Research Artifacts

Building a Foundation for Successful Cyber Threat Intelligence Exchange - Chinese Translation

Building a Foundation for Successful Cyber Threat Intelligence Exchange - Chinese Translation

描述: 当前网络攻击的频率和复杂程度在不断提高。攻击者可能是个人,也可能是资源丰富、 组织严密的团伙。面对这样的威胁,企业如果只关注内部防护措施,可能建成最后被绕过 “马其顿防线”;如果只依赖自身的情报能力,可能面临攻防不对等的窘境。为了解决上述问 题,网络威胁情报(CTI, Cyber Threat Intelligence)

Release Date: 08/03/2018
Cloud Security Alliance Code of Conduct for GDPR Compliance

Cloud Security Alliance Code of Conduct for GDPR Compliance

The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.

Release Date: 07/10/2018
CCM Mapping Methodology

CCM Mapping Methodology

Description: The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to assess the overall security risk of a cloud service. The CSA CCM provides a detailed controls framework that is aligned with Cloud Security Alliance’s Security Guidance in 16 domains.

Release Date: 07/09/2018
Firmware Integrity in the Cloud Data Center

Firmware Integrity in the Cloud Data Center

Description: This paper presents the point of view from key stakeholders in datacenter development regarding how to build cloud infrastructure using secure servers and in order to enable customers to trust the cloud provider’s infrastructure at the hardware/firmware level. In general, security of a cloud server at the firmware level is comprised of two equally important aspects – integrity and quality of the firmware code.

Release Date: 06/12/2018
Software Defined Perimeter Glossary

Software Defined Perimeter Glossary

Description: The Software Defined Perimeter (SDP) Glossary is a reference document that brings together SDP related terms and definitions from various professional resources. The terms and supporting information in the SDP glossary cover a broad range of areas, including the components of SDP and common supporting technologies.

Release Date: 06/12/2018
The State of Post-Quantum Cryptography

The State of Post-Quantum Cryptography

Description: Most people pay little attention to the lock icon on their browser’s address bar that signifies a secure connection called HTTPS. This connection establishes secure communications by providing authentication of the website and web server as well as encryption of communications between the client and server. If the connection is not secure, then a user may be vulnerable to malicious exploits such as malware injection, hijacking of financial transactions or stealing the user’s private information.

Release Date: 05/23/2018
The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights - Japanese Translation

The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights - Japanese Translation

誰も予測できなかった速さで、クラウドコンピューティングはビジネスや政府に等しく変容を迫り、そ して新たなセキュリティ課題をもたらしている。クラウドのサービスモデルが開発されることで、ビジ ネスを支える技術はかつてないほど効率性の高いものになった。サーバを保有する発想からサービ ス利用ベースの思考への転換は、IT 部門にコンピューティングとアプリケーションの企画 ・設計 ・提供 に関する考え方の刷新を迫っている。一方でこうした進化は新たなセキュリティ上の脆弱性を生み、

Release Date: 05/21/2018
A Day Without Safe Cryptography

A Day Without Safe Cryptography

Description: Over the past fifty years, the digital age has sparked the creation of a remarkable infrastructure through which a nearly infinite variety of digital transactions and communications are executed, enabling businesses, education, governments, and communities to thrive and prosper. Millions of new devices are connecting to the Internet, creating, processing, and transferring digital information in greater volumes and with greater velocity than ever imagined.

Release Date: 04/19/2018
GDPR Preparation and Awareness Survey Report

GDPR Preparation and Awareness Survey Report

Description: Cloud computing, the Internet of Things, Artificial Intelligence, and other new technologies allow businesses to have better customer engagement, more access to data, and powerful analytical tools. Providers are racing to bring these technologies to the enterprise and users are anxious to take advantage of their benefits.

Release Date: 04/17/2018
State of Cloud Report

State of Cloud Report

Description: Innovators and early adopters have been using cloud for years taking advantage of the quicker deployment, greater scalability, and cost saving of services. The growth of cloud computing continues to accelerate offering more solutions with added features and benefits, including security.

Release Date: 04/16/2018
Best Practices for Cyber Incident Exchange

Best Practices for Cyber Incident Exchange

Description: No organization is immune from cyber attack. Malicious actors collaborate with skill and agility, effectively moving from target to target at a breakneck pace. New attacks are directed at dozens of companies within the first 24 hours and hundreds within a few days.

Release Date: 04/16/2018
Using Blockchain Technology to Secure the Internet of Things

Using Blockchain Technology to Secure the Internet of Things

Description: In the last four years, technical experts, chief digital officers, marketing managers, journalists, bloggers and research institutions have discussed and promoted a new distributed model for secure transaction processing and storage using blockchain technology. IDC FutureScape predicted that by 2020, 20% of global trade finance will incorporate blockchain.

Release Date: 02/13/2018
The State of Enterprise Resource Planning Security in the Cloud

The State of Enterprise Resource Planning Security in the Cloud

Description: The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.

Release Date: 02/07/2018
Top Threats to Cloud Computing Plus: Industry Insights

Top Threats to Cloud Computing Plus: Industry Insights

Abstract: The Top Threats to Cloud Computing Plus: Industry Insights serves as a validation of the relevance of security issues discussed in the earlier document as wells as provides references and overviews of these incidents. In total, 21 anecdotes and examples are featured in the document. The references and overview of each anecdote and example are written with the help of publicly available information.

Credits:
Fitzgerald Barth
Victor Chin
Moshe Ferber
Sean Hittel
Laurie Jameson
Nathaniel Mason
Hardeep Mehrotara
Ashish Mehta
Mihir Mohanty
Krishna Narayanaswamy
Michael Roza

Release Date: 10/20/2017
Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Consensus Assessments Initiative Questionnaire v3.0.1 (9-1-17 Update)

Description: The CAIQ is based upon the CCM and provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix.

Release Date: 10/12/2017
Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Cloud Controls Matrix v3.0.1 (9-1-17 Update)

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Release Date: 10/03/2017
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: 07/26/2017
A Repeatable Cloud-first Deployment Process Model

A Repeatable Cloud-first Deployment Process Model

By now the benefits of cloud computing are generally understood at high level. What is not necessarily clear are the details of the potential security, legal, financial, and compliance impacts that cloud adoption will produce. The stakeholders who are currently responsible for these areas are sometimes not sufficiently familiar with how a cloud-first strategy affects their roles and functions. While the organization as whole is still responsible for ensuring that all its obligations are met, the cloud changes the nature of risks, roles, and responsibilities and how stakeholders within the organization manage them.

Release Date: 06/06/2017