Key Resources

1) Main Cloud Security Standards Frameworks, Guidelines & Best Practices

• CIS (Center for Internet Security)
• CSA Security Guidance
• CSA CCM (Cloud Controls Matrix)
• CSA CAIQ (Cloud Consensus Assessments Initiative Questionnaire)
• ENISA Cloud Security Risks
• NIST CSF (Cyber Security Framework)
• NIST SP 800-53
• NIST SP 800-144
• NIST SP 800-145
• NIST SP 800-146
• OWASP Top 10
• UK G-Cloud
• UK Cloud Security Principles

2) Top 5 Vendor-Neutral Cloud Security Certifications for individuals in 2017

• CCSK (Certificate of Cloud Security Knowledge)
• CCSP (Certified Cloud Security Professional)
• Certified Integrator Secure Cloud Services
• CompTIA Cloud+
• Professional Cloud Security Manager

3) Main Security Certifications/Attestations for Cloud platforms/services

• C5 (Germany)
• CSA STAR (Security, Trust & Assurance Registry)
• FedRAMP
• FIPS 140-2
• K-ISMS (Korea)
• MTCS (Singapore)
• ISO 22301
• ISO 27001
• ISO 27017
• ISO 27018
• NIST 800-171
• PCI-DSS
• SecNumCloud (France)
• SOC 1 Type 2
• SOC 2 Type 2
• SOC 3
• UK Cyber Essentials Plus

4) Main relevant Laws & Regulations for Cloud platforms/services

• China CyberSecurity Law
• EU Model Clauses
• EU-US Privacy Shield
• EU GDPR
• EU NIS Directive
• GLBA
• HIPAA
• India MeitY Cyber Laws
• ITAR
• PDPA (Argentina)
• PDPA (Singapore)
• PIPEDA (Canada)
• Privacy Act (Australia)
• Privacy Act (New Zealand)