How to Improve the Accuracy and Completeness of Cloud Computing Risk Assessments?
Published 06/24/2019
By Jim de Haas, cloud security expert, ABN AMRO Bank
This paper aims to draw upon the security challenges in cloud computing environments and suggests a logical approach to dealing with the security aspects in a holistic way by introducing a Cloud Octagon model. This model makes it easier for organizations to identify, represent and assess risks in the context of their cloud implementation across multiple actors (legal, information risk management, operational risk management, compliance, architecture, procurement, privacy office, development teams and security).
Why the Cloud Octagon Model?
Developed to support your organization’s risk assessment methodology, the Cloud Octagon model provides practical guidance and structure to all involved risk parties in order to keep up with rapid changes in privacy & data protection laws, regulations, changes in technology and its security implications. The goals of this model are to reduce risks associated with cloud computing, improve the effectiveness of the cloud risk team, improve manageability of the solution and lastly to improve security.
Positioning the Octagon Model in Risk Assessments
What if an organization already has procedures and tools for cloud risk assessments or its regulator demands that the risk assessment methodology is supported by international standards? The octagon model can be used to supplement an organization’s existing risk assessment methodology. By applying it, risk assessments will be both more complete and accurate.
Security controls
The whitepaper contains information about 60 security controls that are included in the model. These 60 security controls are spread across the octagon aspects. No matter how complex or large your cloud project is, talking about these 60 controls will result in a proper risk assessment.
Game on!
In addition to structured education and certification programs, learning about cloud security while playing a game is a great way to get the message across. One of the initiatives to raise awareness of cloud computing security among the 2nd line experts is to develop and produce a game board version of the octagon model. The game was developed with help from the gamemaster. By playing, participants will learn what the relevant topics are to discuss during a risk workshop.
Interested in learning more? You can download the Cloud Octagon Model for free here.
https://cloudsecurityalliance.org/artifacts/cloud-octagon-model/
Related Articles:
The Evolution of DevSecOps with AI
Published: 11/22/2024
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
Managing AI Risk: Three Essential Frameworks to Secure Your AI Systems
Published: 11/19/2024