Cloud Control Matrix
-
Upload
allen-zhang -
Category
Technology
-
view
200 -
download
0
Transcript of Cloud Control Matrix
Human Resources(12)Asset ReturnsBackground ScreeningEmployment AgreementsEmployment TerminationIndustry Knowledge / BenchmarkingMobile Device ManagementNon-Disclosure AgreementsRoles / ResponsibilitiesTechnology Acceptable UseTraining / AwarenessUser ResponsibilityWorkspace
Governance and Risk Management(3)Risk AssessmentsRisk Management FrameworkRisk Mitigation / Acceptance
Identity & Access Management(13) Audit Tools AccessCredential Lifecycle / Provision ManagementDiagnostic / Configuration Ports AccessPolicies and ProceduresSegregation of DutiesSource Code Access RestrictionThird Party AccessTrusted SourcesUser Access AuthorizationUser Access ReviewsUser Access RevocationUser ID CredentialsUtility Programs Access
Infrastructure & Virtualization Security(12)Audit Logging / Intrusion DetectionChange DetectionClock SynchronizationInformation System DocumentationManagement - Vulnerability ManagementNetwork SecurityOS Hardening and Base ConrolsProduction / Non-Production EnvironmentsSegmentationVM Security - vMotion Data ProtectionVMM Security - Hypervisor HardeningWireless Security
Interoperability & Portability(5)APIsData RequestPolicy & LegalStandardized Network ProtocolsVirtualizationMobile Security(20)Anti-MalwareApplication StoresApproved ApplicationsApproved Software for BYODAwareness and TrainingCloud Based ServicesCompatibilityDevice EligibilityDevice InventoryDevice ManagementEncryptionJailbreaking and RootingLegalLockout ScreenOperating SystemsPasswordsPolicyRemote WipeSecurity PatchesUsersSecurity Incident Management, E-Discovery & Cloud Forensics(5)Contact / Authority MaintenanceIncident ManagementIncident ReportingIncident Response Legal PreparationIncident Response Metrics
Threat and Vulnerability Management(3)Anti-Virus / Malicious SoftwareVulnerability / Patch ManagementMobile Code
Application & Interface Security(4)Application SecurityCustomer Access RequirementsData IntegrityData Security / Integrity
Business Continuity Management & Operational Resilience(12)Business Continuity PlanningBusiness Continuity TestingDatacenter Utilities / Environmental ConditionsDocumentationEnvironmental RisksEquipment LocationEquipment MaintenanceEquipment Power FailuresImpact AnalysisManagement ProgramPolicyRetention Policy
Change Control & Configuration Management(5)New Development / AcquisitionOutsourced DevelopmentQuality TestingUnauthorized Software InstallationsProduction Changes
Data Security & Information Lifecycle Management (8)ClassificationData Inventory / FlowseCommerce TransactionsHandling / Labeling / Security PolicyInformation LeakageNon-Production DataOwnership / StewardshipSecure Disposal
Datacenter Security(9)Asset ManagementControlled Access PointsEquipment IdentificationOff-Site AuthorizationOff-Site EquipmentPolicySecure Area AuthorizationUnauthorized Persons EntryUser Access
Encryption & Key Management(4)EntitlementKey GenerationSensitive Data ProtectionStorage and Access
Cloud Control Matrix 3.0
Audit Assurance and Compliance(3)Audit PlanningIndependent AuditsInformation System Regulatory Mapping
Supply Chain Management, Transparency and Accountability(9)Data Quality and IntegrityIncident ReportingNetwork / Infrastructure ServicesProvider Internal AssessmentsSupply Chain AgreementsSupply Chain Governance ReviewsSupply Chain MetricsThird Party Assessment Third Party Audits
Allen ZhangHMSA
2014 V1