Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Align cybersecurity controls with evolving regulations and make a real impact in the industry. Join CSA's Regulatory Analysis and Compliance Engineering Working Group!

All Articles

Home
All Articles
AI & Software Security: How to Implement AI Responsibly and Successfully

Blog Published: 02/21/2024

Originally published by ArmorCode. Generative AI (GenAI) dominated the technology landscape in 2023 prompting many technology companies to formulate an AI strategy – from adopting AI-enabled tools for performance and productivity gains to developing and building upon large language models (LLM...

The CSA Cloud Controls Matrix and Consensus Assessment Initiative Questionnaire: FAQs

Blog Published: 02/17/2024

Two essential tools in the world of cloud computing are CSA’s Cloud Controls Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ). These tools are the backbone of the CSA Security, Trust, Assurance, and Risk (STAR) program, the largest cloud assurance program in the world....

Book Introduction: Generative AI Security: Theories and Practices

Blog Published: 02/16/2024

Written by Ken Huang, Co-Chair of Two CSA AI Safety Working Groups, VP of Research of CSA GCR, and CEO of Distributedapps.ai. In this blog, I would like to talk about my upcoming book Generative AI Security: Theories and Practices. I started this book project in January 2023. The project en...

3 Critical Steps for Application Security Teams in 2024

Blog Published: 02/23/2024

Originally published by CrowdStrike. As application security teams head into a new year, these are the key issues they should keep in mind and steps they must take to defend their custom software applications. Software development practices are rapidly changing, and so are the methods adversar...

Addressing Microsoft Teams Phishing Threats

Blog Published: 02/15/2024

Originally published by Adaptive Shield.Written by Hananel Livneh. AT&T Cybersecurity recently discovered phishing attacks conducted over Microsoft Teams. During a group chat, threat actors distributed malicious attachments to employees, which led to the installation of DarkGate malware on...

The Latest Microsoft Midnight Blizzard Breach is a Wakeup Call for SaaS Security

Blog Published: 02/15/2024

Originally published by Valence. Microsoft recently published new guidance on the nation-state attack that they initially disclosed on January 19. According to Microsoft, the Russian state-sponsored threat actor Midnight Blizzard (also known as NOBELIUM or APT29) was able to leverage a test te...

From Security Evolution to Generative AI: A Q&A with an Industry Leader

Blog Published: 02/21/2024

Tim Chase, Field CISO at Lacework, recently sat down with Rahul Gupta, Head of Security and Governance, Risk, and Compliance (GRC) at Sigma Computing. The two discussed a wide range of topics, including Gupta’s perspective on the evolving security industry, how to attract and retain talent, th...

Who Owns Information in the Era of AI?

Blog Published: 02/23/2024

Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO in Residence and Sam Curry, VP & CISO in Residence, Zscaler.Mark Twain, the distinguished American author, once wrote, “The kernel, the soul, let us go further and say the substance, the bulk, the actual and valua...

The Hidden Certificates in Your Organization: How to Find Them

Blog Published: 02/26/2024

Originally published by DigiCert. Written by Robyn Weisman. It should be clear by now why centralizing visibility over your cryptographic assets is essential to digital trust. If for some reason you’re unmoved by the parade of damaging outages and data breaches caused by expired or improperly ...

Zero Trust Messaging Needs a Reboot

Blog Published: 02/16/2024

Written by Daniel Ballmer, Senior Transformation Analyst, CXO REvolutionaries, Zscaler.It’s 2024, and Zero Trust adoption across industries remains somewhere below 33%. For reference, de-perimeterization, a stepping-stone to Zero Trust, was first discussed on the Jericho Forums twenty years ag...

Data Governance in the Cloud

Blog Published: 02/16/2024

Written by Ashwin Chaudhary, CEO, Accedere. As all organizations are moving towards the digitization of data and cloud computing, it is important to protect and ensure data governance by all organizations. New data security solutions are needed considering data digitization and cloud computing...

AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise

Blog Published: 02/20/2024

Originally published by Abnormal Security. Written by Mick Leach.The quickened pace of AI development and release of tools like ChatGPT mark a fundamental shift in the AI conversation—moving from “what could happen” to “what will happen.”One topic that gets a significant amount of attention is...

Trust Model: The First Step to Ensure Your IT Network

Blog Published: 02/20/2024

Originally published by Devoteam.What is Zero Trust? Zero Trust is a security approach that mandates verification, employs least privilege, and operates under the assumption of a breach for every access request to a private network, irrespective of its origin or destination. Its foundation re...

What's Required After My First SOC 2 Report?

Blog Published: 02/21/2024

Originally published by MJD.Written by Mike DeKock, CPA, CEO, MJD.Q: What is required after my first SOC 2 report?A: MJD AnswerYou’ve completed your SOC 2 report. That first-time report can be a lot of work, and it’s worth celebrating while you hang the new AICPA logo on the website. So what’s...

5 Takeaways from a CISO Focus Group: Strategies for Managing Security and Compliance in Today’s Digital Business Landscape

Blog Published: 02/22/2024

Originally published by RegScale.Everyone recognizes that in today’s rapidly evolving business landscape, security AND compliance have become central to the success and sustainability of organizations. In an effort to gain an understanding of the customers we serve, RegScale made the decision ...

Other Practices Are Placing Greater Trust in AI... When Will Cybersecurity?

Blog Published: 02/22/2024

Originally published by Dazz.Written by Noah Simon, Head of Product Marketing, Dazz.In 2023, we saw AI adoption rates soar—particularly for large language learning models (LLMs). Many industries are now incorporating AI into common processes and are seeing positive results—and not just in cost...

Part 3: The Anatomy of Supply Chain Attacks: Non-Human Identities & TPRM Failure

Blog Published: 02/23/2024

Originally published by Astrix.Written by Alex Flores, Danielle Guetta, and Tal Skverer. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an esta...

Understanding PCI DSS: A Guide to the Payment Card Industry Data Security Standard

Blog Published: 02/26/2024

Originally published by BARR Advisory.Written by Kyle Cohlmia. According to a report by The Ascent, credit card fraud remained the most common type of identity theft in 2023. In today’s digital age, where online transactions have become an integral part of our daily lives, the security of paym...

5 Steps to Fortify Your Organization Against Cyber Liabilities

Blog Published: 02/26/2024

Originally published by Diligent. Written by Nithya B. Das, Chief Legal & Administrative Officer, Diligent. Cybersecurity is a business issue. This was one of the key takeaways from a recent panel discussion I moderated on key strategies to guide CISOs, general counsels and other legal and...

Securing Your Microsoft Environment After the Midnight Blizzard Attack

Blog Published: 02/27/2024

Originally published by Reco. Written by Oz Wasserman. IntroductionThe attack on Microsoft's SaaS-based Entra environment by Midnight Blizzard (aka Nobelium, Cozy Bear or APT29) was notably one of the most sophisticated attacks seen on similar platforms. This incident, spanning from November 2...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
159
160
161
163
165
166
167
Last »