 Cloud Threats that are frequently observed in the digital world. There are various tools such as Cloud Watch from Amazon, Lynis, CIS-CAT etc., that can be used to monitor the critical resources of an organization. However, in such initiatives, it is observed that the focus was mainly on providing the ability to audit or privacy protection of cloud data objects or related operations of a cloud platform whereas in our approach the emphasis was more on using the data provenance capability of the underlying blockchain network for security analysis. |
IEEE/ICACT20230046 Slide.07
[Big Slide]
[YouTube]