ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
Strengthening Cloud Security: Mapping the Cloud Controls Matrix (CCM) 4.0 to PCI DSS 4.0

Blog Published: 09/19/2023

Written by Sully Perella, Dan Stocker, and Kerry Steele. Assessing the security of a cloud service provider can be a challenge. That's why the Cloud Security Alliance (CSA) is excited to announce the release of the latest mapping of the Cloud Controls Matrix (CCM) version 4.0 to the latest ver...

Standards for Quantum-Safe Security and the Financial Industry

Blog Published: 09/20/2023

Written by Denis Mandich, Quantum-Safe Security Working Group Member and CTO for Qrypt. The financial community relies on several standards organizations to provide consensus guidance on protecting data and information exchanges, primarily for payments and securities transactions. These standa...

Ready, Set, Respond: Ensuring Compliance with the SEC Reporting Regulations

Blog Published: 09/21/2023

Originally published by Mitiga. Written by Ariel Parnes. The Securities and Exchange Commission (SEC) of the United States has adopted new regulations that require public companies to disclose material cybersecurity incidents within four days. To the positive, this initiative seeks to increase...

Cyberthreats Increasingly Target the World’s Biggest Event Stages

Blog Published: 09/21/2023

Originally published by Microsoft. Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks. This extends into high profile sporting events, especially those in increasingly connected environments, introducing cyber risk for ...

Frequently Asked Questions Answered—ISO 27001 Certifications

Blog Published: 09/25/2023

Originally published by BARR Advisory. As one of the most thorough cybersecurity assessments an organization can go through, achieving ISO certification might initially seem daunting. At our recent ISO Open House, Director of Attest Services Angela Redmond and Manager of Attest Services Marc G...

Safeguarding the Healthcare Industry: Effective Measures to Prevent Ransomware Attacks

Blog Published: 09/25/2023

Originally published by CyberGuard Compliance. Written by Daniel Porter. The healthcare industry, entrusted with safeguarding sensitive patient information, faces a growing threat from malicious cyberattacks, particularly ransomware. These attacks not only compromise patient data security but ...

Insider Threat Awareness Month 2023: Bringing Awareness to Every Level of Your Organization

Blog Published: 09/20/2023

Originally published by Code42. Written by Chrysa Freeman, Sr. Manager of Code42's Cybersecurity Team. In the ever-evolving world of work, where remote collaboration, the Great Resignation, the rise of contractors, and the ascent of cloud technologies redefine how we conduct business, a common...

3 Ways Cybercriminals are Targeting Your Email

Blog Published: 09/20/2023

Original published by Abnormal Security. Written by Mike Britton. It wasn't long ago that the world was much simpler when it came to protecting our employees and their email use. We all had a data center. Most of our employees spent their days working in an office. While SaaS has been around f...

What is Cloud Repatriation?

Blog Published: 09/22/2023

Originally published by Sangfor Technologies. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud.The Cloud Repatriation Trend in 2023Browse the pages of most IT tech news websites and chances are you will come across stories of enterprise organizations migrating en masse to the public cloud...

NIST CSF vs. Other Cybersecurity Frameworks

Blog Published: 09/22/2023

Originally published by Schellman. With the new SEC Cybersecurity Disclosure Rule requiring both the reporting of material cybersecurity events and the annual disclosure of cybersecurity programs for public companies, those affected are taking a closer look at cybersecurity frameworks that—whi...

Why Healthcare Organizations Are Slower to Adopt Cloud Services

Blog Published: 09/25/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Security and compliance concerns dominateConsidering the type of sensitive data held by healthcare organizations, it’s not surprising that the sector has been more cautious about...

Basic Cyber Hygiene Prevents 98% of Attacks

Blog Published: 09/27/2023

Originally published by Microsoft. In today’s digital age, companies are increasingly reliant on technology and online systems to conduct their business. As a result, meeting the minimum standards for cyber hygiene is essential for protecting against cyber threats, minimizing risk, and ensurin...

Putting Zero Trust Architecture into Financial Institutions

Blog Published: 09/27/2023

Written by Arun Dhanaraj. IntroductionTraditional security methods are no longer enough to protect the valuable assets of financial institutions in a time when online threats are getting more sophisticated and attack routes are changing. In espionage, the idea of Zero Trust Architecture (ZTA) ...

Compliance Options for Healthcare Business Associates (and Why You Need Them)

Blog Published: 09/28/2023

Originally published by Schellman. Service providers—e.g., SaaS, IaaS, PaaS—are currently seeing significant growth in the healthcare vertical, where they’re classified as “business associates” to the healthcare providers, insurers, and clearinghouses that are collectively referred to as “cove...

Cloud Security Detection Doesn’t Reduce Risk. Here Are Six Remediation Steps That Do.

Blog Published: 09/26/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. As organizations migrate their software development lifecycle from on-premises to the cloud, our tools have changed to deal with fast-paced CI/CD pipelines. Similarly, the tools we use to detect application vulnerab...

Addressing Insider Threats Through Enhanced Data Protection

Blog Published: 09/26/2023

Originally published by CXO REvolutionaries. Written by Erik Hart, Global CISO, Cushman & Wakefield. The words “insider threat” have been known to make a CISO shudder. Few attack vectors can more quickly undermine a well-construed line of defenses than a credentialed user who – intentional...

Top 3 Cloud Migration Security Risks

Blog Published: 09/26/2023

Originally published by Synack. Written by Charlie Waterhouse and Justine Desmond.The benefits of cloud computing are hard to ignore – the speed, flexibility and cost savings make it a worthwhile investment for many enterprises. What’s written in fine print is that while cloud providers do mai...

OpenCRE.org - The How and The Why of Security Best Practices

Blog Published: 09/27/2023

Written by Rob van der Veer, Software Improvement Group; Spyros Gasteratos, OWASP; and Lefteris Skoutaris, CSA. In cybersecurity it is important to understand all aspects of best practices and controls: what risks and threats are they solving, what regulations and standards are prescribing the...

A Mindset Shift for Cloud Security Resilience: Assume Breach

Blog Published: 09/29/2023

Originally published by MitigaWritten by Ariel Parnes. Cloud environments offer tremendous advantages in agility, scalability, and cost efficiency. However, their dynamic nature also introduces new security challenges compared to traditional on-premises IT. To build true resilience for the ine...

Long Standing Foundations of Zero Trust

Blog Published: 09/26/2023

Looking under the covers of Zero Trust, it quickly becomes apparent some long-time security principles are at work. These principles are applied differently than we historically did because of changes in the way we now work and live, combined with advances in technology and threats. When viewe...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.