Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

All Articles

Home
All Articles
Don’t Buy A Network Pen Test Until You Ask These Questions

Blog Published: 03/28/2025

Originally published by Schellman. Written by Austin Bentley, Manager, Schellman.   When people hear of an upcoming pen test, they most commonly think of network testing. These tests can be focused against your external network (i.e. network perimeter) or your ...

The Most Common Types of Phishing Attacks and Their Impact

Blog Published: 04/01/2025

Originally Published by Abnormal Security.   Written by Emily Burns.   Phishing attacks continue to be one of the most effective cyber threats, leveraging deception and social engineering to manipulate individuals and organizations. In fact, phishing accounts for 15% ...

Ensuring Responsible AI: A Comprehensive Approach to AI Assessments

Blog Published: 04/01/2025

Originally published by Truyo.   Written by Dan Clarke.   Artificial intelligence (AI) offers tremendous opportunities for innovation, efficiency, and growth across various industries. However, as AI systems become increasingly integrated into business operations, the nee...

Why Security Questionnaires Are a Familiar—but Ineffective—Norm for Assessing Risk

Blog Published: 04/02/2025

Originally published by Vanta. Written by Chase Lee.   ‍Security questionnaires are a standard part of almost every due diligence process before companies sign on to work with a new third party. By asking detailed questions via questionnaires, organizations learn about a seller’...

PTaaS: The Smarter Cybersecurity Approach for the Public Sector

Blog Published: 04/03/2025

Originally Published by Synack. Written by Ed Zaleski, Synack’s Director of Federal Sales for the Department of Defense.   As the Department of Defense (DoD) and other public sector organizations face ever-evolving cyber threats, identifying and addressing vulnerabilit...

Why AI Isn’t Keeping Me Up at Night

Blog Published: 04/01/2025

Written by John Kindervag, Chief Evangelist, Illumio.   Artificial intelligence is cybersecurity’s newest obsession. With every advancement — like China’s recent DeepSeek AI announcement — comes fresh waves of alarm about AI-driven cyberattacks and the inevitable doom they’ll bring. ...

Navigating the FedRAMP Evolution: How CSA CCM Provides a Solid Foundation

Blog Published: 04/03/2025

Written by Lefteris Skoutaris, Associate Vice President of GRC Solutions, CSA, EMEA.   The landscape of cloud security compliance is constantly evolving, and the U.S. Federal Risk and Authorization Management Program (FedRAMP) is no exception. As highlighted recently, FedRAMP w...

Secure Vibe Coding Guide

Blog Published: 04/09/2025

Written by Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups.   1: Introduction Vibe coding is an emerging AI-assisted programming approach where users describe their software requirements in natural language, and a large language model (LLM) generates the correspondin...

Securing Your Cloud Attack Surface by Reducing DNS Infrastructure Risk

Blog Published: 04/10/2025

Written by Rémy Marot. Originally published by Tenable.   The domain name system is often one of the last things an organization thinks of when they consider their overall security posture. This is a big mistake, especially while cloud adoption has been growing so quickly. This kind o...

PCI DSS Future-Dated Controls: 7 Critical Changes that Will Shape Your Security Strategy

Blog Published: 04/04/2025

Originally Published by Barr Advisory on February 7, 2025.   New cybersecurity requirements are fast approaching for organizations that process payment card transactions. In 2022, the PCI Security Standards Council (SSC) introduced PCI DSS 4.0 (now 4.0.1), a major u...

The Challenge of Distributed SaaS Management—Balancing Productivity and Security

Blog Published: 04/07/2025

Originally published by Valence. Written by Jason Siberman.   The rise of SaaS applications has transformed the way organizations operate, enabling greater collaboration, agility, and efficiency. Business-critical tools such as Salesforce, HubSpot, Workday, NetSuite, and GitHub...

Real-Time Credit Data: Fueling Banking Innovation and Growth

Blog Published: 04/10/2025

Originally published by SavvyMoney. Written by Ryan Sonnenberg.   Data is necessary to drive transformative change across industries in today’s hyperconnected world. In the financial services sector, the power of real-time credit data is undeniable. It equips financial institutio...

The Right to Be Forgotten — But Can AI Forget?

Blog Published: 04/11/2025

Written by Olivia Rempe, Community Engagement Manager, CSA.   In today’s AI-powered world, the “Right to be Forgotten”—a principle enshrined in the EU’s General Data Protection Regulation (GDPR)—is facing one of its biggest tests yet. While traditional databases and web platforms can ...

Training on Ethical and Compliant AI Usage: Navigating the White House Executive Order and Transparent Business Practices

Blog Published: 04/15/2025

Originally published by Truyo on August 21, 2024. Written by Dan Clarke, President, Truyo.   Artificial intelligence (AI) is rapidly transforming industries, offering unparalleled opportunities for innovation, efficiency, and growth. However, as AI systems become more integrated ...

The Simple Magic of App Cloaking

Blog Published: 04/08/2025

Originally Published by CXO REvolutionaries. Written by Aoibh Wood, Security Architect, Zscaler.   Often overlooked by security professionals, app cloaking is a powerful technique for strengthening security posture by making high-value private applications go dark from the publ...

How to Enhance Your TPRM Through Staff Augmentation

Blog Published: 04/08/2025

Originally published by Schellman. Written by Tu Nguyen.   If you’ve seen the news lately, you know that breaches stemming from third-party vendors are on the rise, and it seems no organization is truly safe. Whether you’re still actively contracted with a third par...

BEC in the Age of AI: The Growing Threat

Blog Published: 04/16/2025

Originally published by Abnormal Security. Written by Jade Hill.   Business email compromise (BEC) is one of the most financially damaging cyber threats today. According to the FBI’s latest Internet Crime Report, business email compromise resulted in over $2.7 billion in reported...

What You Need to Know About CMMC—From our Director of Government Strategy & Affairs Morgan Kaplan

Blog Published: 04/16/2025

Originally published by Vanta. Written by Lucia Giles.   The Cybersecurity Maturity Model Certification (CMMC) program was developed by the Department of Defense (DoD) to ensure that defense contractors and subcontractors meet the cybersecurity requirements needed to safely and r...

From Multiplan to Multimodal: A CFO’s 40-Year Tech Journey into AI

Blog Published: 04/16/2025

Written by Jeffrey Westcott, CFO, CSA.   I received one of the first Apple Macintoshes back in January 1984 when I attended Drexel University. It was branded the Apple DU with a whopping 128k of memory. And it was the same machine as the Apple Mac, soon to be released to the publi...

The Disinformation Epidemic and Its Cost to Modern Enterprises

Blog Published: 04/09/2025

Originally Published by Koat.   Summary Disinformation’s Impact on Reputation and Finances: Disinformation can severely damage a company’s reputation, erode consumer trust, and lead to significant financial losses. False narratives, such as rumors about product defects or unet...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
196
197
198
200
202
203
Last »