ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

All Articles

All Articles
Don’t Buy A Network Pen Test Until You Ask These Questions

Blog Published: 03/28/2025

Originally published by Schellman. Written by Austin Bentley, Manager, Schellman.   When people hear of an upcoming pen test, they most commonly think of network testing. These tests can be focused against your external network (i.e. network perimeter) or your ...

The Most Common Types of Phishing Attacks and Their Impact

Blog Published: 04/01/2025

Originally Published by Abnormal Security.   Written by Emily Burns.   Phishing attacks continue to be one of the most effective cyber threats, leveraging deception and social engineering to manipulate individuals and organizations. In fact, phishing accounts for 15% ...

Ensuring Responsible AI: A Comprehensive Approach to AI Assessments

Blog Published: 04/01/2025

Originally published by Truyo.   Written by Dan Clarke.   Artificial intelligence (AI) offers tremendous opportunities for innovation, efficiency, and growth across various industries. However, as AI systems become increasingly integrated into business operations, the nee...

Why Security Questionnaires Are a Familiar—but Ineffective—Norm for Assessing Risk

Blog Published: 04/02/2025

Originally published by Vanta. Written by Chase Lee.   ‍Security questionnaires are a standard part of almost every due diligence process before companies sign on to work with a new third party. By asking detailed questions via questionnaires, organizations learn about a seller’...

PTaaS: The Smarter Cybersecurity Approach for the Public Sector

Blog Published: 04/03/2025

Originally Published by Synack. Written by Ed Zaleski, Synack’s Director of Federal Sales for the Department of Defense.   As the Department of Defense (DoD) and other public sector organizations face ever-evolving cyber threats, identifying and addressing vulnerabilit...

Why AI Isn’t Keeping Me Up at Night

Blog Published: 04/01/2025

Written by John Kindervag, Chief Evangelist, Illumio.   Artificial intelligence is cybersecurity’s newest obsession. With every advancement — like China’s recent DeepSeek AI announcement — comes fresh waves of alarm about AI-driven cyberattacks and the inevitable doom they’ll bring. ...

Navigating the FedRAMP Evolution: How CSA CCM Provides a Solid Foundation

Blog Published: 04/03/2025

Written by Lefteris Skoutaris, Associate Vice President of GRC Solutions, CSA, EMEA.   The landscape of cloud security compliance is constantly evolving, and the U.S. Federal Risk and Authorization Management Program (FedRAMP) is no exception. As highlighted recently, FedRAMP w...

Secure Vibe Coding Guide

Blog Published: 04/09/2025

Written by Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups.   1: Introduction Vibe coding is an emerging AI-assisted programming approach where users describe their software requirements in natural language, and a large language model (LLM) generates the correspondin...

Securing Your Cloud Attack Surface by Reducing DNS Infrastructure Risk

Blog Published: 04/10/2025

Written by Rémy Marot. Originally published by Tenable.   The domain name system is often one of the last things an organization thinks of when they consider their overall security posture. This is a big mistake, especially while cloud adoption has been growing so quickly. This kind o...

PCI DSS Future-Dated Controls: 7 Critical Changes that Will Shape Your Security Strategy

Blog Published: 04/04/2025

Originally Published by Barr Advisory on February 7, 2025.   New cybersecurity requirements are fast approaching for organizations that process payment card transactions. In 2022, the PCI Security Standards Council (SSC) introduced PCI DSS 4.0 (now 4.0.1), a major u...

The Challenge of Distributed SaaS Management—Balancing Productivity and Security

Blog Published: 04/07/2025

Originally published by Valence. Written by Jason Siberman.   The rise of SaaS applications has transformed the way organizations operate, enabling greater collaboration, agility, and efficiency. Business-critical tools such as Salesforce, HubSpot, Workday, NetSuite, and GitHub...

Real-Time Credit Data: Fueling Banking Innovation and Growth

Blog Published: 04/10/2025

Originally published by SavvyMoney. Written by Ryan Sonnenberg.   Data is necessary to drive transformative change across industries in today’s hyperconnected world. In the financial services sector, the power of real-time credit data is undeniable. It equips financial institutio...

The Right to Be Forgotten — But Can AI Forget?

Blog Published: 04/11/2025

Written by Olivia Rempe, Community Engagement Manager, CSA.   In today’s AI-powered world, the “Right to be Forgotten”—a principle enshrined in the EU’s General Data Protection Regulation (GDPR)—is facing one of its biggest tests yet. While traditional databases and web platforms can ...

Training on Ethical and Compliant AI Usage: Navigating the White House Executive Order and Transparent Business Practices

Blog Published: 04/15/2025

Originally published by Truyo on August 21, 2024. Written by Dan Clarke, President, Truyo.   Artificial intelligence (AI) is rapidly transforming industries, offering unparalleled opportunities for innovation, efficiency, and growth. However, as AI systems become more integrated ...

The Simple Magic of App Cloaking

Blog Published: 04/08/2025

Originally Published by CXO REvolutionaries. Written by Aoibh Wood, Security Architect, Zscaler.   Often overlooked by security professionals, app cloaking is a powerful technique for strengthening security posture by making high-value private applications go dark from the publ...

How to Enhance Your TPRM Through Staff Augmentation

Blog Published: 04/08/2025

Originally published by Schellman. Written by Tu Nguyen.   If you’ve seen the news lately, you know that breaches stemming from third-party vendors are on the rise, and it seems no organization is truly safe. Whether you’re still actively contracted with a third par...

BEC in the Age of AI: The Growing Threat

Blog Published: 04/16/2025

Originally published by Abnormal Security. Written by Jade Hill.   Business email compromise (BEC) is one of the most financially damaging cyber threats today. According to the FBI’s latest Internet Crime Report, business email compromise resulted in over $2.7 billion in reported...

What You Need to Know About CMMC—From our Director of Government Strategy & Affairs Morgan Kaplan

Blog Published: 04/16/2025

Originally published by Vanta. Written by Lucia Giles.   The Cybersecurity Maturity Model Certification (CMMC) program was developed by the Department of Defense (DoD) to ensure that defense contractors and subcontractors meet the cybersecurity requirements needed to safely and r...

From Multiplan to Multimodal: A CFO’s 40-Year Tech Journey into AI

Blog Published: 04/16/2025

Written by Jeffrey Westcott, CFO, CSA.   I received one of the first Apple Macintoshes back in January 1984 when I attended Drexel University. It was branded the Apple DU with a whopping 128k of memory. And it was the same machine as the Apple Mac, soon to be released to the publi...

The Disinformation Epidemic and Its Cost to Modern Enterprises

Blog Published: 04/09/2025

Originally Published by Koat.   Summary Disinformation’s Impact on Reputation and Finances: Disinformation can severely damage a company’s reputation, erode consumer trust, and lead to significant financial losses. False narratives, such as rumors about product defects or unet...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.