CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
Mobile Application Security Testing Initiative Revised Charter Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emer... Request to download | |
Security as a Service Implementation Guidance (Categories 1-10) In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of security services... Request to download | |
Defining Categories of Security as a Service: Continuous Monitoring In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of these services is ne... Request to download | |
‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016 “The Treacherous 12 - Cloud Computing Top Threats in 2016” plays a crucial role in the CSA research ecosystem. The purpose of the report is to provide organi... Request to download | |
Security Position Paper - Network Function Virtualization This white paper discusses some of the potential security issues and concerns, and offers guidance for securing a Virtual Network Function (NFV) based archit... Request to download | |
State of Cloud Security 2016 Cloud computing is an incredible innovation. While at its heart a simple concept, the packaging of compute resources as an on demand service is having a fund... Request to download | |
Consensus Assessments Initiative Questionnaire v3.0.1 (12-5-16 Update) There is a new version of CAIQ available. The latest version has been combined with the Cloud Controls Matrix. Realigns the CAIQ questions to CCM v3.0.1 co... Request to download | |
The Cloud Balancing Act for IT: Between Promise and Peril Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place. That’s what the... Request to download | |
CloudTrust Protocol Prototype Source Code The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of ... Request to download | |
Guidelines for Safe Smart Cities Interest in the smart city concept has grown continuously over the past few years, with the top research being done in the Internet of Things (IoT) and urban... Request to download | |
International Standardization Council Policies & Procedures In today’s technological environment, standards play a critical role in product development and market competitiveness. Every input, behavior, and action has... Request to download | |
Cloud Forensics Capability Maturity Model | |
CloudTrust Protocol Data Model and API The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of ... Request to download | |
Identity and Access Management for the Internet of Things This document is the first in a series of summary guidance aimed at providing easily understandable recommendations to information technology staff charged w... Request to download | |
What is Post-Quantum Cryptography Most people pay little attention to the lock icon on their browser address bar that signifies a secure HTTPS connection. They don’t realize that there is an ... Request to download | |
What is Quantum Key Distribution? The security of QKD relies on fundamental laws of nature, which are invulnerable to increasing computational power, new attack algorithms or quantum computer... Request to download | |
Cloud Computing Market Maturity This white paper reports the results of a recent study conducted by ISACA and the Cloud Security Alliance to examine cloud market maturity through four lense... Request to download | |
Security Considerations for Private vs. Public Clouds The Cloud Security Alliance teamed up with Palo Alto Networks to produce this whitepaper. A public cloud deployment occurs when a cloud’s entire infrastructu... Request to download | |
The Mandate for Meaningful Cyber Incident Sharing for the Cloud New and increasingly significant cybersecurity breaches are reported practically every day. For most companies, it is no longer a matter of whether they will... Request to download | |
Privacy Level Agreement - Version 2 PLA [V2] is intended to be used as an appendix to a Cloud Services Agreement, and to describe the level of privacy protection that the CSP will provide. Whil... Request to download |