cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ToniHahn
(ISC)² Team

Cloud Security Notification Framework

Good afternoon everyone,

  I wanted to start some communication on this topic that someone forwarded me (as the content development manager).  

 

This is new but I like what they are doing and I was wondering if anyone else has heard of this and what your thoughts are.  Being a former GRC person before I came to (ISC)2, of course I think this sounds great and we all know that having common language and common protocols are great to provide consistency. 

 

What do you all think?   

some of the articles
https://techcrunch.com/2021/05/05/emerging-open-cloud-security-framework-has-backing-of-microsoft-go...

https://onug.net/events/an-open-approach-to-multi-cloud-security-notifications/


https://www.devopsdigest.com/onug-cloud-security-notification-framework-csnf

https://www.devprojournal.com/technology-trends/cloud/cloud-security-notification-framework-csnf-see...

 

 

2 Replies
Caute_cautim
Community Champion

Re: Cloud Security Notification Framework

@ToniHahnI think it is a great means of ensuring consistent security alerting and also to hold many cloud providers to account.   I will front up directly, by saying I am an employee of IBM.  Cloud Computing and the many nuances are complex, anything to make it easier for customers and providers is very welcome indeed.

 

Unless one studies each and every Shared Responsibility Model within a Cloud Providers environment and map it to at least NIST SP800-53 (500 controls) of which a good number will be relevant, is an important exercise all clients should undertake and understand the implications in terms of their responsibilities and those of the cloud provider(s) involved.

 

Regards

 

Caute_Cautim

 

 

ToniHahn
(ISC)² Team

Re: Cloud Security Notification Framework

@Caute_cautim - great points and I totally agree with you!!