Cloud 101CircleEventsBlog
Call for Presentations: Share your expertise at SECtember.ai 2024! Submit your proposals by June 28th.

All Articles

All Articles
SEC Clarifies Rules on Disclosure of Cybersecurity Incidents: Here’s What You Need to Know

Blog Published: 06/25/2024

Originally published by BARR Advisory.The Securities and Exchange Commission (SEC) recently published updated guidance for public companies on how and when to disclose cybersecurity incidents.Issued as a follow-up to new rules adopted by the commission last year, the updated guidance is intended ...

CSPM vs ASPM – What’s the Difference?

Blog Published: 06/24/2024

Written by Josh Dreyfus, Director of Product Marketing, ArmorCode.The software security space moves fast, and new acronyms pop up like weeds. Many of them sound similar, even if they do very different things. Take CSPM (Cloud Security Posture Management) and ASPM (Application Security Posture Man...

Dmitri Alperovitch’s Vision for Cyber Defense

Blog Published: 06/24/2024

Originally published by Automox.Episode SummaryIn this episode of the CISO IT podcast, host Jason Kikta interviews Dmitri Alperovitch, author of the book 'World on the Brink' and chairman of Automox's board. They discuss the evolution of IT and cybersecurity over the past few decades, the importa...

Do SOC 2 and ISO 27001 the Right Way with CSA STAR

Blog Published: 06/21/2024

At the CSA Cloud Trust Summit 2024, CSA’s CEO Jim Reavis gave the presentation “Do SOC 2 and ISO 27001 the right way with CSA STAR.” In this condensed transcript of the presentation, Jim provides an overview of the SOC 2 and ISO 27001 frameworks and how they relate to the CSA STAR program. You ca...

AI Resilience & Diversity

Blog Published: 06/20/2024

Written by Dr. Chantal Spleiss, Co-Chair of the CSA AI Governance and Compliance Working Group. Resilience is often thrown around as a buzzword, but its true definition can be quite elusive. In this blog, I'll explore the three pillars of AI resilience: robustness, resilience, and plasticity. ...

EU AI Act Introduces Unique Tiered System for Risks

Blog Published: 06/20/2024

Originally published by Truyo.With the full text of the EU AI Act made public, Truyo President Dan Clarke read through the Act in its entirety to identify key elements that will be crucial to compliance for organizations in scope. The Act includes the conventional components of transparency, priv...

PCI DSS for Security Leaders – How to Take a Proactive Approach

Blog Published: 06/20/2024

Originally published by Schellman.If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.No one wants to hear, “I’m put...

Unified Cybersecurity Language: Optimizing Risk and Compliance Terms for Collaborative Security

Blog Published: 06/18/2024

Originally published by RegScale.Written by Dave Schmoeller.Kickoff: Navigating the Cybersecurity Language LandscapeImagine the chaos when a cybersecurity breach puts data at risk, and departments are left in a scramble. Cybersecurity tags the event a ‘security incident,’ Risk counters with a ‘da...

New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware

Blog Published: 06/18/2024

Originally published by Uptycs. Written by Shilpesh Trivedi and Nisarga C M. The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection, upon discovery, the team promptly initiated an in-depth analysi...

5 ChatGPT Jailbreak Prompts Being Used by Cybercriminals

Blog Published: 06/17/2024

Originally published by Abnormal Security.Written by Daniel Kelley.Since the launch of ChatGPT nearly 18 months ago, cybercriminals have been able to leverage generative AI for their attacks. As part of its content policy, OpenAI created restrictions to stop the generation of malicious content. I...

5 Best Practices to Secure AWS Resources

Blog Published: 06/17/2024

Originally published by CrowdStrike.Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses...

CSA Community Spotlight: Leading Critical Discussions with Vishwas Manral

Blog Published: 06/14/2024

Celebrating our 15th anniversary this year, CSA stands as the premier authority in promoting and defining best practices for a secure cloud computing environment. Since its inception in 2009, CSA has grown to offer an extensive array of frameworks, research publications, assurance programs, train...

Mastering Zero Trust Security in IT Operations

Blog Published: 06/14/2024

Originally published by Automox.Written by Landon Miles.If you’re unaware that cyber threats are becoming more sophisticated and frequent, you probably don’t work in IT. Unfortunately, the traditional "trust but verify" approach to cybersecurity just isn’t adequate anymore. A Zero Trust security ...

From the Trenches: A CISO's Guide to Threat Intelligence

Blog Published: 06/13/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Let's face it, our jobs as CISOs are a constant dance with the shadows. We fight invisible enemies, anticipate the next attack, and strive to stay one step ahead of ever-evolving threats. That's where thr...

Beyond Blind Trust: The Imperative of Zero Trust for Federal Agencies

Blog Published: 06/13/2024

Originally published by Synack.Written by Ed Zaleski. Director of Federal Sales for the Department of Defense, Synack.TL;DRZero trust cybersecurity principles require continuous monitoring and evaluation to ensure effectiveness.Implementing zero trust necessitates a significant overhaul of existi...

Discover CCSK v5: The New Standard in Cloud Security Expertise

Blog Published: 06/12/2024

Written by Martin Hall.Already trusted by thousands of companies and tens of thousands of cloud security professionals worldwide, the Certificate of Cloud Security Knowledge (CCSK) is the industry standard for cloud security expertise. And it's about to get even better. Based on input from our me...

What We Know About Vulnerability Exploitation in 2024 (So Far)

Blog Published: 06/12/2024

Originally published by Dazz.Written by Noah Simon, Head of Product Marketing, Dazz.In the world of security vulnerabilities, change is the only constant. There are always new CVEs, new exploits, and new threat actors. A recent study estimates that there will be a 25% increase in vulnerabilities,...

SASE and Zero Trust PAM: Why Enterprises Need Both

Blog Published: 06/12/2024

Written by StrongDM.Enterprise security and compliance teams must maintain constant awareness of all activities across their entire environment involving every user. Regulatory requirements, along with internally set policies and controls, demand thorough knowledge and understanding to effectivel...

What is Continuous Controls Monitoring & Its Impact on Cybersecurity?

Blog Published: 06/11/2024

Originally published by RegScale.Written by Dan Biewener.It’s 2024 and the rules have changed, literally. Late in 2023, the U.S. Securities and Exchange Commission (SEC) issued new requirements for cybersecurity disclosures. In addition to reporting material cybersecurity incidents within four da...

Risk Management in the Age of Artificial Intelligence: 9 Questions to Ask Your AI-Powered Vendors

Blog Published: 06/11/2024

Originally published by BARR Advisory.Artificial intelligence (AI) presents organizations across industries with the opportunity to streamline their workflows, better secure their systems, and solve some of the world’s most pressing issues. But while AI has the potential to offer huge benefits to...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.