I am doing industry analysis on Public Cloud Risk Management and looking for the related information, for example, what are the key unique risks related to public cloud computing and how public cloud risks fit into overall enterprise risk management framework, (e,g, risk categories or subcategories to be used for managing public cloud risks)?

CloudSecurity & GRC
414 views8 Comments
Sort By:
Oldest
VP of IT2 months ago
There is wealth of information on this subject at Saudi Arabia National Cybersecurity Agency (NCA) but in Arabic that you might need to translate to English

https://nca.gov.sa/ar/regulatory-documents/controls-list/179/
1 Reply
Director of Information Security in Banking2 months ago

Thanks

VP of IT2 months ago
1. There is no ownership of the environment.
2. There is no physical separation of the hardware.
3. Physical security control is not visible.
4. Insider threats.
5. Data privacy and compliance.
6. Data loss and recovery (we faced this in our previous experience).
1 Reply
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director of Information Security in Banking2 months ago

Thank you, @, for your insight. We did include the above in our consideration and now we are thinking to map the above to risk taxonomy, for example, isolation failure for #2 and insider risk for #3 etc. And eventually we also like to map all the cloud risk taxonomies to some enterprise risk categories, for example, technology risk, operational risk, data risk, or cyber security risk. Any insight from this perspective?

CISO in Manufacturing2 months ago
You can also have a look at OWASP Cloud Architecture Security Cheat Sheet (https://cheatsheetseries.owasp.org/cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet.html#cloud-architecture-security-cheat-sheet) or CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices (https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-and-nsa-release-cybersecurity-information-sheets-cloud-security-best-practices)
1 Reply
Director of Information Security in Banking2 months ago

Thank you, Alexander

Head of Information/Cyber Security2 months ago
 I would like to recommend leveraging the guidelines outlined in the NIST Special Publication 800-144.

NIST SP 800-144 provides comprehensive recommendations and best practices tailored for securing data and systems in public cloud environments. It covers essential topics such as risk management frameworks, security controls, data protection strategies, and compliance considerations specific to cloud computing.

You can access the full document directly via this link:

https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-144.pdf

Implementing these guidelines will help us align our cloud security strategy with industry standards and regulatory requirements, ensuring robust protection of our data assets while maximizing the benefits of cloud adoption.
1 Reply
Director of Information Security in Banking2 months ago

Thanks, Viral

Content you might like

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Palantir Foundry
3
Read More Comments
11.7k views13 Upvotes49 Comments

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.2k views2 Upvotes4 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes