ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
Five Best Practices for PCI DSS Compliance in the Cloud

Blog Published: 06/14/2023

Originally published by Orca Security. Written by Vini Mostovoy and Deborah Galea. If your organization processes credit card payments, you are probably familiar with PCI DSS, a compliance mandate that was initially established in 2004. However, with the increasing adoption of cloud computin...

App Owners: Benefits of Externalizing Authentication & Authorization

Blog Published: 06/15/2023

Originally published by Strata. Written by Mark Callahan, Senior Director of Product Marketing, Strata. With cloud modernization, one of the most significant challenges for app owners is managing identity and authentication, which can divert attention from creating an exceptional product. For ...

Pentesting: The Missing Piece in Your Security Puzzle

Blog Published: 06/16/2023

Written by Alex Vakulov. Although not a recent invention, pentesting is a tool that is not understood by many in terms of when it is most effective and necessary. For some organizations, penetration testing is a means of responding to cyber-attacks; for others, it is a prevention mechanism. A...

CISA’s Zero Trust Maturity Model: An Important Step Forward in Implementing Zero Trust Security Principles

Blog Published: 06/20/2023

Written by Sean Connelly, Senior Cybersecurity Architect and John Simms, Security Architect, CISA. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an updated Zero Trust Maturity Model (ZTMM) to help organizations assess and improve their Zero Trust security postur...

SEC Cybersecurity Rules: How To Prepare For The Coming Changes Now

Blog Published: 06/21/2023

Originally published by Code42. Written by Carlos Carpio, Insider Risk Advisor, Code42. Cybersecurity risk management, strategy, governance and incident disclosure are a growing concern for investors and a top priority for the U.S. Securities and Exchange Commission (SEC). In 2022, publicly-tr...

Modern Hackers Keep Returning to Time-Tested Tricks

Blog Published: 06/12/2023

Originally published by CXO REvolutionaries. Written by Francis Yeow, CISO, Parkway Hospitals Singapore Pte Ltd. Imagine the scene: you arrive at your desk to find a package, likely from a source. You carefully slice open the envelope to reveal a USB drive. Sensing a story, you go to plug it i...

Day In the Life: SOC Analyst

Blog Published: 06/12/2023

Originally published by Netography. Written by Tom Dixon, Security Engineer. Time.I heard someone once say that time is the great equalizer. No matter how rich or wealthy you are, how smart or talented you are, or how important you are, you only have the same 24 hours in the day that everyone ...

Salesforce Misconfigurations are Exposing Sensitive Data

Blog Published: 06/14/2023

Originally published by Obsidian Security. Just last week, cybersecurity journalist Brian Krebs shared a post to his website detailing how Salesforce misconfigurations were causing several organizations to inadvertently expose sensitive data to the public.Affected organizations discovered that...

Six Steps to Prepare Your Application Security Team for a Penetration Test

Blog Published: 06/22/2023

Originally published by Coalfire. Written by Dave Randleman, Field CISO, Penetration Testing, Coalfire. This blog post will show step-by-step how an application security team should prepare for a penetration test. Key takeaways: A common misstep in deploying a penetration test is a lack of pre...

DSPM: The Missing Piece of the Cloud Data Security Puzzle

Blog Published: 06/22/2023

Originally published by Dig Security. Written by Sharon Farber. As organizations increasingly move their data to public cloud environments, the need for robust data security posture management (DSPM) solutions becomes more apparent. With the rapid growth of the number and size of data assets i...

How to Travel (Cyber) Securely This Summer

Blog Published: 06/23/2023

Originally published by DigiCert. Written by Dean Coclin. As the COVID-19 pandemic subsides and travel restrictions globally have been lifted, global tourism is estimated to rise by 30% in 2023. Seeking business and pleasure abroad, the increase of travelers is likely to also draw an increase ...

HITRUST CSF Assessments: e1, i1, r2—What’s the Difference?

Blog Published: 06/26/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. HITRUST CSF is the most widely-adopted cybersecurity framework for healthcare organizations in the U.S. HITRUST CSF provides broad assurance for different risk levels and compliance requirements with greater reliability than other...

Situational Awareness for Detection and Analysis: Go with the Flow

Blog Published: 06/26/2023

Originally published by Netography. Written by Martin Roesch, CEO, Netography. When we look at the threat continuum, the preparation of the assets and infrastructure in a modern network to resist an attack, including discovering, configuring, and hardening, requires major investment in tools a...

What to Do After Receiving a Business Email Compromise Attack

Blog Published: 06/15/2023

Originally published by Abnormal Security. Written by Callie Hinman Baron. Year after year, business email compromise (BEC) remains one of the most financially devastating cybercrimes. According to the latest FBI Internet Crime Report, BEC attacks were responsible for $2.7 billion in total los...

Chaos Malware Quietly Evolves Persistence and Evasion Techniques

Blog Published: 06/15/2023

Originally published by Sysdig. Written by Nicholas Lang. The name Chaos is being used for a ransomware strain, a remote access trojan (RAT), and now a DDoS malware variant too. Talk about chaos! In this case, Sysdig’s Threat Research Team captured attacks using the Chaos variant of the Kaiji ...

Passkeys & Zero Trust

Blog Published: 06/22/2023

Written by Dario Salice of the CSA Zero Trust Identity Pillar Working Group. In this article we’re going to discuss how passkeys, based on the FIDO2 standard in combination with WebAuthn (W3C), will allow for passwordless authentication, what benefits they offer, and their current limitations....

Navigating the Top 10 Challenges in Cloud Identity and Access Management

Blog Published: 06/23/2023

Written by Alon Nachmany, CISM and Shruti Kulkarni, CISA, CRISC, CISSP, CCSK of the CSA IAM Working Group. Introduction Identity and Access Management (IAM) is a critical component of cloud security and one that organizations are finding challenging to implement effectively. The rise of cloud ...

Why You Should Use the Principle of Least Privilege to Secure Serverless Applications

Blog Published: 06/27/2023

Originally published by Contino. Written by Mark Faiers, AWS Practice Lead, Contino. Serverless is a really interesting concept—it allows you to build scalable applications while simultaneously reducing your costs and decreasing your management overheads.During my time at Contino, I've helped ...

Should You Implement the NIST Cybersecurity Framework?

Blog Published: 06/27/2023

Originally published by Schellman. Anyone who has ever chosen a workout program likely started with the same goal—to improve their physical health or strength. But in exercise, different people will choose to address different things—some may opt for a comprehensive workout like CrossFit, some...

CSA’s Enterprise Architecture: Technology Solution Services (TSS)

Blog Published: 06/16/2023

Written by CSA’s Enterprise Architecture Working Group.The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess opp...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.