On of the major problems we are going to face will probably be our divers legal/regulatory grounds.
A common ground that is
(a) sufficiently detailed / comprehensive on the one hand but
(b) agnostic to local or specific legal/regulatory provisions on the other hand
will be crucial to make any progress on common solutions IMO.
The best thing about this matrix is, that a 300 x 300 standardises Q&A catalogue is - via a matrix overview - linked to all relevant international and common security standards (e.g. NIST, NZISM, ISO, or e.g. from a Germany perspective even the requirements by the Federal Office of Information Security, etc.). Relying on this matrix, you can solve/answer a requirement once, but can link the solution to all kinds of standards' requirements, you might be faced with from different auditors.
I would be interested to hear, if you agree with me, that maybe this Matrix could help us to define our common legal/ regulatory ground as an international Financial User Group? Or if someone knows/ uses other tools / sources to solve the mentioned (a) + (b) contradiction.
On of the major problems we are going to face will probably be our divers legal/regulatory grounds.
A common ground that is (a) sufficiently detailed / comprehensive on the one hand but (b) agnostic to local or specific legal/regulatory provisions on the other hand will be crucial to make any progress on common solutions IMO.
Therefore I would like to ask if some member already knows / uses the Cloud Security Alliance Cloud Controls Matrix (CCM) 3.0.1 (latest release date: 11/12/2018) _(see: https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_overview)_.
The best thing about this matrix is, that a 300 x 300 standardises Q&A catalogue is - via a matrix overview - linked to all relevant international and common security standards (e.g. NIST, NZISM, ISO, or e.g. from a Germany perspective even the requirements by the Federal Office of Information Security, etc.). Relying on this matrix, you can solve/answer a requirement once, but can link the solution to all kinds of standards' requirements, you might be faced with from different auditors.
I would be interested to hear, if you agree with me, that maybe this Matrix could help us to define our common legal/ regulatory ground as an international Financial User Group? Or if someone knows/ uses other tools / sources to solve the mentioned (a) + (b) contradiction.