Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
eCriminals Share Ways to Impersonate School Staff to Steal Paychecks

Blog Published: 10/23/2023

Originally published by CrowdStrike. From October 2022 through the summer of 2023, CrowdStrike observed a significant and steady increase in various eCrime threat actors discussing conducting payroll business email compromise (BEC), including specific mentions of targeting U.S.-based private scho...

Understanding New PCI DSS 4.0 Requirements

Blog Published: 10/23/2023

Originally published by TokenEx. Written by Anni Burchfiel. The Payment Card Industry Data Security Standard (PCI DSS) serves as a crucial framework for safeguarding cardholder data. Developed by major card brands like American Express, Discover, Mastercard, JCB, and Visa, it aims to reduce breac...

Celebrate 20 Years of Cybersecurity Awareness Month and Let’s Secure Our World Together

Blog Published: 10/20/2023

Originally published by Microsoft Security.Written by Vasu Jackal, Corporate Vice President, Security, Compliance, Identity, and Management. This year marks the twentieth anniversary of Cybersecurity Awareness Month, when we partner with the National Cybersecurity Alliance, the United States Cybe...

Birth Right Permissions: A Barrier to Zero Trust Security

Blog Published: 10/20/2023

Written by Jerry Chapman, CSA ZT Working Group Co-Chair. Identity is a pillar or workstream in Zero Trust Security models. It has also been stated that it is a signal to support multiple Zero Trust Security Models. I agree with these assertions. The standard Identity and Access Management (IAM) p...

NIST SP 800-207A Acknowledges the Critical Role of Network Traffic in ZTA Success

Blog Published: 10/20/2023

Originally published by Gigamon.Written by Orlie Yaniv and Ian Farquha. With the September 2023 publication of NIST 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments, NIST has laid out its guidance for developing a Zero Trust Ar...

Five Things CISOs in Financial Services Can Do to Make Containers Secure and Compliant

Blog Published: 10/19/2023

Originally published by Sysdig.Written by Eric Carter. As competition ramps up in the financial services sector, agile and efficient application development is critical to delivering the seamless digital experiences today’s customers want. Chances are, if you’re not already moving applications to...

How to Leverage ISO 27001 to Obtain a SOC 2 Report

Blog Published: 10/19/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. If your organization has scaled to work with clients in and outside of the U.S., you might be curious about the benefits of a compliance framework that meets both national and international requirements. Two compliance standards to c...

Crawl, Walk, and Run Your Way to More Effective Data Protection

Blog Published: 10/18/2023

Originally published by CXO REvolutionaries Written by Daan Huybregts, CTO in Residence, Zscaler. Leverage a CASB to minimize data leakageBy now, most security professionals recognize that, as data loss prevention (DLP) solutions go, you can’t do better than a cloud access security broker (CASB)....

Leveraging Metrics to Enhance Your Insider Risk Management Program

Blog Published: 10/18/2023

Originally published by Code42. Written by Wendy Overton.In today’s dynamic cybersecurity landscape, organizations must proactively manage and monitor their Insider Risk. Effectively measuring the performance of an Insider Risk program and communicating its effectiveness and needs to senior leade...

Cracking the Code: How to Protect Secrets in Dev Environments

Blog Published: 10/18/2023

Originally published by BigID. Written by Sarah Hospelhorn, Chief Marketing Officer, BigID. As the digital ecosystem continues to grow, so does the risk of data breaches and security vulnerabilities. One common and overlooked danger is the presence of “secrets” in code repositories.Secrets, which...

The Importance of the Shared Responsibility Model for Your Data Security Strategy

Blog Published: 10/17/2023

Originally published by Dig Security. Written by Sharon Farber. A shared responsibility model is a cloud security framework that outlines the distribution of security and compliance responsibilities between the cloud service provider (CSP) and the customer. There has been a long debate about who ...

New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)

Blog Published: 10/17/2023

Originally published by CrowdStrike. Two new privilege escalation CVEs, CVE-2023-2640 and CVE-2023-32629, have been discovered in the Ubuntu kernel OverlayFS module. The CVEs affect not only any Ubuntu hosts running with vulnerable kernel versions but also any containers running on those hosts.Cr...

Espionage Fuels Global Cyberattacks

Blog Published: 10/16/2023

Originally published by Microsoft. Written by Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft. In the past year, cyberattacks have touched 120 countries, fueled by government-sponsored spying and with influence operations (IO) also rising. At times, nearly half of the...

BEC and VEC Attacks on the Rise in 2023

Blog Published: 10/16/2023

Originally published by Abnormal Security. Written by Jade Hill. Despite advancements in legacy security and increased employee awareness, cybercriminals still see email as a primary channel for attacks. And it’s easy to understand why—employees continue to fall for social engineering and financi...

Demystifying Secure Architecture Review of Generative AI-Based Products and Services

Blog Published: 10/16/2023

Written by Satish Govindappa. AbstractIn the era of transformative technologies, Generative AI (GenAI) has emerged as a powerful force, redefining how we interact with data and information. It has unlocked the potential for innovation across various domains, from content generation to problem-sol...

​Zero Trust Approach: Elevating Secure Identity and Access Management

Blog Published: 10/13/2023

In a digital landscape where the term “Zero Trust” (ZT) seems both everywhere and elusive, it can be difficult to separate the wheat from the chaff. CSA’s Zero Trust Training (ZTT) series provides clarity and gives you the knowledge and skills necessary to implement and execute a strategy for ZT....

Security Advisory: Abusing the SSM Agent as a Remote Access Trojan

Blog Published: 10/13/2023

Originally Published by Mitiga. Written by Ariel Szarf and Or Aspir. OverviewMitiga has discovered a new potential post-exploitation technique in AWS (Amazon Web Services): running AWS’s Systems Manager (SSM) agent as a Remote Access Trojan (RAT) on both Linux and Windows machines, controlling th...

The Top Problems with Vulnerability Remediation Today

Blog Published: 10/12/2023

Originally published by Dazz.Written by Julie O’Brien, CMO, Dazz. As companies have transitioned development processes from building on-premises software to cloud applications, we’ve bled efficiencies—particularly at the intersection of development and security. When we design our cloud security ...

What You Need to Know About FedRAMP Continuous Monitoring

Blog Published: 10/12/2023

Originally published by Schellman.To become FedRAMP authorized, you must pass the initial, rigorous FedRAMP assessment. But in the following years, you’ll also need to complete Annual Assessments performed by a third-party assessment organization (3PAO) if you’re interested in maintaining that co...

The Common Cloud Misconfigurations That Lead to Cloud Data Breaches

Blog Published: 10/11/2023

Originally published by CrowdStrike. The cloud has become the new battleground for adversary activity: CrowdStrike observed a 95% increase in cloud exploitation from 2021 to 2022 and a 288% jump in cases involving threat actors directly targeting the cloud. Defending your cloud environment requir...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
33
34
35
37
39
40
41
Last »