Learn How to Conduct a Cybersecurity Audit for the Cloud with These CSA Training Options
Blog Published: 10/18/2024
As cloud adoption continues to reshape the IT landscape, ensuring cloud environments are secure and compliant is critical. However, a cybersecurity audit specific to cloud computing introduces unique challenges, given the complexities of shared security responsibilities between cloud providers an...
Emulating Cryptomining Attacks: A Deep Dive into Resource Draining with GPU Programming
Blog Published: 10/18/2024
Originally published by Pentera.Cryptomining has surged in popularity, driven by the growing value of cryptocurrencies like Bitcoin and Ethereum. With leaked credentials easier than ever to acquire, attackers are looking for ways to profit, which has led to a rise in malicious cryptomining, or cr...
A Look At Strong Password Practices: A Shield For Your Digital Life
Blog Published: 10/18/2024
Written by Abel E. Molina, Softchoice."An ounce of prevention is worth a pound of cure." - Benjamin FranklinIn the digital age, our lives are intricately tied to the online world, from managing finances to sharing moments with loved ones. Yet, with the convenience of the internet comes a signific...
Navigating Cloud Security: A Shared Responsibility
Blog Published: 10/17/2024
Originally published by CyberArk.Written by Alyssa Miles.Each July, my family and I take a road trip from Kentucky back to my hometown in northwestern Pennsylvania to spend time on Lake Erie. As tradition dictates, we stop along I-71 for coffee at a branch of a certain coffee shop, which also hap...
The EU AI Act: A Roadmap for Trustworthy AI
Blog Published: 10/17/2024
Originally published by Vanta.Written by Herman Errico.As artificial intelligence (AI) continues to revolutionize various sectors, ensuring it is developed and deployed in alignment with ethical standards and fundamental rights is critical for businesses that use it. The European Union's Artifici...
An Overview of Microsoft DPR, Its New AI Requirements, and ISO 42001’s (Potential) Role
Blog Published: 10/16/2024
Originally published by Schellman. Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Pri...
Rowing the Same Direction: 6 Tips for Stronger IT and Security Collaboration
Blog Published: 10/16/2024
Originally published by Dazz.The Olympians make it look easy, but make no mistake: rowing is a more difficult sport than meets the eye. Changing conditions in the water and weather, exhaustion, and even a head tilt in the wrong direction can send the boat off course or cause the team to lose time...
How to Leverage Automation Tools to Streamline Your Next Compliance Audit: 3 Tips for Security Teams
Blog Published: 10/16/2024
Originally published by BARR Advisory.Compliance automation tools are designed to assist organizations in streamlining the rigorous demands of cybersecurity frameworks such as SOC 2, ISO 27001, and HITRUST. These platforms can help address the heavy lifting involved in preparing, undergoing, and ...
The Need for Continuous Assurance and Compliance Automation
Blog Published: 10/15/2024
A lot is said about “trust” in our industry, but trust is really a means to an end. For an organization, that “end” is the accomplishment of its mission. To achieve its mission, an organization must have healthy interactions with internal and external actors. Therefore, in this context, trust mea...
Unleashing the Power of Managed Endpoint Security: Crafting Effective SD-WAN and SASE Strategies
Blog Published: 10/15/2024
Written by Andrew Winney, General Manager and Global Head of SASE Business, Tata Communications.Originally published on CXOtoday.In today's digitally connected world, businesses face unprecedented challenges in securing their expanding network of endpoints. As Distributed Enterprises embrace remo...
AI and ML for Adopting, Implementing, and Maturing Zero Trust Network Access
Blog Published: 10/15/2024
Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.In today's evolving cyber threat landscape, traditional network security models are increasingly inadequate. More robust and dynamic security paradigms like zero trust network access (ZTNA) are needed. As...
App-Specific Passwords: Origins, Functionality, Security Risks and Mitigation
Blog Published: 10/11/2024
Originally published by Astrix on August 14, 2024.Written by Tomer Yahalom.Google announced it will terminate support for Less Secure Apps (LSAs) on September 30, which presents a great opportunity to dive into their evolution – App-Specific Passwords, and the security concerns that still remain....
Reflections on NIST Symposium in September 2024, Part 2
Blog Published: 10/10/2024
Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.1. Introduction and Background On September 24, 2024, I had the privilege of attending the NIST symposium "Unleashing AI Innovation, Enabling Trust." This event brought together leading experts, policymakers, and ind...
To Secure the AI Attack Surface, Start with Fundamental Cyber Hygiene
Blog Published: 10/10/2024
Originally published by Tenable. Written by Lucas Tamagna-Darr. Confusion and unknowns abound regarding the risks of AI applications. Many vendors are offering solutions to AI application security problems that aren't clearly defined. Here we explain that to boost AI application security and to ...
What is Session Hijacking? A Technical Overview
Blog Published: 10/10/2024
Originally published by AppOmni.Written by Justin Blackburn, Sr. Cloud Threat Detection Engineer, AppOmni.Sessions are a vital component of modern websites and SaaS applications because they enable streamlined communication between devices and servers. But adversaries frequently target sessions i...
Top Threat #3 - API-ocalypse: Securing the Insecure Interfaces
Blog Published: 10/09/2024
Written by CSA’s Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whethe...
CSA Community Spotlight: Guiding Industry Research with CEO Jason Garbis
Blog Published: 10/09/2024
As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we reflect on the pivotal role CSA volunteers and contributors have played in shaping the future of cloud security. Founded in 2009, CSA quickly established itself as the world’s leading organization dedicated to defining and p...
AI and Data Protection: Strategies for LLM Compliance and Risk Mitigation
Blog Published: 10/09/2024
Originally published by Normalyze.Written by Vamsi Koduru.Artificial Intelligence is evolving at a breakneck pace, with new models and applications being deployed across industries daily. However, this rapid advancement has brought with it a host of compliance challenges.As data security methods ...
Healthcare & Cybersecurity: Navigating a Vast Attack Surface
Blog Published: 10/08/2024
Originally published by Synack.Healthcare systems have been under constant attack in recent months, with threat groups demanding top-dollar ransoms in the aftermath of successful, high-profile breaches. Think United Healthcare, Kaiser Permanente, Cherry Health … the list grows every month. Secur...
FedRAMP Loves Compliance as Code: Insights from the OMB’s Recent Memo
Blog Published: 10/08/2024
Originally published by RegScale on July 26, 2024.Written by Travis Howerton.Today, July 26, 2024, the Office of Management and Budget (OMB) released a memo on their plans to modernize the FedRAMP program titled Modernizing the Federal Risk and Authorization Management Program (FedRAMP). This mem...
