Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Mark Nunnikhoven Profile picture
Mark Nunnikhoven
@marknca
Security @Amazon. Focusing help helping everyone better understand security & privacy 🐘: @marknca@infosec.exchange 🧑‍💻: Tweets my own

Aug 24, 2021, 15 tweets

new thread to cover, “Governance, Risk, & Compliance”

@awscloud #reinforce

Anil starts things off with compliance landscape…

@awscloud #reinforce

lots of different legislation out there around data protection and #privacy. combined with a push to the cloud, lots of change in a traditionally slow area of GRC

@awscloud #reinforce

perfect example: compliance and audit struggles to keep up << I’ve had a ton of “those” conversations with auditors over the past decade

@awscloud #reinforce

honestly, this is a critical subject but it’s super, super dry material. Anil is doing a solid job…this cannot be easy without an audience to draw some energy from

@awscloud #reinforce

here’s the leadership session on GRC (governance, risk, and compliance) from the last @awscloud #reinforce

a good talk again from the original @awscloud #reinforce, “Aligning to the NIST Cybersecurity Framework in the AWS Cloud”, << shows AWS in line with NIST’s CSF

Anil is starting into 6 lessons learned when building out the GRC program at @awscloud

#reinforce

first up, “Fail fast”

in 2010, @awscloud needed to get ISO 27001 certification. lots of gaps but they didn’t let that stop them. did the assessment and used it as a map to remediate

@awscloud #reinforce

2nd lesson: engineer audits for engineers << ties to the overall theme of building a #security culture

@awscloud #reinforce

@awscloud #reinforce

it’s interesting to hear to the challenges of auditing @awscloud given the rate of change, the complexity of the environment, and the, um, sturdiness of the audit process?

…ok, not sturdy. inflexible…obtuse…stagnant?

@awscloud #reinforce

👆 highlights the need for specialized auditors

this talk gives you a glimpse at the need for the Cloud Audit Academy, aws.amazon.com/compliance/aud…

@awscloud #reinforce

perspective on efficiency of pulling evidence for audits

@awscloud #reinforce

got pulled into another issue, didn’t see th last of the GRC session.

watching Eric Brandwine’s session on a culture of security now...

@awscloud #reinvent

👇

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling