Circle
Events
Blog

CSA Research Publications

Whitepapers, Reports and Other Resources

Home
Publications

Browse Publications

SecaaS Working Group Charter 2021

SecaaS Working Group Charter 2021
Release Date: 07/09/2021

This charter lays out the scope, responsibilities, and roadmap for the Security as a Service (SecaaS) Working Group. The SecaaS Working Group has been cre...

Request to download
Disaster Recovery as a Service

Disaster Recovery as a Service
Release Date: 05/13/2021

Disaster Recovery as a Service (DRaaS) is a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third...

Request to download
The 2020 State of Identity Security in the Cloud

The 2020 State of Identity Security in the Cloud
Release Date: 11/19/2020

The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises di...

Request to download

SecaaS Working Group Charter
Release Date: 04/09/2019

In order to improve understanding, perception, and thus reputation, Security as a Service requires a clear definition and direction to ensure it is understoo...

Request to download

Security as a Service Implementation Guidance (Categories 1-10)
Release Date: 03/01/2016

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of security services...

Request to download
Defining Categories of Security as a Service: Continuous Monitoring

Defining Categories of Security as a Service: Continuous Monitoring
Release Date: 02/29/2016

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of these services is ne...

Request to download
SecaaS Category 7 // Security Information and Event Management Implementation Guidance

SecaaS Category 7 // Security Information and Event Management Implementation Guidance
Release Date: 10/29/2012

This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructu...

Request to download
SecaaS Category 9 // BCDR Implementation Guidance

SecaaS Category 9 // BCDR Implementation Guidance
Release Date: 10/08/2012

When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their procurement, plannin...

Request to download
SecaaS Category 8 // Encryption Implementation Guidance

SecaaS Category 8 // Encryption Implementation Guidance
Release Date: 10/08/2012

Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed and protected. Thi...

Request to download
SecaaS Category 6 // Intrusion Management Implementation Guidance

SecaaS Category 6 // Intrusion Management Implementation Guidance
Release Date: 10/08/2012

Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud-based intrusion...

Request to download
SecaaS Category 5 // Security Assessments Implementation Guidance

SecaaS Category 5 // Security Assessments Implementation Guidance
Release Date: 10/08/2012

There are many choices for an assessment framework standard and there is no "one size fits all" solution for security assessments. One could reasonably expec...

Request to download
SecaaS Category 4 // Email Security Implementation Guidance

SecaaS Category 4 // Email Security Implementation Guidance
Release Date: 10/08/2012

Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends: sending and rec...

Request to download
SecaaS Category 2 // Data Loss Prevention Implementation Guidance

SecaaS Category 2 // Data Loss Prevention Implementation Guidance
Release Date: 10/08/2012

DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and depar...

Request to download
SecaaS Category 3 // Web Security Implementation Guidance

SecaaS Category 3 // Web Security Implementation Guidance
Release Date: 10/08/2012

The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addresses one elemen...

Request to download
SecaaS Category 10 // Network Security Implementation Guidance

SecaaS Category 10 // Network Security Implementation Guidance
Release Date: 10/08/2012

In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditional physical ne...

Request to download
SecaaS Category 1 // Identity and Access Management Implementation Guidance

SecaaS Category 1 // Identity and Access Management Implementation Guidance
Release Date: 09/26/2012

This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particular interest to th...

Request to download
Defined Categories of Service 2011

Defined Categories of Service 2011
Release Date: 10/26/2011

Request to download

CSA V3 Guideline: Book Excerpts
Release Date: 07/02/2011

Culture‐free, one‐size‐fits‐all English is usually the most efficient way to speak to a large, heterogeneous audience of E2s. In contrast, there are times wh...

Request to download