All Articles

All Articles
Critical Controls for Oracle E-Business Suite

Blog Published: 06/11/2021

Written by Mike Miller, OnapsisOver the past months, cyber threat activity has increased to unprecedented levels, with threat actors expanding their capabilities to target critical infrastructure and mission-critical applications. From hacktivists to cyber-criminals and state-sponsored, these act...

How to Enhance GRC Program Collaboration in Your Organization

Blog Published: 06/10/2021

This blog was originally published by OneTrust GRC here. When it comes to Governance, Risk, and Compliance (GRC), understanding the integrated risk management responsibilities for each internal and external stakeholder isn’t just a best practice. It’s a critical component to preparing for and ...

Cloud Security Alliance New Telehealth Risk Management Guidance to Help Ensure Privacy and Security of Patient Information

Press Release Published: 06/10/2021

Paper analyzes concerns in each phase of the data lifecycle and presents suggested mitigation strategiesSEATTLE – June 10, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud c...

Why Is Cybersecurity Critical in Protecting Infrastructure?

Blog Published: 06/09/2021

Written by Angela Stone, Content Creator, Eleven Fifty AcademyCybersystems, assets, and physical infrastructure are vital to the economy of a country. Destroying or incapacitating infrastructure and cyber systems can have a devastating impact on the economy. Industries such as the oil and gas ind...

Real-Time Security Metrics: Insights Every Risk Management Team Should Monitor

Blog Published: 06/08/2021

This blog was originally published by OneTrust GRC here. There is one thing that businesses of all sizes, industries, and sectors have in common – they face a wide range of risk management threats. Specifically, retail, finance, hospitality, government, manufacturing, and healthcare industries...

The STAR Certification Journey

Blog Published: 06/08/2021

The CSA STAR Program is a powerful tool for security assurance in the cloud. It encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. The CSA Securit...

Final Versions of Standard Contractual Clauses Adopted!

Blog Published: 06/07/2021

Three years after the General Data Protection Regulation (GDPR) came into effect, the European Commission has issued the much-awaited final version of two new sets of Standard Contractual Clauses that are expected to enable data controllers and processors to address some of the thorny issues in t...

Cloud Security Alliance Emphasizes Accountability and Transparency with Consensus Assessment Initiative Questionnaire (CAIQ) v4

Press Release Published: 06/07/2021

New features allow for a deeper understanding of Shared Security Responsibility Model, increase value for cloud service providers and customersSEATTLE – June 7, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best pra...

CAIQ v4 Released - Changes from v3.1 to v4

Blog Published: 06/07/2021

Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4 of the CAIQ, and what you can expect when using it to submit to the STAR registry. CCM V4 represents a major ...

7 Simple but effective tactics to protect your website against DDoS attacks in 2021

Blog Published: 06/04/2021

Written by Tars Geerts, from Mlytics Intro Experts believe that the total number of DDoS attacks will double from the 7.9 million seen in 2018 to over 15 million by 2023. One of the reasons for this significant increase is that DDoS attacks are quite easy to pull off, making them very appeali...

CCSK Success Stories: From a Quality Security Consultant

Blog Published: 06/03/2021

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage k...

How CSPs Can Make the Security and Compliance Evaluation Process Easier for Financial Institutions

Blog Published: 06/02/2021

This blog was originally published by Oracle hereOracle author: Maywun Wong, Director, Product MarketingContributed by: Steven D'Alfonso, Research Director, IDC Financial InsightsSo, you have finally decided to move applications to the cloud. But your board's risk committee wants assurance that s...

President Biden’s Cybersecurity Executive Order: What will it mean for you?

Blog Published: 06/01/2021

This blog was originally published by OneTrust here.On May 12, US President Joe Biden issued an executive order on cybersecurity seeking to improve the state of national cybersecurity in the US and to increase protection of government networks following incidents involving SolarWinds and more rec...

CCAK Testimonials: From a Cybersecurity Principal

Blog Published: 05/28/2021

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical educat...

Introducing the COVID-19 Data Science Dashboard Case Study

Blog Published: 05/27/2021

Written by Samir Souidi, Cloud Security Alliance - New Jersey ChapterSince the beginning of the COVID-19 outbreak, cloud-enabled and open-access health data resources have been created and provided by federal agencies and public and private entities. These initiatives have accelerated the adapta...

With Great Power Comes Great Responsibility: The Challenge of Managing Healthcare Data in the Cloud

Blog Published: 05/26/2021

By Jon Moore, MS, JD, HCISSP, Chief Risk Officer and Head of Consulting Services, Clearwater Seeking flexibility, scalability, and cost savings, an increasing number of healthcare organizations are moving systems and data to the Cloud. This trend is accelerating, fueled by increased adoption of ...

Cloud lateral movement: Breaking in through a vulnerable container

Blog Published: 05/25/2021

This blog was originally published by Sysdig hereWritten By Stefano Chierici, SysdigLateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach?What often happens in famous attacks to Cloud environment...

Five Approaches for Securing Identity in Cloud Infrastructure

Blog Published: 05/20/2021

Written by Shai MoragAs clouds have drifted into the mainstream of business, it has become clear that they offer numerous advantages. They streamline processes, cut costs and create new ways to work. In some cases, the benefits are transformative. However, there’s a dark side to the public cloud,...

Application Security is Getting Worse, not Better

Blog Published: 05/19/2021

This blog was originally published by CyberCrypt here.There’s an app for everything, and hackers and thieves are taking advantage. What are enterprises doing about it? Not enough.Web and mobile application use has exploded in recent years as businesses have digitized and moved more of their opera...

Cloud Security Alliance Announces CxO Trust Initiative to Elevate Cloud and Cybersecurity Knowledge Among Executives

Press Release Published: 05/18/2021

Exclusive global community, publicly available research and education are features of programSEATTLE – May 18, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing env...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.