CSA Blog

This blog is markedly different from any other I have posted on our website. While we have responded to a few Requests for Proposal (RFP) or Requests for Information (RFI) over the past 15 years, the Cloud Security Alliance has never issued one ourselves, until now.Technology is...

Originally published by Abnormal Security.Bad actors have been using phishing emails to steal sensitive data for three decades. Impersonating a trusted individual or brand and manufacturing a sense of urgency, attackers deceive targets into providing private information like login...

Written by S Sreekumar, VP and Global Practice Head, Cybersecurity, HCLTech and José Grandmougin, Senior Director Consulting System Engineering GSI and OT, Fortinet.In the ever-evolving landscape of digital transformation, the convergence of Information Technology (IT) and Operational...

Written by Ashwin Chaudhary, CEO, Accedere.In the ever-evolving world of finance and business, compliance has always been a critical pillar. However, the traditional methods of ensuring compliance are becoming gradually more inadequate in the face of growing regulatory complexity...

In light of the most revolutionary technology ever introduced, CSA’s SECtember.ai conference will feature three days of insightful sessions and active discussions about navigating the future of AI and cloud security. SECtember.ai will take place on September 10-12, 2024 at the Meydenbauer...

Originally published by Tenable. Written by Diane Benjuya. What issues affect cloud security teams today? How are they tackling these challenges? Which tools do they use to measure success? These are just a few of the questions Tenable sought to answer in its recently published ...

Written by Benjamin Corll, CISO in Residence, Zscaler.Why are organizations spending money on cybersecurity solutions when studies show 88% of data breaches are caused by human mistakes? If you’re a cybersecurity leader you have probably heard some variation of this question from...

Originally published by Schellman.While the rapid pace at which artificial intelligence (AI) technology has been both developing and impacting several areas of our daily lives continues, so too do the concerns about the tech’s safety, privacy, and bias. As there’s no stopping the...

Written by StrongDM.Online accounts are repositories of sensitive personal information, making it crucial to protect this data from cybercriminals. As credential stuffing attacks become more frequent, it's essential to stay one step ahead of attackers to ensure the security of your...

At the CSA Cloud Trust Summit 2024, CSA’s CEO Jim Reavis gave the presentation “Do SOC 2 and ISO 27001 the right way with CSA STAR.” In this condensed transcript of the presentation, Jim provides an overview of the SOC 2 and ISO 27001 frameworks and how they relate to the CSA STAR...

Originally published by Dazz.In a recent study from the University of Illinois Urbana-Champaign (UIUC), researchers demonstrated the ability for Language Learning Models (LLMs) to exploit vulnerabilities simply by reading threat advisories. While some are arguing that the sample...

Originally published by BARR Advisory.The Securities and Exchange Commission (SEC) recently published updated guidance for public companies on how and when to disclose cybersecurity incidents.Issued as a follow-up to new rules adopted by the commission last year, the updated guidance...

Written by Josh Dreyfus, Director of Product Marketing, ArmorCode.The software security space moves fast, and new acronyms pop up like weeds. Many of them sound similar, even if they do very different things. Take CSPM (Cloud Security Posture Management) and ASPM (Application Security...

Originally published by Truyo.With the full text of the EU AI Act made public, Truyo President Dan Clarke read through the Act in its entirety to identify key elements that will be crucial to compliance for organizations in scope. The Act includes the conventional components of transparency...

Originally published by Schellman.If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.No one wants...