Skip to content

Commit

Permalink
fixing links and the typo
Browse files Browse the repository at this point in the history
  • Loading branch information
smendis-scottlogic committed Oct 15, 2024
1 parent 48b022e commit 0564a49
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions _posts/2024-09-23-intro-finos-ccc.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,13 +61,13 @@ Disaster recovery and data backup solutions are another key benefit, as cloud pl

## Timeline and Contributors

**On July 27, 2023, in New York,** [FINOS announced the formation](https://www.linuxfoundation.org/press/finos-announces-open-standards-project-for-financial-services-common-cloud-controls) of an open standard project, based upon an approach developed by FINOS Platinum Member Citi, to describe consistent controls.
**On July 27, 2023, in New York,** [FINOS announced the formation of an open standard project, to describe consistent controls](https://www.linuxfoundation.org/press/finos-announces-open-standards-project-for-financial-services-common-cloud-controls), based upon an approach developed by FINOS Platinum Member Citi.

In conjunction with the announcement of formation, **Jim Adams**, *CTO and Head of Technology Infrastructure* at Citi, the world’s fifth largest bank, stated,

> “There is a need for a Cloud Standard that will improve certain security and control measures across the Financial Services industry, whilst simplifying and democratizing access for all institutions to operate and benefit by leveraging the public cloud. It is important to collaborate with our peers to ensure consistency across cloud service providers, ensuring the industry can realize true multi-cloud strategies”.
**On October 24, 2023, in Las Vegas,** [FINOS announced the open sourcing](https://www.finos.org/press/finos-announces-open-sourcing-common-cloud-controls) of FINOS Common Cloud Controls (FINOS CCC) under the Community Specification License.
**On October 24, 2023, in Las Vegas,** [FINOS announced the open sourcing of FINOS Common Cloud Controls (FINOS CCC)](https://www.finos.org/press/finos-announces-open-sourcing-common-cloud-controls) under the Community Specification License.

The project, seeded by Citi and approved in July by the FINOS Governing Board, has quickly garnered participation from over 20 leading financial institutions, cloud service providers and technology vendors. Some key member organizations involved in the formation and development of the project include Citi, Bank of Montreal (BMO), Goldman Sachs, JPMorgan, Morgan Stanley, Royal Bank of Canada (RBC), Deutsche Bank, London Stock Exchange Group (LSEG), Natwest, Google Cloud, Microsoft, NIST, Red Hat, Symphony, ControlPlane, GitHub, GitLab, and Scott Logic.

Expand Down Expand Up @@ -146,7 +146,7 @@ mitre_technique:
- T1027 # Obfuscated Files or Information
</code></pre>

Let’s examine the threat `CCC.TH01` in the file [`common-threats.yaml`](https://github.com/finos/common-cloud-controls/blob/main/services/common-threats.yaml). This highlights the potential risk where attackers exploit access control to gain high privilege access to data. This is identified as a common threat but applicable to object storage. Hence listed under `common_threats` section in the file [`threats.yaml`](https://github.com/finos/common-cloud-controls/blob/main/services/storage/object/threats.yaml) under object storage. This particular threat is also linked to few specific threat in MITRE ATT&CK framework under the IDs [`T1078`](https://attack.mitre.org/techniques/T1078/), [`T1548`](https://attack.mitre.org/techniques/T1548/), [`T1203`](https://attack.mitre.org/techniques/T1203/), [`T1098`](https://attack.mitre.org/techniques/T1098/), [`T1484`](https://attack.mitre.org/techniques/T1484/), [`T1546`](https://attack.mitre.org/techniques/T1546/), [`T1537`](https://attack.mitre.org/techniques/T1537/), [`T1567`](https://attack.mitre.org/techniques/T1567/), [`T1048`](https://attack.mitre.org/techniques/T1048/), [`T1485`](https://attack.mitre.org/techniques/T1485/), [`T1565`](https://attack.mitre.org/techniques/T1565/), [`T1027`](https://attack.mitre.org/techniques/T1027/), which discuss data and access manipulation. This threat is also mapped to a specific feature within the standard identified as `CCC.F06` with the title **Identity Based Access Control** which we will explore later.
Let’s examine the threat `CCC.TH01` in the file [`common-threats.yaml`](https://github.com/finos/common-cloud-controls/blob/main/services/common-threats.yaml). This highlights the potential risk where attackers exploit access control to gain high privilege access to data. This is identified as a common threat but applicable to object storage. Hence listed under `common_threats` section in the file [`threats.yaml`](https://github.com/finos/common-cloud-controls/blob/main/services/storage/object/threats.yaml) under object storage. This particular threat is also linked to few specific threats in MITRE ATT&CK framework under the IDs [`T1078`](https://attack.mitre.org/techniques/T1078/), [`T1548`](https://attack.mitre.org/techniques/T1548/), [`T1203`](https://attack.mitre.org/techniques/T1203/), [`T1098`](https://attack.mitre.org/techniques/T1098/), [`T1484`](https://attack.mitre.org/techniques/T1484/), [`T1546`](https://attack.mitre.org/techniques/T1546/), [`T1537`](https://attack.mitre.org/techniques/T1537/), [`T1567`](https://attack.mitre.org/techniques/T1567/), [`T1048`](https://attack.mitre.org/techniques/T1048/), [`T1485`](https://attack.mitre.org/techniques/T1485/), [`T1565`](https://attack.mitre.org/techniques/T1565/), [`T1027`](https://attack.mitre.org/techniques/T1027/), which discuss data and access manipulation. This threat is also mapped to a specific feature within the standard identified as `CCC.F06` with the title **Identity Based Access Control** which we will explore later.

<pre style="margin-inline: 0; margin-block: 1.5rem"><code>
id: CCC.ObjStor.TH02 # Improper enforcement of object modification locks
Expand Down

0 comments on commit 0564a49

Please sign in to comment.