Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

The elastic and dynamic nature of cloud computing often creates challenges to perform risk and compliance management adequately. One of the reasons for this is

The elastic and dynamic nature of cloud computing often creates challenges to perform risk and compliance management adequately. One of the reasons for this is that the methods that allowed risk and compliance management for the traditional, on-premise infrastructure do not always translate to the cloud.
The CSAs CCM is a framework for governance, risk management, and security compliance. It helps both cloud vendors and business organizations grow and use their cloud ecosystem securely by having the required controls to meet security and risk management objectives.
In addition to CCM, another powerful tool that CSA provides is the Security, Trust, Assurance, and Risk (STAR) Registry, which comprises a self-assessment, audit, and certification to identify cloud providers who adhere to the CCM framework. The results of the STAR assessment are public and available on CSA's website under two levels:
STAR Level 1: Organizations submit a self-assessment.
STAR Level 2: Organizations earn a certification or third-party attestation.
For this assignment, assume you are looking for a cloud provider with the proper security and data privacy level for your organization. Then, use the CSA's STAR Registry Links to an external site. to filter the various CSP and select one to answer the following questions:
Provide an overview of the CSA and its STAR Registry, including its benefits.
Explain what CSA's CCM is, including a brief description of each of its categories.
Introduce the CSP you have selected from the STAR registry. This includes a background on the organization and a summary of the particular product on which STAR is performed.
How well is your CSP prepared to communicate with stakeholders should any problems arise?
What kind of documentation does the CSP have in place around policies and procedures for certain security situations?
How knowledgeable and skilled are the CSP's security staff?
What kind of monitoring and measurement tools are in place?
Does your CSP leverage another cloud provider (i.e., AWS)? If so, for which control domains?
How satisfied are you with the level of notes the CSP provided for the various control domains?
How likely are you to recommend this CSP? Please explain.
Note: The level of detail in the self-assessment may vary between different CSPs. In the case where your selected CSP does not have enough information to answer the questions above, you have the option to choose a different CSP or perform additional research outside of the CSA registry. However, please cite any resources besides the CSA registry.
Resources
CSA's STAR Registry

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Structured Search For Big Data From Keywords To Key-objects

Authors: Mikhail Gilula

1st Edition

012804652X, 9780128046524

More Books

Students also viewed these Databases questions