SlideShare uma empresa Scribd logo
1 de 12
Baixar para ler offline
How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue
SCF Founder & SureCloud’s VP of Product
26th January 2021
Speakers
Tom Cornelius: SCF’s Founder & Contributor
Alex Brown: SureCloud's VP of Product
*Secure Controls Framework (SCF)
Compliance programs…
Regulations Laws Standards
Policies Requirements Rules
…come from a
number of angles
Compliance programs…
Regulations
Laws
Standards
Policies Requirements
Rules
…overlap and pull in
different directions
Compliance programs…
Regulations
Laws
Standards
Policies
Requirements
Rules
Compliance
…how do you bring
them together?
• Align Regulations and Standards?
Identify and align multiple overlapping
requirements and obligations
• Reduce Compliance burden?
Remove silos, consolidate programs,
become more proactive
Using SureCloud with the Secure Controls Framework helps to…
…identify and resolve overlapping requirements
• SCF metaframework control content
• Pre-mapped across 110+ regulations and standards
Using SureCloud with the Secure Controls Framework helps to…
…reduce the compliance burden
• SureCloud solution to operationalize, consolidate and oversee
multiple compliance programs
• SCF built-in maturity model; help to build minimum
requirements
DEMO
Is the Secure Controls Framework (SCF) – the right choice for you?
How might I adopt a metaframework if I already use an internal
framework?
Practical steps to implement a metaframework into your existing
program
1
2
3
4
5
6
7
Develop a vision, mission and strategy for your organization
Adopt appropriate cybersecurity and privacy principles
Develop policies, standards and procedures
Identify a target maturity state
Implement appropriate controls
Use controls to assess risk and maturity
Metricize control execution
Carry on your education and get in touch!
www.securecontrolsframework.com
www.surecloud.com
learnmore@surecloud.com
- @SureCloud
Alex Brown
Tom Cornelius

Mais conteúdo relacionado

Semelhante a How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue

DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...Turja Narayan Chaudhuri
 
Adopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceAdopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceKevin Hakanson
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps TransformationMichele Chubirka
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationAlgoSec
 
DevOps Implementation Roadmap
DevOps Implementation RoadmapDevOps Implementation Roadmap
DevOps Implementation RoadmapSofiaCarter4
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Amazon Web Services
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cyclevulsec123
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)Denim Group
 
sdlc- introduction.pptx
sdlc- introduction.pptxsdlc- introduction.pptx
sdlc- introduction.pptxBhavsarAnsh
 
DevOps for dummies study sharing - part II
DevOps for dummies study sharing - part IIDevOps for dummies study sharing - part II
DevOps for dummies study sharing - part IIChen-Tien Tsai
 
Deconstructing the scaled agile framework - Lunch and Learn series
Deconstructing the scaled agile framework - Lunch and Learn seriesDeconstructing the scaled agile framework - Lunch and Learn series
Deconstructing the scaled agile framework - Lunch and Learn seriesAngela Dugan
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCruzIbarra161
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guideKaty Slemon
 
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfIMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfudayabhaskar42
 

Semelhante a How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue (20)

DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
 
Adopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceAdopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with Confidence
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
 
Selecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organizationSelecting the right security policy management solution for your organization
Selecting the right security policy management solution for your organization
 
Devops
DevopsDevops
Devops
 
DevOps Implementation Roadmap
DevOps Implementation RoadmapDevOps Implementation Roadmap
DevOps Implementation Roadmap
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
 
Information Security Life Cycle
Information Security Life CycleInformation Security Life Cycle
Information Security Life Cycle
 
DevOps Presentation.pptx
DevOps Presentation.pptxDevOps Presentation.pptx
DevOps Presentation.pptx
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
 
sdlc- introduction.pptx
sdlc- introduction.pptxsdlc- introduction.pptx
sdlc- introduction.pptx
 
DevOps for dummies study sharing - part II
DevOps for dummies study sharing - part IIDevOps for dummies study sharing - part II
DevOps for dummies study sharing - part II
 
Deconstructing the scaled agile framework - Lunch and Learn series
Deconstructing the scaled agile framework - Lunch and Learn seriesDeconstructing the scaled agile framework - Lunch and Learn series
Deconstructing the scaled agile framework - Lunch and Learn series
 
Devops
DevopsDevops
Devops
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
 
Adopting Salesforce DX
Adopting Salesforce DXAdopting Salesforce DX
Adopting Salesforce DX
 
Salesforce cicd integration a quick guide
Salesforce cicd integration a quick guideSalesforce cicd integration a quick guide
Salesforce cicd integration a quick guide
 
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfIMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
 

Último

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 

Último (20)

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 

How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue

  • 1. How to Implement a Metaframework to Help Avoid Compliance Mistakes and Fatigue SCF Founder & SureCloud’s VP of Product 26th January 2021
  • 2. Speakers Tom Cornelius: SCF’s Founder & Contributor Alex Brown: SureCloud's VP of Product *Secure Controls Framework (SCF)
  • 3. Compliance programs… Regulations Laws Standards Policies Requirements Rules …come from a number of angles
  • 6. • Align Regulations and Standards? Identify and align multiple overlapping requirements and obligations • Reduce Compliance burden? Remove silos, consolidate programs, become more proactive
  • 7. Using SureCloud with the Secure Controls Framework helps to… …identify and resolve overlapping requirements • SCF metaframework control content • Pre-mapped across 110+ regulations and standards
  • 8. Using SureCloud with the Secure Controls Framework helps to… …reduce the compliance burden • SureCloud solution to operationalize, consolidate and oversee multiple compliance programs • SCF built-in maturity model; help to build minimum requirements
  • 10. Is the Secure Controls Framework (SCF) – the right choice for you? How might I adopt a metaframework if I already use an internal framework?
  • 11. Practical steps to implement a metaframework into your existing program 1 2 3 4 5 6 7 Develop a vision, mission and strategy for your organization Adopt appropriate cybersecurity and privacy principles Develop policies, standards and procedures Identify a target maturity state Implement appropriate controls Use controls to assess risk and maturity Metricize control execution
  • 12. Carry on your education and get in touch! www.securecontrolsframework.com www.surecloud.com learnmore@surecloud.com - @SureCloud Alex Brown Tom Cornelius

Notas do Editor

  1. Tom: Tom Cornelius currently serves as both the Senior Partner at ComplianceForge and Senior Director at the Secure Controls Framework (SCF) Council. The SCF was founded as a way to provide a free cybersecurity and privacy metaframework that businesses can use to help become both secure and compliant. He believes in knowledge being half the battle for organizations in grappling cybersecurity and data protection issues, where the SCF can be a crucial tool for an organization to clearly understand its necessary controls, based on its applicable statutory, regulatory and contractual obligations. Alex: Alex Brown oversees the definition and delivery of all SureCloud’s product solutions across both GRC and Cybersecurity. Alex previously held senior product management positions at US-based technology companies; Veritas Technologies and Symantec, where he helped bring numerous information management, software and SaaS, solutions to market across EMEA, the Americas and Asia Pacific.
  2. What are your biggest compliance headaches? Overlapping compliance requirements  Inconsistent documentation of controls Reporting on an organisational compliance status