The Inner Circle

 View Only

Latest Discussion Posts

  • I am pleased to announce that OMG's Middleware & Related Services (MARS) Platform Task Force voted on June 23 to approve the release of the discussion paper entitled "XaaS (Anything as a Service) Glossary," prepared by members of the Cloud Working Group. ...

  • Healthcare Delivery Organizations (HDOs) continue to integrate connected medical devices, software, and services within their networks, which has opened up new opportunities for attack. Consequently, HDOs need an incident response strategy tailored to ...

  • Hi All, The purpose of this document is to provide requirements for organizations planning to conduct a FedRAMP penetration test, as well as the associated attack vectors and overall reporting requirements. ------------------------------ Michael Roza ...

  • I recommend using tools like Safety from pyup.io as part of your CI/CD pipelines to identify Python packages with vulnerabilities (which should also flag malicious packages). It won't stop developers from installing bad packages in their own development ...

  • Hello Michael, https://cloudsecurityalliance.org/blog/2019/03/19/continuous-auditing-star In the past, I have leveraged information from CSA's Office of the CTO. Here is a good blog article by CSA Investigatory Fellow John Dimaria on the subject ...

Announcements

  • Get ready for a discount of galactic proportions on May 4th

    Take advantage of our biggest discount ever on the Certificate of Cloud Security Knowledge (CCSK), you must!

    Help us celebrate Star Wars Day and mark your calendar for a massive savings opportunity on May 4th. The CCSK certificate is widely recognized as the standard of expertise for cloud security, providing a solid, foundational knowledge of how to secure data in the cloud. To ensure this valuable credential is widely accessible, we will be offering 54% off all CCSK online products:


    Start: Midnight (12 AM PT), Wednesday, 5/4/22
    End: Midnight (12 AM PT), Thursday, 5/5/22

    Our mission is to train cloud experts and help fill the skills gap in cloud security. Further your knowledge, increase your professional opportunities, and share this promotion with anyone who might benefit from it!

    You’ll hear from us again Wednesday about how you can save 54% on these CCSK offerings.

  • Seeking co-chair for the Cloud Key Mgmt working group!

    Dear Circle members,
    The Cloud Security Alliance is looking for a new co-chair for the Cloud Key Management working group.
    The main purpose of the Cloud Key Management Working Group is to educate and guide the use of traditional and cloud key management systems with and between cloud services.

    The chair/co-chair will lead the working group while steering the focus of the topic of the working group, suggest new activities, and ensure forward progress for the working group. 

    Purpose:
    To lead the working group through the business of completing the tasks required in order to meet the mandate and objectives of the working group as they are formed in the working group's charter document.


    Responsibilities
      • Prepare agenda for meeting/call
      • Delegate responsibilities to committee members
      • Use the committee's mandate and objectives to guide work of committee
      • Involve all members in the decision making
      • Keep a written file of work of committee and working group
      • Schedule deliverables and set milestones towards completion of deliverables.
      • Draft proposed resolutions (motions) for inclusion in written reports
      • Orchestrate contributions to the produced working group documents by different volunteers
      • Judge items in or out of scope for the Group.
    • Revises deliverables timeline as needed.
    • Stay up-to-date with all phases of a policy proposal relevant to the WG

    What we're looking for in a chair:
    • Experience in chairing similar groups, committees, and/or conferences;
    • Previous participation or technical contributions in related communities;
    • Ability to satisfy the time commitment;
    • Ability to keep the Working Group "in Charter";
    Anyone with technical expertise on the topic that satisfies the above criteria is welcomed to declare their interest, until Friday 6th of May.

    Candidates need to provide:
    • Bio and how it relates to the Cloud Key Mgmt topic
    • Ideas for the working group roadmap
    • What role can the working group have for the Cloud Key Mgmt industry
    and will then be chosen through a voting tool.

    If interested, please communicate with [email protected]cloudsecurityalliance.org
    Best regards,
    Marina
  • Countdown to Y2Q

    Don’t panic! Okay, well, panic a little bit: At the CSA Research Summit, we began the Year to Quantum (Y2Q) countdown. We’ve estimated that by April 14, 2030, a quantum computer will be able to break the present-day cybersecurity infrastructure. That isn’t much time to develop and implement a plan to update your crypto systems with quantum-safe solutions. Our Quantum-safe Security Working Group has created multiple documents that can help. View their work here 

Upcoming Events