This is the discussion thread for the Security Control Sub-Categories of the Cloud Service Evaluation Handbook.  Those sub-categories are:
  • Access Control and Privilege Management
  • Data Integrity, Privacy and Loss
  • Physical and Environmental
  • Proactive Threat and Vulnerability Management
  • Retention and Disposition
The metrics for each sub-category depend on the security standard(s) you are using.  See the CSEH for how to use those controls as useful metrics in our framework.

Please share your feedback and experiences!
Quote 0 0