Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

All Articles
Are You Evaluating Your Target Acquisition Through the Cyber Security Lens?

Blog Published: 06/21/2023

Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. Caveat emptor, Latin for “Let the buyer beware,” is the principle that the buyer alone is responsible for checking the quality and suitability of goods before a purchase is made. It is traditionally rooted...

Five Qualities That Make for a Great vCISO

Blog Published: 06/21/2023

Originally published by CXO REvolutionaries. Written by Brad Schaufenbuel, VP and CISO, Paychex. The chief information security officer is typically the apex of a career in cybersecurity. Some hold the same title as they move from one company to the next. Other CISOs find their way to different r...

CISA’s Zero Trust Maturity Model: An Important Step Forward in Implementing Zero Trust Security Principles

Blog Published: 06/20/2023

Written by Sean Connelly, Senior Cybersecurity Architect and John Simms, Security Architect, CISA. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an updated Zero Trust Maturity Model (ZTMM) to help organizations assess and improve their Zero Trust security posture. ...

How to Manage Risks in Cloud Environments

Blog Published: 06/20/2023

Originally published by BigID. Written by Tyler Young. For the last decade, organizations have been planning to – or already have – moved all of their data to the cloud. On the surface cloud computing sounds great: lower operating costs, endless geographical deployments, and exponential compute p...

How Can Busy CISOs Avoid Occupational Burn-Out?

Blog Published: 06/20/2023

Originally published by TrueFort. How to avoid burning out at work if you’re a busy CISOAs Chief Information Security Officer (CISO), you are responsible for securing your organization’s sensitive data and systems. The job can be demanding and stressful, with long hours, tight security budgets, a...

Cloud Security Alliance Announces Cloud Controls Matrix (CCM) Update, Mapping to National Institute of Standards and Technology’s (NIST) Cybersecurity Framework v1.1

Press Release Published: 06/20/2023

Mapping identifies areas of equivalence, gaps, and misalignment between CCM and NIST standardsSEATTLE – June 20, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing en...

Versioning in Cloud Environments: How it Can Cause Shadow Data & How to Mitigate the Risk

Blog Published: 06/20/2023

Originally published by Laminar. Versioning in AWS S3 buckets, Azure Blob Containers and Google Cloud buckets is an extremely useful data management tool, and is even considered “best practice” when storing and managing data in the cloud. When enabled, this feature keeps multiple versions of an o...

How ChatGPT Can Be Used in Cybersecurity

Blog Published: 06/16/2023

ChatGPT is a large language model trained by OpenAI. Due to the massive amount of data it was trained on, it can understand natural language and generate human-like responses to questions and prompts at a truly impressive level. New use cases for ChatGPT are developed every day. In this blog, we’...

CSA’s Enterprise Architecture: Technology Solution Services (TSS)

Blog Published: 06/16/2023

Written by CSA’s Enterprise Architecture Working Group.The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess opport...

Pentesting: The Missing Piece in Your Security Puzzle

Blog Published: 06/16/2023

Written by Alex Vakulov. Although not a recent invention, pentesting is a tool that is not understood by many in terms of when it is most effective and necessary. For some organizations, penetration testing is a means of responding to cyber-attacks; for others, it is a prevention mechanism. Actu...

App Owners: Benefits of Externalizing Authentication & Authorization

Blog Published: 06/15/2023

Originally published by Strata. Written by Mark Callahan, Senior Director of Product Marketing, Strata. With cloud modernization, one of the most significant challenges for app owners is managing identity and authentication, which can divert attention from creating an exceptional product. For app...

Chaos Malware Quietly Evolves Persistence and Evasion Techniques

Blog Published: 06/15/2023

Originally published by Sysdig. Written by Nicholas Lang. The name Chaos is being used for a ransomware strain, a remote access trojan (RAT), and now a DDoS malware variant too. Talk about chaos! In this case, Sysdig’s Threat Research Team captured attacks using the Chaos variant of the Kaiji bot...

What to Do After Receiving a Business Email Compromise Attack

Blog Published: 06/15/2023

Originally published by Abnormal Security. Written by Callie Hinman Baron. Year after year, business email compromise (BEC) remains one of the most financially devastating cybercrimes. According to the latest FBI Internet Crime Report, BEC attacks were responsible for $2.7 billion in total losses...

Five Best Practices for PCI DSS Compliance in the Cloud

Blog Published: 06/14/2023

Originally published by Orca Security. Written by Vini Mostovoy and Deborah Galea. If your organization processes credit card payments, you are probably familiar with PCI DSS, a compliance mandate that was initially established in 2004. However, with the increasing adoption of cloud computing, ...

Salesforce Misconfigurations are Exposing Sensitive Data

Blog Published: 06/14/2023

Originally published by Obsidian Security. Just last week, cybersecurity journalist Brian Krebs shared a post to his website detailing how Salesforce misconfigurations were causing several organizations to inadvertently expose sensitive data to the public.Affected organizations discovered that gu...

Relentless Threat Activity Puts Identities in the Crosshairs

Blog Published: 06/13/2023

Originally published by CrowdStrike. eCrime and nation-state adversaries continue to strengthen their focus on identity-based attacks, putting pressure on organizations to fortify their defenses with a combination of endpoint and identity protection.One set of valid employee credentials can provi...

Can You Use ChatGPT in Compliance?

Blog Published: 06/12/2023

Originally published by Schellman. One of the latest intriguing developments in the field of artificial intelligence (AI) is ChatGPT—a natural language chatbot that answers questions submitted by a human user. It’s taken off in such a way that many are using ChatGPT to assist in streamlining thei...

Day In the Life: SOC Analyst

Blog Published: 06/12/2023

Originally published by Netography. Written by Tom Dixon, Security Engineer. Time.I heard someone once say that time is the great equalizer. No matter how rich or wealthy you are, how smart or talented you are, or how important you are, you only have the same 24 hours in the day that everyone els...

Modern Hackers Keep Returning to Time-Tested Tricks

Blog Published: 06/12/2023

Originally published by CXO REvolutionaries. Written by Francis Yeow, CISO, Parkway Hospitals Singapore Pte Ltd. Imagine the scene: you arrive at your desk to find a package, likely from a source. You carefully slice open the envelope to reveal a USB drive. Sensing a story, you go to plug it in. ...

Privacy by Design and Privacy by Default in the Cloud

Blog Published: 06/09/2023

Written by Eyal Estrin. When we are talking about building new systems, in the context of privacy or data protection, we often hear two concepts – Privacy by Design (PbD) and Privacy by Default. Dealing with human privacy is not something new. We build applications that store and process person...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.