last person joined 2 days ago
Are you sure you want to join this community?
Would you like to visit the community homepage now?
AI Technology & Risk
last person joined 8 days ago
last person joined 10 days ago
CSA and the MITRE Corporation have established the Cloud Adversarial, Vectors, Exploits, and Threats (CAVEaT™) collaboration to develop, curate, and host cloud specific threat models to assist Cloud Security practitioners with threat-based analysis.
*This community is currently inactive*The Cloud Data Breach Investigation working group will undertake to develop an industry best-practice guidance on how an investigation of cloud data breaches should be conducted to ensure timely detection of data breaches; accurate identification of root cause(s) and timeline; proper handling of evidence for legal admissibility; and, reporting to management of affected organizations and regulators.
last person joined 4 months ago
last person joined one month ago
The Data Privacy Engineering Working Group (DPE WG) is chartered with the mission to integrate privacy-centric methodologies into development workflows, architecture design, and data science methodologies. Collectively referred to as “DataSecOps”, these elements comprise end-to-end data privacy practices wherein data is definitively scoped, inventoried, classified and secured over a total data lifecycle as an inherent part of a digital work product. This integration aims to ensure compliance, data protection, and secure data management in cloud environments. The WG will develop guidelines for incorporating privacy engineering into DataSecOps—including Differential Privacy as one such approach, create privacy-centric tools, foster professional collaboration, and promote awareness about privacy engineering, with a special emphasis on the application and implications of Differential Privacy in DataSecOps. The group is led by Chair(s), working in collaboration with CSA leadership, membership-at-large, and the broader community of interest.
Data security is the process of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle. It’s a concept that encompasses every aspect of information security from the physical security of hardware and storage devices, administrative and access controls, logical security of software applications, and organizational policies and procedures. When properly implemented, data security strategies will protect an organization’s information assets against cyberattacks, as well as guard against insider threats and human error, which remains among the leading causes of data breaches.
last person joined 16 days ago
Businesses are now demanding a stronger collaboration between both development and operational teams and adding their relative security teams. This additional force that creates DevSecOps is transferable to the idea that prior to this implementation, DevOps skipped the security step which after deployment of applications created roadblocks once confronted with issues that arose with this specific exclusion. The true focus of DevSecOps is to create a transparent and full circle management life cycle that leverages all of the components of DevSecOps to ensure timely and full functioning application deployment that include proper security steps through every process rather than at the end.
last person joined 23 hours ago
The mission of the Enterprise Authority to Operate (EATO) Working Group is to develop, maintain, review, update, support, and deploy a concentrated assessment and certification and attestation scheme catering to small and mid-sized vendors/service providers, with the aim of enabling such vendors to achieve a certification accepted also by larger Corporate Clients, including such clients in tightly regulated industries such as Finance. The EATO targets a comprehensive assessment of risks inherent in Anything as a Service (XaaS) products with underlying Cloud-based infrastructure or platform, with particular focuses on information security and privacy, but also covering Business Continuity, Data Retention, Archiving, and vendor/service provider controls and risks. The EATO Working Group defines and sets auditing requirements and minimum standards required to be achieved to pass the EATO assessment and certification. The EATO Working Group defines requirements for consultancy companies to support small and mid-sized vendors/service providers, with the aim of enabling such vendors to derive architectures and designs compliant with the EATO certification schemes.
last person joined 5 months ago
The mission of the CSA FSI community and research working groups is to bring together financial service institutions, financial supervisory authorities, and other national regulatory bodies along with relevant cloud and fintech service providers. Together they discuss and identify commonly acceptable best practices that will help manage the technical security risks related to secure cloud adoption, and facilitate compliance with laws and regulations.
This working group aims to educate, promote best practices, and advance Identity standards by fostering a culture of collaboration between various organizations to achieve consistent and effective IAM practices in and for the cloud. The working group will author guidelines and best practices, and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing IAM systems for use with cloud services.
last person joined 3 days ago
CSA Working Groups are the go-to source for best practices, research, and tools for providing security assurance and privacy in the cloud. CSA’s diverse membership of industry practitioners and corporate members has converged and continuously cycled through researching, analyzing, formulating, and delivering arguably the most advanced research and tools available across the cloud security spectrum. Here you can find a list of active research working groups, volunteer opportunities, and open peer reviews.
last person joined 3 years ago
The SaaS Security Capability Framework (SSCF) addresses the critical need for an industry standard that defines the minimum technical security capabilities SaaS applications should provide, particularly those that fall within the customer's scope under the Shared Security Responsibility Model (SSRM). Currently, the lack of such a standard has led to major inconsistencies in the security features offered by SaaS vendors, resulting in significant operational challenges, increased costs, and heightened security risks. The SSCF focuses on customer-facing controls such as logging, access monitoring, and configuration of security settings that can be directly managed or utilized by customers to meet their security obligations. As many SaaS platforms do not offer sufficient configurability to align with an organization’s risk appetite or requirements, the SSCF aims to bridge this gap by outlining a clear set of technical security capabilities that should be embedded in SaaS offerings.
last person joined 3 months ago
In today's world of so many SecaaS offerings, CSA's SecaaS working group strives to establish general categories of security services, and provides guidance on what should be expected as a standard set of functionalities in any given category.This working group is in the process of being revitalized, and co-chairs are currently being determined. Once leadership is confirmed, charter revision and forecasting deliverables will begin.
last person joined 12 days ago
- This working group is currently inactive -This working group has been created to guide the creation of an open source and automation compatible vulnerability identification framework. By making it easy to generate and consume vulnerability information, the cybersecurity industry will be better equipped to rapidly respond to emerging threats.