Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Putting Zero Trust Architecture into Financial Institutions

Blog Published: 09/27/2023

Written by Arun Dhanaraj. IntroductionTraditional security methods are no longer enough to protect the valuable assets of financial institutions in a time when online threats are getting more sophisticated and attack routes are changing. In espionage, the idea of Zero Trust Architecture (ZTA) has...

OpenCRE.org - The How and The Why of Security Best Practices

Blog Published: 09/27/2023

Written by Rob van der Veer, Software Improvement Group; Spyros Gasteratos, OWASP; and Lefteris Skoutaris, CSA. In cybersecurity it is important to understand all aspects of best practices and controls: what risks and threats are they solving, what regulations and standards are prescribing them, ...

Long Standing Foundations of Zero Trust

Blog Published: 09/26/2023

Looking under the covers of Zero Trust, it quickly becomes apparent some long-time security principles are at work. These principles are applied differently than we historically did because of changes in the way we now work and live, combined with advances in technology and threats. When viewed a...

Top 3 Cloud Migration Security Risks

Blog Published: 09/26/2023

Originally published by Synack. Written by Charlie Waterhouse and Justine Desmond.The benefits of cloud computing are hard to ignore – the speed, flexibility and cost savings make it a worthwhile investment for many enterprises. What’s written in fine print is that while cloud providers do mainta...

Addressing Insider Threats Through Enhanced Data Protection

Blog Published: 09/26/2023

Originally published by CXO REvolutionaries. Written by Erik Hart, Global CISO, Cushman & Wakefield. The words “insider threat” have been known to make a CISO shudder. Few attack vectors can more quickly undermine a well-construed line of defenses than a credentialed user who – intentionally ...

Cloud Security Detection Doesn’t Reduce Risk. Here Are Six Remediation Steps That Do.

Blog Published: 09/26/2023

Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. As organizations migrate their software development lifecycle from on-premises to the cloud, our tools have changed to deal with fast-paced CI/CD pipelines. Similarly, the tools we use to detect application vulnerabili...

Why Healthcare Organizations Are Slower to Adopt Cloud Services

Blog Published: 09/25/2023

Originally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Security and compliance concerns dominateConsidering the type of sensitive data held by healthcare organizations, it’s not surprising that the sector has been more cautious about ad...

Frequently Asked Questions Answered—ISO 27001 Certifications

Blog Published: 09/25/2023

Originally published by BARR Advisory. As one of the most thorough cybersecurity assessments an organization can go through, achieving ISO certification might initially seem daunting. At our recent ISO Open House, Director of Attest Services Angela Redmond and Manager of Attest Services Marc Gold...

Safeguarding the Healthcare Industry: Effective Measures to Prevent Ransomware Attacks

Blog Published: 09/25/2023

Originally published by CyberGuard Compliance. Written by Daniel Porter. The healthcare industry, entrusted with safeguarding sensitive patient information, faces a growing threat from malicious cyberattacks, particularly ransomware. These attacks not only compromise patient data security but als...

NIST CSF vs. Other Cybersecurity Frameworks

Blog Published: 09/22/2023

Originally published by Schellman. With the new SEC Cybersecurity Disclosure Rule requiring both the reporting of material cybersecurity events and the annual disclosure of cybersecurity programs for public companies, those affected are taking a closer look at cybersecurity frameworks that—while ...

How the CISO Drives Value Across the Enterprise

Blog Published: 09/22/2023

Originally published by Coalfire. Written by Michael Eisenberg, Vice President, Strategy, Privacy, Risk, Coalfire. Key takeaways:CISOs must evaluate and present the Return On Security Investment (ROSI) in terms of security spend and business outcomes.To achieve positive ROI, CISOs should focus re...

What is Cloud Repatriation?

Blog Published: 09/22/2023

Originally published by Sangfor Technologies. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud.The Cloud Repatriation Trend in 2023Browse the pages of most IT tech news websites and chances are you will come across stories of enterprise organizations migrating en masse to the public cloud as...

Cyberthreats Increasingly Target the World’s Biggest Event Stages

Blog Published: 09/21/2023

Originally published by Microsoft. Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks. This extends into high profile sporting events, especially those in increasingly connected environments, introducing cyber risk for org...

Cloud Security Alliance Awards 2023 Philippe Courtot Leadership Award to Schellman CEO Avani Desai

Press Release Published: 09/21/2023

Volunteers are also honored for outstanding efforts in advancing cloud security, cybersecurity worldwide with the Juanita Koilpillai and Chapter of Excellence Awards BELLEVUE, WA – SECtember – Sept. 21, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defini...

2023 Global Cloud Threat Report: Cloud Attacks are Lightning Fast

Blog Published: 09/21/2023

Originally published by Sysdig. Written by Michael Clark. The second annual threat report from the Sysdig Threat Research Team (Sysdig TRT) is packed with their findings and analysis of some of the hottest and most important cybersecurity topics this year. Threat actors are really embracing the c...

Ready, Set, Respond: Ensuring Compliance with the SEC Reporting Regulations

Blog Published: 09/21/2023

Originally published by Mitiga. Written by Ariel Parnes. The Securities and Exchange Commission (SEC) of the United States has adopted new regulations that require public companies to disclose material cybersecurity incidents within four days. To the positive, this initiative seeks to increase tr...

Standards for Quantum-Safe Security and the Financial Industry

Blog Published: 09/20/2023

Written by Denis Mandich, Quantum-Safe Security Working Group Member and CTO for Qrypt. The financial community relies on several standards organizations to provide consensus guidance on protecting data and information exchanges, primarily for payments and securities transactions. These standards...

EU Cloud Code of Conduct Collaborates with Cloud Security Alliance to Further Harmonize GDPR Compliance

Press Release Published: 09/20/2023

New collaboration to further harmonize GDPR complianceBrussels and Seattle – Sept. 20, 2023 – Starting in November 2023 and through a specific framework, the Cloud Security Alliance (CSA) community will have access to an approved and European Data Protection Board (EDPB)-endorsed GDPR compliance ...

3 Ways Cybercriminals are Targeting Your Email

Blog Published: 09/20/2023

Original published by Abnormal Security. Written by Mike Britton. It wasn't long ago that the world was much simpler when it came to protecting our employees and their email use. We all had a data center. Most of our employees spent their days working in an office. While SaaS has been around for ...

Insider Threat Awareness Month 2023: Bringing Awareness to Every Level of Your Organization

Blog Published: 09/20/2023

Originally published by Code42. Written by Chrysa Freeman, Sr. Manager of Code42's Cybersecurity Team. In the ever-evolving world of work, where remote collaboration, the Great Resignation, the rise of contractors, and the ascent of cloud technologies redefine how we conduct business, a common th...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
35
36
37
39
41
42
43
Last »