Continuous auditing is the breakthrough needed to improve assurance, transparency and trust in cloud services
About the Event
This workshop revolves around the EU-SEC approach for adopting Continuous Auditing Based Certification scheme for Cloud Services. The workshop will include a demo and hands-on session showing the pilot architecture modules and functionalities for the end-users and auditors.
Third party audits and certifications have become the most effective solution to increase the level of trust in the reliability of security and privacy measures implemented by CSPs. Such audits are traditionally performed annually or bi-annually, which means that whenever interim changes are made to security and privacy practices, these amendments go unaudited until the next official check. This creates gaps in assurance during the periods where no audits are conducted. While this may be an acceptable risk for some cloud customers, for others, these assurance gaps remain a strong barrier to cloud adoption.
The EU-SEC project is developing a process that will bring continuous assurance by addressing the lack of regularity and proactivity of traditional “point-in-time” certifications. The method developed for this is called Continuous Auditing Based Certification. By using technology to monitor and flag non-compliant activity on an ongoing basis, continuous auditing delivers an enhancement to traditional certification. It increases the assessment frequency via a continuous workflow. State of the art security monitoring systems supervise the IT’s security status by collecting data from the CSP’s information system. This collected data is further assessed and used as the basis for continuous auditing.
Who should attend?
- Cloud Service Providers
- Cloud users
- Regulators and policy maker will benefit by recognizing the potential of the CABC approach and its value in European and national regulations
- How to provide Cloud Services in a secure way
- How to fulfil security, privacy and regulatory requirements by applying a continuous and semi-automated audit on Cloud Services.
The workshop will be led by experts from the EU-SEC consortium, including CaixaBank, Fraunhofer, and CSA.
9:00 – 9:30: Registration and welcome coffee
9:30 – 10:00: Presentation and EU-SEC Project introduction
10:00 – 10:40: Introduction to the Continuous Auditing Based Certification scheme for Cloud Services
10:40 – 11:10: Coffee Break
11:10 – 11:30: The EU-SEC Continuous Auditing Based Certification pilot
11:30 – 12:00: Round Table discussion (Questions and Answers)
12:00 – 13:00: Lunch Break
13:00 – 13:30: CABC for Auditors (NIXU)
13:30 – 14:00: CABC for CSPs (FABASOFT)
14:00 – 14:30: CABC for Cloud Users (Caixa)
14:30 – 15:00: Coffee Break
15:30 – 16:00: CABC for Technology Providers (Fraunhofer AISEC)
16:00 – 16:30: Networking coffee
Attendee profile/learning level
Intermediate – Delegate has a working knowledge of the topic covered but is not yet an advanced practitioner. Intermediate sessions are geared toward delegates who have some competence in the subject under discussion resulting from prior training, education and/or work experience.
Thanks to this workshop the attendees will acquire a theoretical understanding and practical implementation tips on:
- The purpose and objectives of Continuous Auditing Based Certification.
- The CABC life-cycle and its processes.
- The business drivers for and benefits of the adoption of CABC
- How to use the CABC in real life (with dedicated tips for the different target audiences, i.e. CSPs, Customers, Auditors & Consultant and scheme owners & regulators)
10589 Berlin, Germany
As part of the registration for the workshops we provide the following compulsory information, we collect the following required data:
- Last name, first name
- Email address
Should we request additional required data, we will specifically identify them (using an * for example). In addition, our website users often have the opportunity to volunteer additional information.
We process the required data mostly to identify you as event participant and to reserve a place for you. In addition, we agree with you on the type of event, provide you with information for and after the event and overall ensure that you enjoy your participation and the event proceeds smoothly. The volunteered data help us to plan and organise our events in tune with your interests and age.
We collect the data in response to the enquiries of interested parties. According to Article 6 para. 1, page 1, lit. b GDPR, the data collection is necessary for the mentioned purposes, to perform according to the participation contract and to meet the conditions precedent to entering into the participation contract.
We store data, which we collect in context with registrations to events, for six (6) months providing you did not agree to a longer storage period as outlined in Article 6 para. 1, page 1, lit. a GDPR.
In the context with project registrations via Internet form, we work with our service provider Mailingwork GmbH, Birkenweg 7, 09569 Oederan, Deutschland (“Mailingwork”). The purpose of this collaboration is the professional management of online registrations to our projects. In the process, our service provider Mailingwork GmbH stores the provided data in Germany.
We entered into an order processing contract with Mailingwork GmbH. The purpose of the cooperation is the provision of project registration services. In this contract, Mailingwork GmbH agrees to process the data on our behalf in compliance with the General Data Protection Regulation (GDPR) and guarantees to comply with the rights of the affected persons. The general data protection regulations for the websites of the Mailingwork GmbH are available at: https://mailingwork.de/datenschutz/.