Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Strengthening Cloud Security: Mapping the Cloud Controls Matrix (CCM) 4.0 to PCI DSS 4.0

Blog Published: 09/19/2023

Written by Sully Perella, Dan Stocker, and Kerry Steele. Assessing the security of a cloud service provider can be a challenge. That's why the Cloud Security Alliance (CSA) is excited to announce the release of the latest mapping of the Cloud Controls Matrix (CCM) version 4.0 to the latest ver...

Standards for Quantum-Safe Security and the Financial Industry

Blog Published: 09/20/2023

Written by Denis Mandich, Quantum-Safe Security Working Group Member and CTO for Qrypt. The financial community relies on several standards organizations to provide consensus guidance on protecting data and information exchanges, primarily for payments and securities transactions. These standa...

Ready, Set, Respond: Ensuring Compliance with the SEC Reporting Regulations

Blog Published: 09/21/2023

Originally published by Mitiga. Written by Ariel Parnes. The Securities and Exchange Commission (SEC) of the United States has adopted new regulations that require public companies to disclose material cybersecurity incidents within four days. To the positive, this initiative seeks to increase...

Cyberthreats Increasingly Target the World’s Biggest Event Stages

Blog Published: 09/21/2023

Originally published by Microsoft. Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks. This extends into high profile sporting events, especially those in increasingly connected environments, introducing cyber risk for ...

Frequently Asked Questions Answered—ISO 27001 Certifications

Blog Published: 09/25/2023

Originally published by BARR Advisory. As one of the most thorough cybersecurity assessments an organization can go through, achieving ISO certification might initially seem daunting. At our recent ISO Open House, Director of Attest Services Angela Redmond and Manager of Attest Services Marc G...

Safeguarding the Healthcare Industry: Effective Measures to Prevent Ransomware Attacks

Blog Published: 09/25/2023

Originally published by CyberGuard Compliance. Written by Daniel Porter. The healthcare industry, entrusted with safeguarding sensitive patient information, faces a growing threat from malicious cyberattacks, particularly ransomware. These attacks not only compromise patient data security but ...

Insider Threat Awareness Month 2023: Bringing Awareness to Every Level of Your Organization

Blog Published: 09/20/2023

Originally published by Code42. Written by Chrysa Freeman, Sr. Manager of Code42's Cybersecurity Team. In the ever-evolving world of work, where remote collaboration, the Great Resignation, the rise of contractors, and the ascent of cloud technologies redefine how we conduct business, a common...

3 Ways Cybercriminals are Targeting Your Email

Blog Published: 09/20/2023

Original published by Abnormal Security. Written by Mike Britton. It wasn't long ago that the world was much simpler when it came to protecting our employees and their email use. We all had a data center. Most of our employees spent their days working in an office. While SaaS has been around f...

What is Cloud Repatriation?

Blog Published: 09/22/2023

Originally published by Sangfor Technologies. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud.The Cloud Repatriation Trend in 2023Browse the pages of most IT tech news websites and chances are you will come across stories of enterprise organizations migrating en masse to the public cloud...

NIST CSF vs. Other Cybersecurity Frameworks

Blog Published: 09/22/2023

Originally published by Schellman. With the new SEC Cybersecurity Disclosure Rule requiring both the reporting of material cybersecurity events and the annual disclosure of cybersecurity programs for public companies, those affected are taking a closer look at cybersecurity frameworks that—whi...

Why Healthcare Organizations Are Slower to Adopt Cloud Services

Blog Published: 09/25/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Security and compliance concerns dominateConsidering the type of sensitive data held by healthcare organizations, it’s not surprising that the sector has been more cautious about...

Basic Cyber Hygiene Prevents 98% of Attacks

Blog Published: 09/27/2023

Originally published by Microsoft. In today’s digital age, companies are increasingly reliant on technology and online systems to conduct their business. As a result, meeting the minimum standards for cyber hygiene is essential for protecting against cyber threats, minimizing risk, and ensurin...

Putting Zero Trust Architecture into Financial Institutions

Blog Published: 09/27/2023

Written by Arun Dhanaraj. IntroductionTraditional security methods are no longer enough to protect the valuable assets of financial institutions in a time when online threats are getting more sophisticated and attack routes are changing. In espionage, the idea of Zero Trust Architecture (ZTA) ...

Compliance Options for Healthcare Business Associates (and Why You Need Them)

Blog Published: 09/28/2023

Originally published by Schellman. Service providers—e.g., SaaS, IaaS, PaaS—are currently seeing significant growth in the healthcare vertical, where they’re classified as “business associates” to the healthcare providers, insurers, and clearinghouses that are collectively referred to as “cove...

Cloud Security Detection Doesn’t Reduce Risk. Here Are Six Remediation Steps That Do.

Blog Published: 09/26/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. As organizations migrate their software development lifecycle from on-premises to the cloud, our tools have changed to deal with fast-paced CI/CD pipelines. Similarly, the tools we use to detect application vulnerab...

Addressing Insider Threats Through Enhanced Data Protection

Blog Published: 09/26/2023

Originally published by CXO REvolutionaries. Written by Erik Hart, Global CISO, Cushman & Wakefield. The words “insider threat” have been known to make a CISO shudder. Few attack vectors can more quickly undermine a well-construed line of defenses than a credentialed user who – intentional...

Top 3 Cloud Migration Security Risks

Blog Published: 09/26/2023

Originally published by Synack. Written by Charlie Waterhouse and Justine Desmond.The benefits of cloud computing are hard to ignore – the speed, flexibility and cost savings make it a worthwhile investment for many enterprises. What’s written in fine print is that while cloud providers do mai...

OpenCRE.org - The How and The Why of Security Best Practices

Blog Published: 09/27/2023

Written by Rob van der Veer, Software Improvement Group; Spyros Gasteratos, OWASP; and Lefteris Skoutaris, CSA. In cybersecurity it is important to understand all aspects of best practices and controls: what risks and threats are they solving, what regulations and standards are prescribing the...

A Mindset Shift for Cloud Security Resilience: Assume Breach

Blog Published: 09/29/2023

Originally published by MitigaWritten by Ariel Parnes. Cloud environments offer tremendous advantages in agility, scalability, and cost efficiency. However, their dynamic nature also introduces new security challenges compared to traditional on-premises IT. To build true resilience for the ine...

Long Standing Foundations of Zero Trust

Blog Published: 09/26/2023

Looking under the covers of Zero Trust, it quickly becomes apparent some long-time security principles are at work. These principles are applied differently than we historically did because of changes in the way we now work and live, combined with advances in technology and threats. When viewe...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
147
148
149
151
153
154
155
Last »