Initial Experiences with Continuous Monitoring in the EU Cybersecurity Certification Scheme for Cloud Services

The upcoming EU Cybersecurity Certification Scheme for Cloud Services (EUCS) introduces several novelties, including the notion of continuous (automated) monitoring in several of its requirements for achieving a high assurance level certificate. Although these requirements fall short in fully defining a continuous auditing framework, they are a first step in that direction by considering what can be met with the cloud technology available today.
By acknowledging the technological and organizational challenges for CSPs associated with the notion of continuous monitoring in EUCS, this presentation will discuss our practical experiences in implementing and auditing such EUCS requirements.

Lernziele

Attendees will familiarize with the upcoming EU Cybersecurity Certification Scheme for Cloud Services (EUCS) being developed by ENISA (EU Agency for Cybersecurity), in particular with its technological impact for CSPs and Conformance Assessment Bodies. Furthermore, attendees will get a first glance on the challenges faced by of our initial implementation of the automation-related requirements from EUCS, along with our recommended good practices.

Speaker

 

Jesus Luna Garcia
Jesus Luna Garcia works since 1995 in the field of cybersecurity with both public and private sector organizations in America and Europe. He holds a PhD degree in Computer Architecture from the ”Technical University of Catalonia” (UPC, Spain 2008) and was a postdoctoral researcher on cybersecuritywith the CoreGRID Network of Excellence (Greece/Cyprus, 2008-2009). Jesus Luna has co-authored more than 50 cybersecurity-related publications including scientific papers, ISO/IEC and NIST standards, and a patent. He previously worked as research director for the Cloud Security Alliance EMEA (U.K.), and PKI manager with the Central Bank of Mexico. Currently, he works for Robert Bosch GmbH (Germany) leading topics related to cloud and AI security governance. Since 2019 he is member of the ENISA working group developing the upcoming EU Cybersecurity Certification Scheme for Cloud Services (EUCS). His topics of interest include cybersecurity certification, AI security, and security automation.


Gold-Sponsoren

Advisori
IBS Schreiber
protiviti
ONETrust

Silber-Sponsoren

Diligent
Vasgard

Medienpartner

IT-Governance



IT-GRC-Kongress Newsletter

Sie möchten über den IT-GRC-Kongress
auf dem Laufenden gehalten werden?

 

Anmelden