Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
SOC 2 Reports and Penetration Tests

Blog Published: 02/02/2024

Originally published by MJD.Written by Mike DeKock, CPA. We get asked a lot about whether penetration testing is required to complete a SOC 2 report. The short version of the answer is “no” - there are no explicit requirements for penetration testing (or any controls) within a SOC 2 report. The l...

Detecting and Mitigating CVE-2023-4911: Local Privilege Escalation Vulnerability

Blog Published: 02/01/2024

Originally published by Sysdig.Written by Daniele Linguaglossa. Recently, Qualys discovered and reported a critical vulnerability affecting the popular GLIBC ecosystem, which is installed by default on most Linux-based operating systems. Specifically, a buffer overflow was found in the code resp...

Security Chaos Engineering: Fewer Blind Spots and Improved Stress Testing Move CISOs Closer to Cyber Resilience

Blog Published: 02/01/2024

Originally published by Synack. Written by Luke Luckett. Headlines in the press over the past few quarters have shown that resilience in the financial sector can be stress tested – sometimes with little warning. According to the Federal Reserve, the form of stress testing they conduct assesses wh...

The Evolution of Check Payments

Blog Published: 01/31/2024

Originally published by IBM Financial Services Cloud Forum. Written by Prakash Pattni. Check payments market in fluxAcross the globe, enterprises are rapidly modernizing to meet the demands of today’s digital-first consumers and frictionless experiences. These same enterprises must also prioritiz...

The Emergence of Shadow AI and Why Evolution, Not Revolution, Might Just Kill it Dead

Blog Published: 01/31/2024

Originally published by CXO REvolutionaries.Written by Martyn Ditchburn, CTO in Residence, Zscaler. Cyber professionals are being bludgeoned daily by the topic of AI from both within their organizations and without. As a colleague acknowledged in a recent roundtable – the largest abuse of data in...

DORA Directive: The Climax of Resilience in the European Economic System

Blog Published: 01/31/2024

Originally published by Devoteam.One in two cyber attacks was successful in the Eurozone (European Central Bank statistics for the year 2022). Despite efforts in recent years by various stakeholders, this figure struggles to decrease, indicating that only structural decision-making will be able t...

ISO 42001: A New AI Management System for the Trustworthy Use of AI

Blog Published: 01/30/2024

Originally published by BARR Advisory on December 6, 2023. Written by Kyle Cohlmia. In a survey by Heidrick & Struggles, respondents most often identified Artificial Intelligence (AI) as a significant threat to organizations in the next five years. With this statistic in mind and the release ...

Eight Cybersecurity Predictions for 2024 and Beyond

Blog Published: 01/30/2024

Originally published by Skyhigh Security.Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. The ever-changing digital environment is driving the evolution of cybersecurity threats. As technology advances and cybercriminals develop new tactics to exploit vulnerabilities and ...

The Five Key Benefits of CNAPP: How It Helps to Protect Cloud Workloads

Blog Published: 01/30/2024

Originally published by Tenable. Written by Tom Croll, Advisor at Lionfish Tech Advisors. Analysts use acronyms to define requirements for new technologies and develop guidance for protecting digital businesses’ critical systems. However, acronyms often confuse end users, which can result ...

Navigating the Cybersecurity Seas: The Essential Traits of a Successful CISO

Blog Published: 01/29/2024

Originally published by RegScale.In the ever-evolving cybersecurity landscape, a successful Chief Information Security Officer (CISO) is the linchpin between an organization’s safety and the relentless waves of cyber threats. The role of a CISO demands more than technical prowess; it requires a d...

The Positive and the Negative Impacts of Quantum Computers on the Finance Sector

Blog Published: 01/29/2024

Originally published by DigiCert. Written by Timothy Hollebeek. Quantum computers will change the way many industries operate, and the impacts of quantum computing will affect all aspects of society. It’s not a question of if but when as governments and private companies race towards their deve...

Empowering Security: Security Orchestration and Automated Response to Help Secure the Future

Blog Published: 01/29/2024

Originally published by KPMG. Global businesses face a paradigm shift demanding revolutionary new capabilities to detect and respond to today’s fast-expanding cyber threat landscape. As emerging technologies such as artificial intelligence (AI) and automation redefine cyber threat detection and r...

How Remediation Improves Readiness for SEC Cybersecurity Rule Disclosures

Blog Published: 01/26/2024

Originally published by Dazz. Written by Noah Simon, Head of Product Marketing, Dazz. With the new SEC disclosures rule for material cybersecurity incidents now in effect, much of the talk on SEC rules is centered around materiality. Material incidents now need to be disclosed in just four days, ...

Top 3 Identity Risks In Enterprise Clouds

Blog Published: 01/26/2024

Originally published by Sonrai Security.Written by Tally Shea. After months of reporting on what identity and privilege risks are leaving organizations vulnerable to data breach and business disruption, where exactly those risks are, and how to fix them, one thing has been made clear: There’s a g...

GRC and Continuous Controls Monitoring, You Complete Me

Blog Published: 01/25/2024

Originally published by RegScale. Many large enterprises have invested heavily in Governance, Risk, and Compliance (GRC) tools over the last 20 years. These investments were driven by the need to improve the organization’s compliance posture, enhance its risk management practices, and generate op...

What is the Shared Responsibility Model in the Cloud?

Blog Published: 01/25/2024

In cloud computing, understanding the shared responsibility model is crucial. As the name implies, the shared responsibility model delineates who is responsible for what in regards to a cloud environment. This responsibility matrix varies depending on the cloud provider, service model, and deploy...

Uncovering Hybrid Cloud Attacks Through Intelligence-Driven Incident Response: Part 2 – The Attack

Blog Published: 01/25/2024

Originally published by Gem Security.Written by Yotam Meitar. Effective response to cloud and hybrid attacks can be uniquely challenging. In this three-part series, we discuss how implementing intelligence-driven contextualized incident response allows defenders to turn attackers’ advantages in t...

Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services

Blog Published: 01/24/2024

Originally published by SentinelOne.Written by Alex Delamotte. Executive SummaryFBot is a Python-based hacking tool distinct from other cloud malware families, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio.FBot does not utilize the wid...

What to Know About the New EU AI Act

Blog Published: 01/24/2024

Originally published by Schellman. After 22 grueling hours of negotiations, policymakers within the European Union (EU) have reached a provisional agreement on new rules to govern the most powerful artificial intelligence (AI) models. They’re calling it the EU AI Act, and though yes—the provision...

Whole-of-State Cybersecurity: What it Means and Why it Matters

Blog Published: 01/24/2024

Originally published by CXO REvolutionaries. Written by David Cagigal, Former CIO of the State of Wisconsin. You’re the CIO of a state. Your charter is to secure, as fully as possible, all data and services used at the state level and to advise a variety of agencies and groups at the local level ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
25
26
27
29
31
32
33
Last »