CSA Security Update

A case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost.

John DiMaria; Assurance Investigatory Fellow

The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks, and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publicly available to all clients.

Join us as we interview Chris Dixon; Governance, Risk & Compliance Manager at TokenEx  and listen as he takes us on their journey utilizing the CCM and STAR including 

  • What problems does it solve or how did it help mitigate risk?
  • How has using the CCM helped Tokenex reach some of its security targets?
  • What are the major benefits?

https://cloudsecurityalliance.org/star/