Working Group

Security as a Service

Security as a Service

Introduction

The purpose of this research will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.

Artifacts

Defining Categories of Security as a Service: Continuous Monitoring
Defining Categories of Security as a Service: Continuous Monitoring

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of thes...

SecaaS Category 7 // Security Information and Event Management Implementation Guidance
SecaaS Category 7 // Security Information and Event Management Implementation Guidance

This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networ...

SecaaS Category 9 // BCDR Implementation Guidance
SecaaS Category 9 // BCDR Implementation Guidance

When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their proc...

SecaaS Category 8 // Encryption Implementation Guidance
SecaaS Category 8 // Encryption Implementation Guidance

Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed an...

SecaaS Category 6 // Intrusion Management Implementation Guidance
SecaaS Category 6 // Intrusion Management Implementation Guidance

Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud...

SecaaS Category 5 // Security Assessments Implementation Guidance
SecaaS Category 5 // Security Assessments Implementation Guidance

There are many choices for an assessment framework standard and there is no "one size fits all" solution for security assessments. One could ...

SecaaS Category 4 // Email Security Implementation Guidance
SecaaS Category 4 // Email Security Implementation Guidance

Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends:...

SecaaS Category 2 // Data Loss Prevention Implementation Guidance
SecaaS Category 2 // Data Loss Prevention Implementation Guidance

DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resi...

SecaaS Category 3 // Web Security Implementation Guidance
SecaaS Category 3 // Web Security Implementation Guidance

The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addr...

SecaaS Category 10 // Network Security Implementation Guidance
SecaaS Category 10 // Network Security Implementation Guidance

In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditi...

SecaaS Category 1 // Identity and Access Management Implementation Guidance
SecaaS Category 1 // Identity and Access Management Implementation Guidance

This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particula...

Defined Categories of Service 2011
Defined Categories of Service 2011
CSA V3 Guideline: Book Excerpts
CSA V3 Guideline: Book Excerpts

Culture‐free, one‐size‐fits‐all English is usually the most efficient way to speak to a large, heterogeneous audience of E2s. In contrast, th...

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Next Meeting

No Meetings Currently Scheduled

See all Meetings

Leadership

Jens Laundrup Headshot

Jens Laundrup, Chief Security Engineer and Executive Consultant, Emagined Security Inc., has spent over 30 years in the Information Security space to include numerous security engineering disciplin...

 
Jens Laundrup
 
Michael Roza Headshot

Michael Roza is a risk, audit, control and compliance professional with 20-plus years of experience with organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, J...

 
Michael Roza