Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

Home
All Articles
Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications

Blog Published: 11/22/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. Introduction Retrieval augmented generation (RAG) is an effective technique used by AI engineers to develop large language model (LLM) powered applications. However, the lack of security controls in RAG-based L...

Quarterly Threat Bulletin: WinRAR Zero-Day Vuln and More

Blog Published: 11/07/2023

Originally published by Uptycs.Written by Dan Verton. The Uptycs Threat Research Team released its latest Quarterly Threat Bulletin today, covering the tactics, techniques and procedures (TTPs) of the most prevalent malware and threat actor groups. The Q3 Threat Bulletin highlighted the active...

Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit

Blog Published: 11/13/2023

Originally published by CAS Assurance. What is the ISO 27001 Internal Audit?Generally, internal audit is defined as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization achieve its objectives by b...

Don’t Fear the Audit—4 Ways to Prepare for SOC 2

Blog Published: 11/28/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. If you’ve made the commitment to achieve a SOC 2 report, you know the outcome will help differentiate your organization as one who takes the security of your customer data seriously. Even if this isn’t your first SOC 2 engagement,...

Navigating Compliance Requirements for Businesses Collecting Consumer Health Information

Blog Published: 11/09/2023

Originally published by BARR Advisory.The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) recently released an updated joint publication for organizations that collect consumer health information. The publication provides businesses guidance for comply...

I’m Implementing Generative AI Into My Company’s Cybersecurity Product. Here’s What I’ve Learned.

Blog Published: 11/09/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. AI is ubiquitously on everyone’s minds today – from large corporations to middle school classrooms. And it’s no wonder—this technology is transformative in the speed of creation and innovation.When ChatGPT came out,...

CSA STAR CCM Lite

Blog Published: 11/16/2023

Written by Ashwin Chaudhary, CEO, Accedere. The Cloud Security Alliance (CSA) STAR CCM Lite is a streamlined version of the CSA Cloud Controls Matrix (CCM) v4, a cybersecurity controls framework for cloud computing developed by CSA. CCM v4 was released in September 2021. The CCM Lite is a comp...

Why CISOs Are Investing in AI-Native Cybersecurity

Blog Published: 12/06/2023

Originally published by Abnormal Security. Written by Mick Leach. Artificial intelligence is full of promise. By leveraging machine learning to replicate human intelligence, AI has considerable potential to make our lives easier by empowering us to simplify and even automate complex tasks.But ...

Nonprofit Cyber Launches World More Than a Password Day

Press Release Published: 11/10/2023

Coalition of nonprofit organizations releases groundbreaking Common Guidance on Passwords with 90 signatories globallyNew York, Nov. 10, 2023: Safeguarding your online identity and data has never been more critical. “World More Than a Password Day” is a global movement to emphasize the importa...

Understanding Data Inventory and Why It Matters to CISOs

Blog Published: 11/13/2023

Originally published by Symmetry Systems. Written by Claude Mandy, Chief Evangelist, Symmetry Systems. In a modern organization, you cannot overstate the role of data. It is the largest, distributed and most valuable asset they have. Data influences everything from revenue growth to security r...

Cloud Security Alliance Launches the Industry’s First Authoritative Zero Trust Training and Credential, the Certificate of Competence in Zero Trust (CCZT)

Press Release Published: 11/15/2023

Uniquely positions CSA as the authoritative source to deliver the industry’s first holistic benchmark for measuring Zero Trust knowledgeSEATTLE – Nov. 15, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practi...

Behind the Curtain with a CCZT Developer: Head of Identity Security Sesh Ramasharma

Blog Published: 11/14/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the ...

My Reflections on OpenAI DevDay 2023: Security of New Features

Blog Published: 11/16/2023

Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. Image generated by DALL.E 3 of OpenAI 1: Introduction On November 6th, 2023, I had the opportunity to attend the inaugural OpenAI Developer Day. This event was a significant gathering, unveiling a variety of n...

Behind the Curtain with a CCZT Developer: Security Solution Architect Bernard Coetzee

Blog Published: 11/18/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the ...

UPI is an Indian Success Story. Zero Trust Architecture Can Help Ensure It Stays That Way

Blog Published: 11/21/2023

Originally published by CXO REvolutionaries. Written by Sudip Banerjee, CTO in Residence, Zscaler. If you want to make an Indian beam with national pride, you need only mention the country’s Unified Payments Interface (UPI) success. This homegrown interbank digital payments infrastructure has ...

Optimizing Your Security Posture: Harnessing the Cloud Controls Matrix (CCM) for Comprehensive Framework Mapping

Blog Published: 11/22/2023

IntroductionIn today's complex and rapidly evolving cloud security landscape, cloud organizations are under considerable pressure to comply with numerous international, national, and sector-specific standards. Such proliferation of security standards and compliance requirements has been a daun...

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

Blog Published: 11/14/2023

Originally published by Mitiga. Written by Ariel Szarf and Or Aspir. Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software ...

CCZT: A Major Milestone on the Zero Trust Journey

Blog Published: 11/14/2023

My personal history in cybersecurity began in the very early days of the commercialization of the nascent Internet. I started out as a firewall guy in 1992, primarily because my customers relied on firewalls to protect their network perimeters. Firewall implementation was underpinned by a simp...

Who Can Access My Sensitive Data?‍

Blog Published: 11/16/2023

Originally published at Dig Security. Written by Sharon Farber. Data serves as the lifeblood of organizations, fueling insights, driving decision-making, and nurturing customer relationships. However, the challenge lies in effectively managing this valuable asset, particularly when it resides ...

Google’s Vertex AI Platform Gets Freejacked

Blog Published: 11/17/2023

Originally published by Sysdig. Written by Michael Clark. The Sysdig Threat Research Team (Sysdig TRT) recently discovered a new Freejacking campaign abusing Google’s Vertex AI platform for cryptomining. Vertex AI is a SaaS, which makes it vulnerable to a number of attacks, such as Freejacking...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
151
152
153
155
157
158
159
Last »