CSA Security Update

EU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSA

October 21, 2019 John DiMaria; Assurance Investigatory Fellow
CSA Security Update
EU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSA
Chapters
CSA Security Update
EU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSA
Oct 21, 2019
John DiMaria; Assurance Investigatory Fellow

Security compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, international and industry-specific standards and certification schemes present in the market, generating "compliance fatigue", not to mention sometimes contradicting audit reports related to similar controls, That often translates into substantial costs for those service providers

The idea behind the MPRF is to provide a unified method of systematic and consistent activities with the goal of minimizing the burden of obtaining certification "Y" for a CSP, once it has already obtained certification "X". The MPRF’s purpose is, therefore, to use and promote a comparison analysis between different security frameworks, standards,
and best practices.

Listen as Damir Savanovic; Senior Analyst & Researcher; CSA and project manager for the EU-SEC project discusses this exciting evolution of the compliance eco-system and how it promises to change how we approach security assessments in the near future. 

Show Notes

Security compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, international and industry-specific standards and certification schemes present in the market, generating "compliance fatigue", not to mention sometimes contradicting audit reports related to similar controls, That often translates into substantial costs for those service providers

The idea behind the MPRF is to provide a unified method of systematic and consistent activities with the goal of minimizing the burden of obtaining certification "Y" for a CSP, once it has already obtained certification "X". The MPRF’s purpose is, therefore, to use and promote a comparison analysis between different security frameworks, standards,
and best practices.

Listen as Damir Savanovic; Senior Analyst & Researcher; CSA and project manager for the EU-SEC project discusses this exciting evolution of the compliance eco-system and how it promises to change how we approach security assessments in the near future.