Continuous auditing is the breakthrough needed to improve assurance, transparency and trust in cloud services
About the Event
This workshop revolves around the EU-SEC approach for adopting Continuous Auditing Based Certification scheme for Cloud Services. The workshop will include a demo and hands-on session showing the pilot architecture modules and functionalities for the end-users and auditors.
Third party audits and certifications have become the most effective solution to increase the level of trust in the reliability of security and privacy measures implemented by CSPs. Such audits are traditionally performed annually or bi-annually, which means that whenever interim changes are made to security and privacy practices, these amendments go unaudited until the next official check. This creates gaps in assurance during the periods where no audits are conducted. While this may be an acceptable risk for some cloud customers, for others, these assurance gaps remain a strong barrier to cloud adoption.
The EU-SEC project is developing a process that will bring continuous assurance by addressing the lack of regularity and proactivity of traditional “point-in-time” certifications. The method developed for this is called Continuous Auditing Based Certification. By using technology to monitor and flag non-compliant activity on an ongoing basis, continuous auditing delivers an enhancement to traditional certification. It increases the assessment frequency via a continuous workflow. State of the art security monitoring systems supervise the IT’s security status by collecting data from the CSP’s information system. This collected data is further assessed and used as the basis for continuous auditing.
Who should attend?
- Cloud Service Providers
- Cloud users
- Auditors
- Regulators and policy maker will benefit by recognizing the potential of the CABC approach and its value in European and national regulations
- How to provide Cloud Services in a secure way
- How to fulfil security, privacy and regulatory requirements by applying a continuous and semi-automated audit on Cloud Services.
Agenda
The workshop will be led by experts from the EU-SEC consortium, including CaixaBank, Fraunhofer, and CSA.
9:00 – 9:30: Registration and welcome coffee
9:30 – 10:00: Presentation and EU-SEC Project introduction
10:00 – 10:40: Introduction to the Continuous Auditing Based Certification (CABC) scheme for Cloud Services (CSA)
10:40 – 11:10: Coffee Break
11:10 – 11:30: The EU-SEC Continuous Auditing Based Certification pilot
11:30 – 12:00: CABC for Cloud Users (Caixa)
12:00 – 13:00: Lunch Break
13:00 – 13:30: CABC for CSPs (FABASOFT)
13:30 – 14:00: CABC for Technology Providers (Fraunhofer AISEC)
14:00 – 14:30: CABC for Auditors (NIXU)
14:30 – 15:00: Coffee Break
15:00 – 15:30: CABC for Certification Authorities (CSA)
15:30 - 16:00: Round Table discussion (Questions and Answers)
Attendee profile/learning level
Intermediate – Delegate has a working knowledge of the topic covered but is not yet an advanced practitioner. Intermediate sessions are geared toward delegates who have some competence in the subject under discussion resulting from prior training, education and/or work experience.
Learning objectives
Thanks to this workshop the attendees will acquire a theoretical understanding and practical implementation tips on:
- The purpose and objectives of Continuous Auditing Based Certification.
- The CABC life-cycle and its processes.
- The business drivers for and benefits of the adoption of CABC
- How to use the CABC in real life (with dedicated tips for the different target audiences, i.e. CSPs, Customers, Auditors & Consultant and scheme owners & regulators)
Venue
Fraunhofer FOKUS
Kaiserin-Augusta-Allee 31
10589 Berlin, Germany
Related Links:
