Working Group

Defining Categories of Security as a Service: Continuous Monitoring

In order to improve the understanding of Security as a Service and accelerate market acceptance, clear categorization and definitions of thes...

SecaaS Category 7 // Security Information and Event Management Implementation Guidance

This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networ...

SecaaS Category 9 // BCDR Implementation Guidance

When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their proc...

SecaaS Category 8 // Encryption Implementation Guidance

Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed an...

SecaaS Category 6 // Intrusion Management Implementation Guidance

Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud...

SecaaS Category 5 // Security Assessments Implementation Guidance

There are many choices for an assessment framework standard and there is no "one size fits all" solution for security assessments. One could ...

SecaaS Category 4 // Email Security Implementation Guidance

Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends:...

SecaaS Category 2 // Data Loss Prevention Implementation Guidance

DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resi...

SecaaS Category 3 // Web Security Implementation Guidance

The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addr...

SecaaS Category 10 // Network Security Implementation Guidance

In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditi...

SecaaS Category 1 // Identity and Access Management Implementation Guidance

This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particula...

Defined Categories of Service 2011

CSA V3 Guideline: Book Excerpts

Culture‐free, one‐size‐fits‐all English is usually the most efficient way to speak to a large, heterogeneous audience of E2s. In contrast, th...