Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

All Articles

Home
All Articles
PCI DSS for Security Leaders – How to Take a Proactive Approach

Blog Published: 06/20/2024

Originally published by Schellman.If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.No one wants to hear, “I’m put...

Unified Cybersecurity Language: Optimizing Risk and Compliance Terms for Collaborative Security

Blog Published: 06/18/2024

Originally published by RegScale.Written by Dave Schmoeller.Kickoff: Navigating the Cybersecurity Language LandscapeImagine the chaos when a cybersecurity breach puts data at risk, and departments are left in a scramble. Cybersecurity tags the event a ‘security incident,’ Risk counters with a ‘da...

New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware

Blog Published: 06/18/2024

Originally published by Uptycs. Written by Shilpesh Trivedi and Nisarga C M. The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection, upon discovery, the team promptly initiated an in-depth analysi...

5 ChatGPT Jailbreak Prompts Being Used by Cybercriminals

Blog Published: 06/17/2024

Originally published by Abnormal Security.Written by Daniel Kelley.Since the launch of ChatGPT nearly 18 months ago, cybercriminals have been able to leverage generative AI for their attacks. As part of its content policy, OpenAI created restrictions to stop the generation of malicious content. I...

5 Best Practices to Secure AWS Resources

Blog Published: 06/17/2024

Originally published by CrowdStrike.Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses...

CSA Community Spotlight: Leading Critical Discussions with Vishwas Manral

Blog Published: 06/14/2024

Celebrating our 15th anniversary this year, CSA stands as the premier authority in promoting and defining best practices for a secure cloud computing environment. Since its inception in 2009, CSA has grown to offer an extensive array of frameworks, research publications, assurance programs, train...

Mastering Zero Trust Security in IT Operations

Blog Published: 06/14/2024

Originally published by Automox.Written by Landon Miles.If you’re unaware that cyber threats are becoming more sophisticated and frequent, you probably don’t work in IT. Unfortunately, the traditional "trust but verify" approach to cybersecurity just isn’t adequate anymore. A Zero Trust security ...

From the Trenches: A CISO's Guide to Threat Intelligence

Blog Published: 06/13/2024

Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Let's face it, our jobs as CISOs are a constant dance with the shadows. We fight invisible enemies, anticipate the next attack, and strive to stay one step ahead of ever-evolving threats. That's where thr...

Beyond Blind Trust: The Imperative of Zero Trust for Federal Agencies

Blog Published: 06/13/2024

Originally published by Synack.Written by Ed Zaleski. Director of Federal Sales for the Department of Defense, Synack.TL;DRZero trust cybersecurity principles require continuous monitoring and evaluation to ensure effectiveness.Implementing zero trust necessitates a significant overhaul of existi...

Discover CCSK v5: The New Standard in Cloud Security Expertise

Blog Published: 06/12/2024

Written by Martin Hall.Already trusted by thousands of companies and tens of thousands of cloud security professionals worldwide, the Certificate of Cloud Security Knowledge (CCSK) is the industry standard for cloud security expertise. And it's about to get even better. Based on input from our me...

What We Know About Vulnerability Exploitation in 2024 (So Far)

Blog Published: 06/12/2024

Originally published by Dazz.Written by Noah Simon, Head of Product Marketing, Dazz.In the world of security vulnerabilities, change is the only constant. There are always new CVEs, new exploits, and new threat actors. A recent study estimates that there will be a 25% increase in vulnerabilities,...

SASE and Zero Trust PAM: Why Enterprises Need Both

Blog Published: 06/12/2024

Written by StrongDM.Enterprise security and compliance teams must maintain constant awareness of all activities across their entire environment involving every user. Regulatory requirements, along with internally set policies and controls, demand thorough knowledge and understanding to effectivel...

What is Continuous Controls Monitoring & Its Impact on Cybersecurity?

Blog Published: 06/11/2024

Originally published by RegScale.Written by Dan Biewener.It’s 2024 and the rules have changed, literally. Late in 2023, the U.S. Securities and Exchange Commission (SEC) issued new requirements for cybersecurity disclosures. In addition to reporting material cybersecurity incidents within four da...

Risk Management in the Age of Artificial Intelligence: 9 Questions to Ask Your AI-Powered Vendors

Blog Published: 06/11/2024

Originally published by BARR Advisory.Artificial intelligence (AI) presents organizations across industries with the opportunity to streamline their workflows, better secure their systems, and solve some of the world’s most pressing issues. But while AI has the potential to offer huge benefits to...

AWS S3 Bucket Security: The Top CSPM Practices

Blog Published: 06/10/2024

Written by ArmorCode.An S3 bucket is a fundamental resource in Amazon Web Services (AWS) for storing and managing data in the cloud. S3 stands for "Simple Storage Service," providing scalable, durable, and highly available object storage.S3 is widely used for various purposes, such as storing bac...

The Human Element in AI-Enhanced SOCs

Blog Published: 06/10/2024

Written by Cetark.In today’s cybersecurity landscape, Security Operations Centers (SOCs) are increasingly using Artificial Intelligence (AI) to boost their defenses. AI offers substantial benefits, like automating repetitive tasks and improving threat detection, but human expertise remains essent...

Application Security Solutions: CNAPP vs CSPM vs ASPM

Blog Published: 06/07/2024

The CSA Security Update podcast is hosted by John DiMaria, Director of Operations Excellence at CSA. The podcast explores the CSA STAR program, cloud security best practices, and associated technologies. In this blog series, we edit key podcast episodes into shorter Q&As. Today’s post feature...

Secure Your Staff: How to Protect High-Profile Employees’ Sensitive Data on the Web

Blog Published: 06/07/2024

Originally published by CrowdStrike.Written by Ben TerMeer, Brian Bunyard, and Keith Mason.Organizations are increasingly concerned about high-profile employees’ information being exposed on the deep and dark web. The CrowdStrike Counter Adversary Operations team is often asked to find fake soci...

Security Considerations for Hardware Security Module as a Service

Blog Published: 06/07/2024

A hardware security module (HSM) is a trusted platform for performing cryptographic operations and protecting keys. A main feature of the HSM architecture is its special co-processor that performs cryptography functions. HSMs also consist of a hardware-based random number generator, RAM, storage,...

Zero Trust Hitting ‘Critical Mass’ at Federal Level

Blog Published: 06/06/2024

Originally published by CXO REvolutionaries.Written by Kavitha Mariappan, EVP, Customer Experience and Transformation, Zscaler.In early 2024, when the federal government got wind of certain Ivanti vulnerabilities, it immediately advised civilian executive branch agencies to disconnect these solut...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
1
2
4
6
7
8
Last »