Who is CDSA, and why are we leading a risk management solution for the M&E Industry?
CDSA is the leading security organization spanning Media & Entertainment that brings our community of thought leaders and associated ecosystem businesses together by facilitating events, working committees, and tools…such as the CDSA App & Cloud Assessment Program. It is addressing the convergence of Content Security, Info Security, and Physical Security issues and teams that are all focused on risk identification and mitigation, along with a new comprehensive Security Framework that establishes standards, best-practices, and configuration guidelines for how the tools, infrastructures, and workflows of our industry can be most securely leveraged while still empowering the creativity and flexibility that is at the core of our industry.
What is the CDSA App & Cloud?
CDSA App & Cloud Assessment Program is a comprehensive security program that includes the Digital Tools and Infrastructure to the ability to manage risk against best practices and a Security Framework. It recognizes that content workflows have now become increasingly virtualized, application and cloud based, that security aspects and associated threats are increasing and dynamic, and is impacting the entire Media & Entertainment industry (not just the major film studios).
How does the CDSA App & Cloud Assessment Program address escalating content security threats?
One of the principles of CDSA App & Cloud is that the threats to the M&E Industry are constantly evolving, and is designed to reflect that dynamic nature. We are integrated with the M&E ISAC (the US Government/Private link for dissemination of real-time threat data), and will be linking that threat information with the key systems, tools, and workflows of our industry so that we can have immediate understanding of the changing risk profile, and associated mitigation responses.
Are there any precedents for such a program?
Yes, although this is the second such integrated threat/risk system for the Media and Entertainment. It builds on other industries (Finance, Healthcare, IT) that have similar such initiatives that have raised the levels of effectiveness and efficiency of their overall industry security.
What is the relationship to the TPN content protection program?
Although CDSA App and Cloud and TPN are both working to improve content security throughout the industry, the two initiatives are independent and not related.
Will content owners still be conducting their own assessments?
One of the primary objectives of the CDSA App & Cloud Assessment Program is to establish a clear and broad set of security elements that would satisfy all or the vast majority of content owner requirements…and why these content owners have been so involved in its creation. Content owners would like to dramatically reduce the level of independent assessments they are doing, as would the partners being assessed…and get to a single assessment approach that satisfies most if not all of the key risk areas.
What are the benefits for vendors in the CDSA App & Cloud Assessment Program?
The CDSA App & Cloud program provides a number of benefits to vendors, including:
- Promote their high security/low risk to the industry and their customers
- One assessment that should satisfy the majority of content owner requirements
- Understanding of the risks and real-time threats against operations they have
What are the benefits for content owners in the CDSA App & Cloud Assessment Program?
The CDSA App & Cloud program provides a number of benefits to content owners, including:
- Clear understanding of static and dynamic risks across their entire end-2-end supply chains
- Comprehensive and clear set of security rules and guidelines – and associated assessments – for the entire industry.Promote their high security/low risk to the industry and their customers
- Reduced need for that content owner to maintain independent assessment programs.
- Make it easy for their internal stakeholders to understand the risks in their workflow and vendor choices
Who are the CDSA App & Cloud Qualified Assessors?
Qualified Assessors undergo a strict review and approval process as to their expertise in evaluating against the CDSA A&C Security Framework. Anyone needing a qualifying assessment will use the CDSA A&C online platform to fill out some initial information, chose an assessor, and engage on the assessment.
Who pays for the CDSA App & Cloud assessments?
Assessment fees are underwritten by the vendor, app developer, or cloud provider in order to determine their level of security risk mitigation against the CDSA A&C security framework. This single industry-wide assessment will provide a foundation for their M&E customers to understand their risk profile, their status in any remediation work, and configuration guidelines in how to implement and use their product or services securely.
How much does a CDSA A&C assessment cost?
The cost of an assessment is negotiated, on a case-by-case basis, between the CDSA A&C Qualified Assessor Company and the vendor/provider making the assessment request. The CDSA has no control of the pricing models of individual assessors and/or their firms but is open for feedback as to what would help make the program better, including any concerns with their Qualified Assessor Companies.
How frequent are the CDSA A&C assessments?
Due to the dynamic nature of the security landscape and the ongoing development and refinement of security controls, CDSA A&C assessments renew annually. We also have dynamic risk/threat data that can help us understand if there are new threats against an existing and assessed facility/app/cloud solution.
How does a vendor get their information published in the CDSA App & Cloud Assessment Program directory?
Once enrolled in the CDSA A&C Program, the vendor/app/cloud provider will have their company information, along with any authorized supporting assessment materials, published in the CDSA App and Cloud vendor roster. In the future, CDSA A&C will also provide a top-level sense of risk on its Risk Dashboard.
Who gets to see the CDSA App & Cloud Assessment Report?
The detailed Assessment Report will be made available to the party being assessed, the party paying for the assessment, and the Qualified Assessor. Summarized views of assessment status and risk (but no details) will be available to content producers that are members of the CDSA App & Cloud Assessment Program, as well as our internal quality assurance experts. No other vendors, competitors or otherwise, will be able to see your assessments or any information contained within. Additionally, as a supplier or tool partner and funded your assessment, you may share your detailed Assessment Report with anyone you wish.
Can I “fail” a CDSA App & Cloud assessment?
The CDSA A&C assessment does not provide a “pass/fail”, but rather a comprehensive determination against the CDSA A&C Security Framework. The assessment will determine whether the Framework requirements are met or not, and whether any remediation work needs to be done to satisfy them.
Does the CDSA App & Cloud Assessment Program substitute for ISO or other standards bodies?
The CDSA A&C assessment and credential is designed to be the benchmark for the Media & Entertainment industry’s handling of content across all phases of the supply chain, including all of the application, cloud, and other infrastructure and tools that are a core part of creation and distribution. In developing our Security Framework, we leverage other standards such as ISO. If you have completed an ISO or other standard industry audit, the CDSA A&C will accept those audits and focus on the specific areas areas not covered by those other assessments.
When does this all happen?
The CDSA App & Cloud Assessment Program initially launched on July 1st, 2021 and will be adding capabilities each quarter. In addition, there is a beta program where new features are fine-tuned before formal production release. If interested, click here to request an assessment.
Where can I find out more?
Contact CDSA for more information at [email protected]