CCM Addendum for Associated Banks of Singapore
Blog Article Published: 09/16/2020
Written by: Co-chair - Arun VIVEK, Head of Cloud & Container Security – Cyber Security Services, Standard Chartered Bank
CSA CCM & Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 Controls
This week CSA released a Cloud Controls Matrix (CCM) addendum and Gap Analysis Report for Associated Banks of Singapore. The report will help Singapore financial institutions who are already in line with ABS CCIG 2.0 to easily identify and fulfill additional controls (gaps) on top of the ABS CCIG 2.0 and to achieve adherence to other targeted frameworks within CCM.
The financial services industry is one of the most critical sectors in any market, and financial institutions (FIs) face myriad regulations. In the case of Singapore FIs, for example, the Banking Act oversees banking institutions, the Securities and Futures Act governs capital market intermediaries, and the Insurance Act regulates insurers. Additionally, there are numerous guidelines, frameworks, and best practices recommended for FIs designed to improve operations, enhance governance, and reduce risks, among other goals. For example, the Monetary Authority of Singapore issued the Technology and Risk Management (TRM) Guidelines to help FIs minimize technology usage risk.
While challenging, it is imperative that conscientious FIs routinely review these available regulations, guidelines, frameworks, and best practices. These FIs should comply with mandatory regulations and carefully analyze which best practices and recommendations to adopt to reduce overall risk exposure and keep up with industry progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. There are multiple frameworks and guidelines available in the technology space, such as the above-mentioned TRM, ISO/IEC 27001 & 27002, and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP, and the Cloud Computing Implementation Guide (CCIG) 2.0 2 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies.
The capacity to map frameworks is a useful and popular tool for FIs seeking compliance under multiple standards and best practices. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) 3 — currently at v3.0.1—provides FIs with this capability because it illustrates the relationship between CSA’s Security Guidance 4 in 14 domains with more than 30 industry- accepted global security standards, regulations, and controls frameworks.
This release comprises a mapping and gap analysis report between the cloud security requirements of Cloud Control Matrix (CCM) V3.0.1 and those of the ABS CCIG 2.0. This effort effectively evaluates the similarities and additional controls that serve to bridge the gap between ABS CCIG 2.0 and the numerous frameworks mapped in the CCM. Singapore FIs which are already in line with ABS CCIG 2.0 will easily identify and fulfill additional controls on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.
Download the mapping & gap analysis report below:
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Related Articles:
CSA Community Spotlight: Establishing Cloud Security Standards with Dr. Ricci Ieong
Published: 04/03/2024
CSA Community Spotlight: Propelling the Industry Forward with Larry Whiteside Jr.
Published: 03/12/2024
11 Months to DORA: EU's New Framework For BFSI
Published: 03/04/2024