Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Download Presentations from the CSA AI Summit at RSAC Now

All Articles

Home
All Articles
Understanding PCI DSS: A Guide to the Payment Card Industry Data Security Standard

Blog Published: 02/26/2024

Originally published by BARR Advisory.Written by Kyle Cohlmia. According to a report by The Ascent, credit card fraud remained the most common type of identity theft in 2023. In today’s digital age, where online transactions have become an integral part of our daily lives, the security of payment...

Who Owns Information in the Era of AI?

Blog Published: 02/23/2024

Originally published by CXO REvolutionaries. Written by Tony Fergusson, CISO in Residence and Sam Curry, VP & CISO in Residence, Zscaler.Mark Twain, the distinguished American author, once wrote, “The kernel, the soul, let us go further and say the substance, the bulk, the actual and valuable...

Part 3: The Anatomy of Supply Chain Attacks: Non-Human Identities & TPRM Failure

Blog Published: 02/23/2024

Originally published by Astrix.Written by Alex Flores, Danielle Guetta, and Tal Skverer. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an establi...

3 Critical Steps for Application Security Teams in 2024

Blog Published: 02/23/2024

Originally published by CrowdStrike. As application security teams head into a new year, these are the key issues they should keep in mind and steps they must take to defend their custom software applications. Software development practices are rapidly changing, and so are the methods adversaries...

Other Practices Are Placing Greater Trust in AI... When Will Cybersecurity?

Blog Published: 02/22/2024

Originally published by Dazz.Written by Noah Simon, Head of Product Marketing, Dazz.In 2023, we saw AI adoption rates soar—particularly for large language learning models (LLMs). Many industries are now incorporating AI into common processes and are seeing positive results—and not just in cost sa...

5 Takeaways from a CISO Focus Group: Strategies for Managing Security and Compliance in Today’s Digital Business Landscape

Blog Published: 02/22/2024

Originally published by RegScale.Everyone recognizes that in today’s rapidly evolving business landscape, security AND compliance have become central to the success and sustainability of organizations. In an effort to gain an understanding of the customers we serve, RegScale made the decision to ...

From Security Evolution to Generative AI: A Q&A with an Industry Leader

Blog Published: 02/21/2024

Tim Chase, Field CISO at Lacework, recently sat down with Rahul Gupta, Head of Security and Governance, Risk, and Compliance (GRC) at Sigma Computing. The two discussed a wide range of topics, including Gupta’s perspective on the evolving security industry, how to attract and retain talent, thing...

What's Required After My First SOC 2 Report?

Blog Published: 02/21/2024

Originally published by MJD.Written by Mike DeKock, CPA, CEO, MJD.Q: What is required after my first SOC 2 report?A: MJD AnswerYou’ve completed your SOC 2 report. That first-time report can be a lot of work, and it’s worth celebrating while you hang the new AICPA logo on the website. So what’s ne...

Latest DevSecOps Guidance from Cloud Security Alliance and SAFECode Emphasizes Value of Collaboration, Integration in DevSecOps Landscape

Press Release Published: 02/21/2024

Document provides practical insights for seamlessly embedding security in DevOps processes and workflow and examines convergence of DevSecOps with Zero Trust, MLSecOps, and AIOps SEATTLE – Feb. 21, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining st...

AI & Software Security: How to Implement AI Responsibly and Successfully

Blog Published: 02/21/2024

Originally published by ArmorCode. Generative AI (GenAI) dominated the technology landscape in 2023 prompting many technology companies to formulate an AI strategy – from adopting AI-enabled tools for performance and productivity gains to developing and building upon large language models (LLM) t...

Trust Model: The First Step to Ensure Your IT Network

Blog Published: 02/20/2024

Originally published by Devoteam.What is Zero Trust? Zero Trust is a security approach that mandates verification, employs least privilege, and operates under the assumption of a breach for every access request to a private network, irrespective of its origin or destination. Its foundation rests...

CVE-2023-38545: High Severity cURL Vulnerability Detection

Blog Published: 02/20/2024

Originally published by Sysdig on October 12, 2023. Written by Miguel Hernández. On Oct. 11, a new version of curl (8.4.0) was released where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues were previously announced...

AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise

Blog Published: 02/20/2024

Originally published by Abnormal Security. Written by Mick Leach.The quickened pace of AI development and release of tools like ChatGPT mark a fundamental shift in the AI conversation—moving from “what could happen” to “what will happen.”One topic that gets a significant amount of attention is wh...

The CSA Cloud Controls Matrix and Consensus Assessment Initiative Questionnaire: FAQs

Blog Published: 02/17/2024

Two essential tools in the world of cloud computing are CSA’s Cloud Controls Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ). These tools are the backbone of the CSA Security, Trust, Assurance, and Risk (STAR) program, the largest cloud assurance program in the world. Be...

Book Introduction: Generative AI Security: Theories and Practices

Blog Published: 02/16/2024

Written by Ken Huang, Co-Chair of Two CSA AI Safety Working Groups, VP of Research of CSA GCR, and CEO of Distributedapps.ai. In this blog, I would like to talk about my upcoming book Generative AI Security: Theories and Practices. I started this book project in January 2023. The project ended...

Data Governance in the Cloud

Blog Published: 02/16/2024

Written by Ashwin Chaudhary, CEO, Accedere. As all organizations are moving towards the digitization of data and cloud computing, it is important to protect and ensure data governance by all organizations. New data security solutions are needed considering data digitization and cloud computing. A...

Zero Trust Messaging Needs a Reboot

Blog Published: 02/16/2024

Written by Daniel Ballmer, Senior Transformation Analyst, CXO REvolutionaries, Zscaler.It’s 2024, and Zero Trust adoption across industries remains somewhere below 33%. For reference, de-perimeterization, a stepping-stone to Zero Trust, was first discussed on the Jericho Forums twenty years ago. ...

The Latest Microsoft Midnight Blizzard Breach is a Wakeup Call for SaaS Security

Blog Published: 02/15/2024

Originally published by Valence. Microsoft recently published new guidance on the nation-state attack that they initially disclosed on January 19. According to Microsoft, the Russian state-sponsored threat actor Midnight Blizzard (also known as NOBELIUM or APT29) was able to leverage a test tenan...

The Return of the Notorious Qakbot Threat Campaign

Blog Published: 02/15/2024

Previous tactics from the dismantled QakBot Trojan now fuel wide-ranging phishing campaignsOriginally published by Skyhigh Security. Written by Rodman Ramezanian, Global Cloud Threat Lead, Skyhigh Security. Remember the QakBot cyberthreat (otherwise known as Qbot or Pinkslipbot)? This threat wa...

Addressing Microsoft Teams Phishing Threats

Blog Published: 02/15/2024

Originally published by Adaptive Shield.Written by Hananel Livneh. AT&T Cybersecurity recently discovered phishing attacks conducted over Microsoft Teams. During a group chat, threat actors distributed malicious attachments to employees, which led to the installation of DarkGate malware on th...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
5
6
7
9
11
12
13
Last »