CSA APAC Codebook - November 2018
Release in November 2018
Using Blockchain Technology to Secure the Internet of Things" - Japanese Version
This CSA white paper explores the capabilities of blockchain technology in facilitating and improving the security of the internet of things (IoT). It highlights various features that should be considered when securing connected devices using blockchain technology. The document provides a high-level overview of blockchain technology and then outlines a set of architectural patterns that enable blockchain to be used as a technology to secure IoT capabilities. It also offers specific use-case examples of blockchain for IoT security.
The CSA Japan Chapter has released the Japanese version of the report. Download the report here. |
Special Message from Cloud Security Alliance
Welcome to new CSA Corporate Member - National Supercomputing Centre Singapore
The National Supercomputing Centre Singapore (NSCC) is Singapore’s national supercomputers center and has the objective of supporting national R&D initiatives, attracting industrial research collaboration and enhancing Singapore’s research capabilities. NSCC has recently joined the CSA as a corporate member.
|
Highlights
1. MOU signing with Enterprise Singapore on CIR
An MOU was signed to develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies.
The MOU was signed by Dr. Hing-Yan Lee (EVP, CSA APAC) and Mr. Tak-Leong Cheong (Director of Standards, ESG). This collaboration will follow in the successful footsteps of the MOU signed between CSA APAC and SPRING Singapore (now ESG) in June 2013 to develop a joint whitepaper entitled ‘Best Practices for Mitigating Risks in Virtualized Environments’. This whitepaper, based on Singapore’s TR 30:2012 on “Virtualization Security for Servers” and CSA’s Cloud Controls Matrix, was published in May 2015, and subsequently provided as an input document to steer international standardization efforts at ISO. The result was the ISO/ IEC 21878 – “Security Guidelines for Design and Implementation of Virtualized Servers” published in November 2018. Read more here. |
2. Release of ISO 21878 Standard
The International standard ISO/IEC 21878 – Security Guidelines for Design and Implementation of Virtualized Servers was published recently. This resulted from an international and Singapore effort as seeded by a whitepaper contributed by CSA and SPRING Singapore (see earlier story).
The purpose of this document is to provide security guidelines for the design and implementation of virtual servers (VSs). Design considerations focusing on identifying and mitigating risks, and implementation recommendations with respect to typical VSs are covered in this document. Read more here.
The purpose of this document is to provide security guidelines for the design and implementation of virtual servers (VSs). Design considerations focusing on identifying and mitigating risks, and implementation recommendations with respect to typical VSs are covered in this document. Read more here.
3. Development of Cloud Security Guidance, with mapping of MY PDPA Standard to CCM Control Domains, jointly developed by MDEC & CSA
The inclusion of the Malaysian Personal Data Protection Standards into the CSA CCM aligns the regional standard to over thirty global frameworks mapped in the CSA framework. Additionally, the mapping, conducted by the Malaysian Digital Economy Corporation (MDEC) and several Malaysian government agencies, further expands the coverage of the CSA CCM into the APAC region.
Four sections from Malaysian Personal Data Protection Act 2015 (MY PDPA) were mapped with CCM control domains. This was accomplished through matching each control in the CCM to control(s) in MY PDPA to determine equivalence. This approach considered which CCM control is associated with control(s) in MY PDPA, and to what degree they are equivalent to each other. The extent of equivalence between controls of the two frameworks approximates the amount of efforts necessary to incorporate MY PDPA, using CCM as a base.
Read more here.
Four sections from Malaysian Personal Data Protection Act 2015 (MY PDPA) were mapped with CCM control domains. This was accomplished through matching each control in the CCM to control(s) in MY PDPA to determine equivalence. This approach considered which CCM control is associated with control(s) in MY PDPA, and to what degree they are equivalent to each other. The extent of equivalence between controls of the two frameworks approximates the amount of efforts necessary to incorporate MY PDPA, using CCM as a base.
Read more here.
4. Call for Participation in Working Groups (WGs)
- Cloud Incident Response WG
We seek feedback and suggestions to the WG Charter here (closing 17 Dec 2018). To find out more about the WG here and to join the WG here. - High-Performance Computing Cloud Security WG
This WG will be launched soon. It will develop a security framework for High Performance Computing (HPC) Clouds. If you are interested to join the WG, please email [email protected]. - WG to map Cloud Controls Matrix & Association of Banks’ Singapore Cloud Computing Implementation Guide
5. CSA APAC Research Advisory Council (APRAC)
The APRAC was formed with the mission to enhance overall capabilities in cloud security for CSA APAC members, through collaboratively addressing APAC-specific gaps, challenges and problem statements; and developing and maintaining a vibrant APAC-driven research portfolio. The kick-off meeting of the APRAC was held on 1 November 2018. To find out more about the APRAC, click here.
6. Cloud Adoption Survey in Financial Services Industry (FSI) in the Philippines
CSA APAC is conducting a survey on FSI cloud adoption in the Philippines, where aggregated data and analysis will eventually be published in a CSA survey report. We are seeking respondents for the survey. If you work in an organization in the Philippines FSI sector and is interested to contribute, please contact us at [email protected]. All survey submissions are completely anonymous.
Upcoming CSA Events - 2019
- CSA Japan Summit 2019
- CSA Indonesia Summit 2019
- CSA ASEAN Summit & CSA APAC Congress
- CSA Bangalore Summit 2019
- CSA New Delhi Summit 2019
- CSA Hyderabad Summit 2019
For upcoming CSA APAC events and sponsorship inquiries, please contact us at [email protected]
CCSK Classes in APAC
CCSK Foundation v4
17 - 18 December | Kuala Lumpur
https://lgms.global/csa-certificate-of-cloud-security-knowledge/
CCSK Plus v4
17 - 19 December | Kuala Lumpur
https://lgms.global/csa-certificate-of-cloud-security-knowledge/
CCSK Plus v4
28 -29 January 2019 | Jakarta
https://www.eventbrite.co.uk/o/cloud-security-alliance-839645663
17 - 18 December | Kuala Lumpur
https://lgms.global/csa-certificate-of-cloud-security-knowledge/
CCSK Plus v4
17 - 19 December | Kuala Lumpur
https://lgms.global/csa-certificate-of-cloud-security-knowledge/
CCSK Plus v4
28 -29 January 2019 | Jakarta
https://www.eventbrite.co.uk/o/cloud-security-alliance-839645663
Contact List
General inquiries: [email protected]
Membership information: [email protected]
Research information: [email protected]
Official Website: www.cloudsecurityalliance.org
Facebook: Cloud Security Alliance Asia Pacific
LinkedIn: Cloud Security Alliance
Twitter: @cloudsa_apac
WeChat: csa_china
Membership information: [email protected]
Research information: [email protected]
Official Website: www.cloudsecurityalliance.org
Facebook: Cloud Security Alliance Asia Pacific
LinkedIn: Cloud Security Alliance
Twitter: @cloudsa_apac
WeChat: csa_china