Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
AI Resilience & Diversity

Blog Published: 06/20/2024

Written by Dr. Chantal Spleiss, Co-Chair of the CSA AI Governance and Compliance Working Group. Resilience is often thrown around as a buzzword, but its true definition can be quite elusive. In this blog, I'll explore the three pillars of AI resilience: robustness, resilience, and plasticity. ...

EU AI Act Introduces Unique Tiered System for Risks

Blog Published: 06/20/2024

Originally published by Truyo.With the full text of the EU AI Act made public, Truyo President Dan Clarke read through the Act in its entirety to identify key elements that will be crucial to compliance for organizations in scope. The Act includes the conventional components of transparency, priv...

PCI DSS for Security Leaders – How to Take a Proactive Approach

Blog Published: 06/20/2024

Originally published by Schellman.If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.No one wants to hear, “I’m put...

Unified Cybersecurity Language: Optimizing Risk and Compliance Terms for Collaborative Security

Blog Published: 06/18/2024

Originally published by RegScale.Written by Dave Schmoeller.Kickoff: Navigating the Cybersecurity Language LandscapeImagine the chaos when a cybersecurity breach puts data at risk, and departments are left in a scramble. Cybersecurity tags the event a ‘security incident,’ Risk counters with a ‘da...

New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware

Blog Published: 06/18/2024

Originally published by Uptycs. Written by Shilpesh Trivedi and Nisarga C M. The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection, upon discovery, the team promptly initiated an in-depth analysi...

5 ChatGPT Jailbreak Prompts Being Used by Cybercriminals

Blog Published: 06/17/2024

Originally published by Abnormal Security.Written by Daniel Kelley.Since the launch of ChatGPT nearly 18 months ago, cybercriminals have been able to leverage generative AI for their attacks. As part of its content policy, OpenAI created restrictions to stop the generation of malicious content. I...

5 Best Practices to Secure AWS Resources

Blog Published: 06/17/2024

Originally published by CrowdStrike.Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses...

CSA Community Spotlight: Leading Critical Discussions with Vishwas Manral

Blog Published: 06/14/2024

Celebrating our 15th anniversary this year, CSA stands as the premier authority in promoting and defining best practices for a secure cloud computing environment. Since its inception in 2009, CSA has grown to offer an extensive array of frameworks, research publications, assurance programs, train...

Mastering Zero Trust Security in IT Operations

Blog Published: 06/14/2024

Originally published by Automox.Written by Landon Miles.If you’re unaware that cyber threats are becoming more sophisticated and frequent, you probably don’t work in IT. Unfortunately, the traditional "trust but verify" approach to cybersecurity just isn’t adequate anymore. A Zero Trust security ...

From the Trenches: A CISO's Guide to Threat Intelligence

Blog Published: 06/13/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Let's face it, our jobs as CISOs are a constant dance with the shadows. We fight invisible enemies, anticipate the next attack, and strive to stay one step ahead of ever-evolving threats. That's where thr...

Beyond Blind Trust: The Imperative of Zero Trust for Federal Agencies

Blog Published: 06/13/2024

Originally published by Synack.Written by Ed Zaleski. Director of Federal Sales for the Department of Defense, Synack.TL;DRZero trust cybersecurity principles require continuous monitoring and evaluation to ensure effectiveness.Implementing zero trust necessitates a significant overhaul of existi...

Discover CCSK v5: The New Standard in Cloud Security Expertise

Blog Published: 06/12/2024

Written by Martin Hall.Already trusted by thousands of companies and tens of thousands of cloud security professionals worldwide, the Certificate of Cloud Security Knowledge (CCSK) is the industry standard for cloud security expertise. And it's about to get even better. Based on input from our me...

What We Know About Vulnerability Exploitation in 2024 (So Far)

Blog Published: 06/12/2024

Originally published by Dazz.Written by Noah Simon, Head of Product Marketing, Dazz.In the world of security vulnerabilities, change is the only constant. There are always new CVEs, new exploits, and new threat actors. A recent study estimates that there will be a 25% increase in vulnerabilities,...

SASE and Zero Trust PAM: Why Enterprises Need Both

Blog Published: 06/12/2024

Written by StrongDM.Enterprise security and compliance teams must maintain constant awareness of all activities across their entire environment involving every user. Regulatory requirements, along with internally set policies and controls, demand thorough knowledge and understanding to effectivel...

What is Continuous Controls Monitoring & Its Impact on Cybersecurity?

Blog Published: 06/11/2024

Originally published by RegScale.Written by Dan Biewener.It’s 2024 and the rules have changed, literally. Late in 2023, the U.S. Securities and Exchange Commission (SEC) issued new requirements for cybersecurity disclosures. In addition to reporting material cybersecurity incidents within four da...

Risk Management in the Age of Artificial Intelligence: 9 Questions to Ask Your AI-Powered Vendors

Blog Published: 06/11/2024

Originally published by BARR Advisory.Artificial intelligence (AI) presents organizations across industries with the opportunity to streamline their workflows, better secure their systems, and solve some of the world’s most pressing issues. But while AI has the potential to offer huge benefits to...

AWS S3 Bucket Security: The Top CSPM Practices

Blog Published: 06/10/2024

Written by ArmorCode.An S3 bucket is a fundamental resource in Amazon Web Services (AWS) for storing and managing data in the cloud. S3 stands for "Simple Storage Service," providing scalable, durable, and highly available object storage.S3 is widely used for various purposes, such as storing bac...

The Human Element in AI-Enhanced SOCs

Blog Published: 06/10/2024

Written by Cetark.In today’s cybersecurity landscape, Security Operations Centers (SOCs) are increasingly using Artificial Intelligence (AI) to boost their defenses. AI offers substantial benefits, like automating repetitive tasks and improving threat detection, but human expertise remains essent...

Application Security Solutions: CNAPP vs CSPM vs ASPM

Blog Published: 06/07/2024

The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feature...

Secure Your Staff: How to Protect High-Profile Employees’ Sensitive Data on the Web

Blog Published: 06/07/2024

Originally published by CrowdStrike.Written by Ben TerMeer, Brian Bunyard, and Keith Mason.Organizations are increasingly concerned about high-profile employees’ information being exposed on the deep and dark web. The CrowdStrike Counter Adversary Operations team is often asked to find fake soci...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.