Cloud Compliance


As technology advances and organizations increase the use of services in the cloud, it is essential to have more specific controls on cloud security. One of the main problems when outsourcing services in the cloud, is the lack of guarantees that may exist in terms of information security, which is crucial when exposing our data to risks that we do not control directly. A certification or standard in this area can ensure the guarantees that a cloud service provider actually applies from the point of view of information security.

About the Instructor

Luciano Moreira

President of Argentina chapter of the CSA, Luciano Moreira has over 17 years of experience, where the last 12 years specifically in the area of Information Security. Solid knowledge and experience in projects for the implementation and improvement of quality management systems and information security, auditing and compliance control of national and international standards. Instructor of several talks and courses in different training centers and companies. In the last years he has been working to develop and promote the security of information in Argentina through activities carried out with associations such as CSA, DevSecOps, Owasp, ISACA, IEEE. Lead Auditor ISO 27001, 27017 and 27018 ISO 9001 Lead Auditor, CSA STAR Auditor, CCSK (Certificate of Cloud Security Knowledge), Certified Integrator in Secure Cloud Services, etc. Elected Cybersecurity Consultant of the Year at the Cybersecurity Excellence Awards in 2016, 2017 and 2018.

Cloud Legion


Objectives


At the end of this workshop students will be able to clearly identify which are the most important information security certifications and standards applicable to cloud environments, and the possibilities that they can be certified by any entity, audited or requested to their suppliers Cloud.



Cloud Legion


Plan of Studies


This workshop is divided into three parts: Validate how the implementation of an ISMS (ISO 27001), provides an accurate basis for compliance in the cloud. Identify the different ISO/IEC 27001 extensions, which exist today for security in cloud environments: ISO 27017: Annex A of this standard includes a set of extended controls for cloud services. Also, the structure of these controls separately distinguishes the compliance responsibilities that fall on customers, which fall on cloud providers. ISO 27018: This standard focuses on the security of personal data in this type of environment. It is a rule that, like his sister, is a voluntary affiliation, and that despite not guaranteeing, helps compliance with the new European GDPR. Finally introduction to CSA STAR: The certification that defines the battery of controls known as CCM (Cloud Controls Matrix), whose controls are aligned with ISO/IEC 27001. It differs from ISO certifications, because it is a qualified certification (scores bronze, silver and gold).






ISO/IEC 27017

An international code of practice for security controls in the cloud. Describes the specific controls of the cloud to manage security. Ideal for cloud service providers (CSP) and organizations that contract cloud services.

Cloud Legion
Cloud Legion


ISO/IEC 27018

An international code of practice for personally identifiable information (PII) in public clouds. This is especially important with the changing privacy landscape.


CSA Star certification

A rule based on a set of controls owned and created by Cloud Security Alliance (CSA), a global industry body pioneering research and development in cloud security. It contains a management capacity (maturity model) to help organizations improve constantly. Ideal for cloud service providers who seek greater agility and have resources to adapt recurringly.

Cloud Legion


Cloud Legion

ISO/IEC 29100

A privacy work framework for the protection of personal identification information (PII) that specifies a common privacy terminology; defines the actors and their roles in the processing of personally identifiable information (PII); describes privacy protection considerations; and provides references to known privacy principles for IT.




Cloud Audit STAR Certification


We will see how to audit the cloud security of a cloud service provider, evaluate compliance with the Cloud Security Alliance (CSA), Cloud Controls Matrix (MCC) and determine the maturity level of its security controls.

If you want to know more about our courses and workshops, you can send us your query by completing the form below. We will contact you as soon as possible.

Contact us