SPECS mentioned in latest ETSI CSC Security report
The efforts our SPECS project is doing in the field of Cloud security SLAs and metrics (through the CSA wg) are being referenced by ETSI CSC in their latest Security and Interoperability report.
From the report:
“The Cloud Service Level Agreement (and/or contract4) between the CSC and the CSP should define the obligations of the CSP in terms of security and data protection. Standardized metrics defined with an interoperable language are required to express the level of security and data protection. As of mid 2015 these standardized metrics do not exist yet. However, there are metrics available defined and used in European projects like, e.g., metrics for data protection in OPTIMIS, or metrics for Security Level Agreements, as currently being developed in the European project SPECS project together with a working group of the Cloud Security Alliance, or the related terminology proposed by the NIST RATAX working group (and also being adopted by ISO/IEC SC38 for the 19086-2 standard).”