Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

All Articles

Home
All Articles
CSA STAR CCM Lite

Blog Published: 11/16/2023

Written by Ashwin Chaudhary, CEO, Accedere. The Cloud Security Alliance (CSA) STAR CCM Lite is a streamlined version of the CSA Cloud Controls Matrix (CCM) v4, a cybersecurity controls framework for cloud computing developed by CSA. CCM v4 was released in September 2021. The CCM Lite is a compreh...

Top 3 Reasons to Replace Your SEG

Blog Published: 11/15/2023

Originally published by Abnormal Security. Written by Lane Billings. By manipulating generative AI and other forms of new technology, highly skilled cybercriminals have made defending email an ever-evolving uphill battle. Traditional secure email gateways (SEGs) are no longer an effective means o...

Cloud Security Alliance Launches the Industry’s First Authoritative Zero Trust Training and Credential, the Certificate of Competence in Zero Trust (CCZT)

Press Release Published: 11/15/2023

Uniquely positions CSA as the authoritative source to deliver the industry’s first holistic benchmark for measuring Zero Trust knowledgeSEATTLE – Nov. 15, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices...

Behind the Curtain with a CCZT Developer: Head of Identity Security Sesh Ramasharma

Blog Published: 11/14/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...

CCZT: A Major Milestone on the Zero Trust Journey

Blog Published: 11/14/2023

My personal history in cybersecurity began in the very early days of the commercialization of the nascent Internet. I started out as a firewall guy in 1992, primarily because my customers relied on firewalls to protect their network perimeters. Firewall implementation was underpinned by a simple ...

More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan

Blog Published: 11/14/2023

Originally published by Mitiga. Written by Ariel Szarf and Or Aspir. Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software sig...

The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 2

Blog Published: 11/14/2023

Originally published by CrowdStrike. In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries.Opportunities for RansomwareThe Restart Manager preempts unwelcome reboots by shut...

Understanding Data Inventory and Why It Matters to CISOs

Blog Published: 11/13/2023

Originally published by Symmetry Systems. Written by Claude Mandy, Chief Evangelist, Symmetry Systems. In a modern organization, you cannot overstate the role of data. It is the largest, distributed and most valuable asset they have. Data influences everything from revenue growth to security risk...

Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit

Blog Published: 11/13/2023

Originally published by CAS Assurance. What is the ISO 27001 Internal Audit?Generally, internal audit is defined as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization achieve its objectives by brin...

Nonprofit Cyber Launches World More Than a Password Day

Press Release Published: 11/10/2023

Coalition of nonprofit organizations releases groundbreaking Common Guidance on Passwords with 90 signatories globallyNew York, Nov. 10, 2023: Safeguarding your online identity and data has never been more critical. “World More Than a Password Day” is a global movement to emphasize the importance...

I’m Implementing Generative AI Into My Company’s Cybersecurity Product. Here’s What I’ve Learned.

Blog Published: 11/09/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. AI is ubiquitously on everyone’s minds today – from large corporations to middle school classrooms. And it’s no wonder—this technology is transformative in the speed of creation and innovation.When ChatGPT came out, I ...

Navigating Compliance Requirements for Businesses Collecting Consumer Health Information

Blog Published: 11/09/2023

Originally published by BARR Advisory.The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) recently released an updated joint publication for organizations that collect consumer health information. The publication provides businesses guidance for complying...

Bad Zero Trust is Not Good Security

Blog Published: 11/08/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler. As an advocate and veteran practitioner of zero trust, I was intrigued by a recent article decrying its "vulnerability.” In fact, seeing zero trust and vulnerability in the same headline had me wonderin...

MOVEit Exploit & Ransomware Attack: Why SaaS Security Is Critical During a Cyberattack

Blog Published: 11/08/2023

Originally published by Reco. Written by Gal Nakash. IntroductionIn the ever-changing landscape of cybersecurity threats, the MOVEit zero-day exploit and ransomware attack has been a reminder why a security program can’t be limited to just endpoint security & cloud security. Earlier in 2023, ...

The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 1

Blog Published: 11/07/2023

Originally published by CrowdStrike. Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack. One of the less common techniques includes the exploitation of the Windows Restart Manager. To stay ahead of mali...

Quarterly Threat Bulletin: WinRAR Zero-Day Vuln and More

Blog Published: 11/07/2023

Originally published by Uptycs.Written by Dan Verton. The Uptycs Threat Research Team released its latest Quarterly Threat Bulletin today, covering the tactics, techniques and procedures (TTPs) of the most prevalent malware and threat actor groups. The Q3 Threat Bulletin highlighted the active ex...

Embracing a Cloud-Native Mindset

Blog Published: 11/06/2023

Written by Eyal Estrin. The use of the public cloud has become the new norm for any size organization. Organizations are adopting cloud services, migrating systems to the cloud, consuming SaaS applications, and beginning to see the true benefits of the public cloud. In this blog post, I will ex...

SaaS and the Shared Security Model

Blog Published: 11/06/2023

Originally published by Suridata.Written by Haviv Ohayon, Co-Founder & COO, Suridata. Who is responsible for securing digital assets in the public cloud, the customer, or the cloud service provider (CSP)? Most of the time, it’s both. CSPs require their customers to agree to what’s known as a ...

News of Note: Finding Solutions to Cybersecurity Impacts

Blog Published: 11/03/2023

We’re hitting that time of year where many of us are finalizing or fine-tuning annual strategies. We’re in the midst of framing top goals, priorities, and needs within the context of the plentiful challenges that we’re facing.As we despair over the number of lives lost and the unceasing destructi...

CSA STAR Certifications: What are They?

Blog Published: 11/03/2023

The CSA Security, Trust, Assurance, and Risk (STAR) program is the largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing partners. Any organization operating or providing cloud services can benefit from completing the...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
30
31
32
34
36
37
38
Last »