Working Group

Security as a Service

Introduction

The purpose of this research will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.

Join Group

Artifacts

Defining Categories of Security as a Service: Continuous Monitoring

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of thes...

SecaaS Category 7 // Security Information and Event Management Implementation Guidance

This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both ente...

SecaaS Category 9 // BCDR Implementation Guidance

When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements m...

SecaaS Category 8 // Encryption Implementation Guidance

Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption key...

SecaaS Category 6 // Intrusion Management Implementation Guidance

Because of the limited market maturity and lack of widely accepted best practices, this document provides implem...

SecaaS Category 5 // Security Assessments Implementation Guidance

There are many choices for an assessment framework standard and there is no "one size fits all" solution for sec...

SecaaS Category 4 // Email Security Implementation Guidance

Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends:...

SecaaS Category 2 // Data Loss Prevention Implementation Guidance

DLP must be considered an essential element for achieving an effective information security strategy for protect...

SecaaS Category 3 // Web Security Implementation Guidance

The vendor and academic community have come together to form a set of solutions called Security as a Service. Th...

SecaaS Category 10 // Network Security Implementation Guidance

In a cloud environment, a major part of network security is likely to be provided by virtual security devices an...

SecaaS Category 1 // Identity and Access Management Implementation Guidance

This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particula...

Defined Categories of Service 2011

CSA V3 Guideline: Book Excerpts

Culture‐free, one‐size‐fits‐all English is usually the most efficient way to speak to a large, heterogeneous aud...

Read the Blog

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Learn more

Next Meeting

Nov 02, 2020, 12:00PM PST

Join See all Meetings

Leadership

Jens Laundrup, Chief Security Engineer and Executive Consultant, Emagined Security Inc., has spent over 30 years in the Information Security space to include numerous security engineering disciplin...

Jens Laundrup

Michael Roza is a risk, audit, control and compliance professional with 20-plus years of experience with organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International...

CSA Membership

CSA STAR Program

Online Training

Contribute to Research

Webinar Series

CSA Circle