Good afternoon everyone,
I wanted to start some communication on this topic that someone forwarded me (as the content development manager).
This is new but I like what they are doing and I was wondering if anyone else has heard of this and what your thoughts are. Being a former GRC person before I came to (ISC)2, of course I think this sounds great and we all know that having common language and common protocols are great to provide consistency.
What do you all think?
some of the articles
https://techcrunch.com/2021/05/05/emerging-open-cloud-security-framework-has-backing-of-microsoft-go...
https://onug.net/events/an-open-approach-to-multi-cloud-security-notifications/
https://www.devopsdigest.com/onug-cloud-security-notification-framework-csnf
@ToniHahnI think it is a great means of ensuring consistent security alerting and also to hold many cloud providers to account. I will front up directly, by saying I am an employee of IBM. Cloud Computing and the many nuances are complex, anything to make it easier for customers and providers is very welcome indeed.
Unless one studies each and every Shared Responsibility Model within a Cloud Providers environment and map it to at least NIST SP800-53 (500 controls) of which a good number will be relevant, is an important exercise all clients should undertake and understand the implications in terms of their responsibilities and those of the cloud provider(s) involved.
Regards
Caute_Cautim