Cloud Security Alliance APAC
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice

CSA CCM & Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 Controls

9/16/2020

 
Picture
Written by: Co-chair - Arun VIVEK, Head of Cloud & Container Security – Cyber Security Services, Standard Chartered Bank

​
This week CSA released a Cloud Controls Matrix (CCM) addendum and Gap Analysis Report for Associated Banks of Singapore. The report will help Singapore financial institutions who are already in line with ABS CCIG 2.0 to easily identify and fulfill additional controls (gaps) on top of the ABS CCIG 2.0 and to achieve adherence to other targeted frameworks within CCM.

The financial services industry is one of the most critical sectors in any market, and financial institutions (FIs) face myriad regulations. In the case of Singapore FIs, for example, the Banking Act oversees banking institutions, the Securities and Futures Act governs capital market intermediaries, and the Insurance Act regulates insurers. Additionally, there are numerous guidelines, frameworks, and best practices recommended for FIs designed to improve operations, enhance governance, and reduce risks, among other goals. For example, the Monetary Authority of Singapore issued the Technology and Risk Management (TRM) Guidelines to help FIs minimize technology usage risk.


While challenging, it is imperative that conscientious FIs routinely review these available regulations, guidelines, frameworks, and best practices. These FIs should comply with mandatory regulations and carefully analyze which best practices and recommendations to adopt to reduce overall risk exposure and keep up with industry progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. There are multiple frameworks and guidelines available in the technology space, such as the above-mentioned TRM, ISO/IEC 27001 & 27002, and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP, and the Cloud Computing Implementation Guide (CCIG) 2.0 2 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies.

The capacity to map frameworks is a useful and popular tool for FIs seeking compliance under multiple standards and best practices. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) 3 — currently at v3.0.1—provides FIs with this capability because it illustrates the relationship between CSA’s Security Guidance 4 in 14 domains with more than 30 industry- accepted global security standards, regulations, and controls frameworks.

This release comprises a mapping and gap analysis report between the cloud security requirements of Cloud Control Matrix (CCM) V3.0.1 and those of the ABS CCIG 2.0. This effort effectively evaluates the similarities and additional controls that serve to bridge the gap between ABS CCIG 2.0 and the numerous frameworks mapped in the CCM. Singapore FIs which are already in line with ABS CCIG 2.0 will easily identify and fulfill additional controls on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.

Download the mapping & gap analysis report below:
  • Gap Analysis Report
  • CCM Addendum (controls mapping with the ABS CCIG 2.0))
© COPYRIGHT 2020. Cloud Security Alliance. All Right Reserved