Cloud Security Alliance Atlanta is proud to partner with the Official Cyber Security Summit again this year for the Virtual 6^th Annual Cyber Security Summit held on Thursday, February 11, 2021.

 Learn about the latest security threats facing your enterprise, best cyber hygiene practices, innovative solutions to protect your business, and much more – all from the comfort & safety of your home/office.

 The Director of Operations of The NSA, Red Team will be leading a Security Keynote, Exclusively at the Cyber Security Summit!

 Admission is normally $95 but we have secured Exclusive FREE Admission!

 To secure your free pass, register with code CSA21ATL at https://CyberSecuritySummit.com/Summit/Atlanta21/

Please note: Admission is for C-Suite/Senior Level Executives, Directors, Managers, and other IT/Cyber Professionals and Business Owners/Leaders. Those in Sales / Marketing and Students are not permitted.

Earn up to 6 Continuing Education Credits by attending the day in full!

Passes are limited. RSVP today for Free Admission today using registration code CSA21ATL.

There is a larger group at LinkedIn, if you want to join as well.

Dear CCM users,

Welcome to this new community dedicated to you.

This is the place to discuss your experiences in implementing CCM controls, ask for explanations on how to adopt for the first time controls or how to improve an existing implementation, how to answer a CAIQ question, how to leverage CCM controls within a specific platform or architecture, etc.

This CCM User Group is open to cloud consumers, cloud providers, cloud auditors, to expert users who are willing to help new adopters in using CCM, and neophytes willing to learn the best approaches to CCM control implementation.

All contributions will be personal and shall not constitute a commitment or opinion by the contributor's organization. 

Example of suitable topics to be discussed in the CCM User Group are:

• CCM Controls Implementation
• CCM Controls IaaS / PaaS / SaaS Relevance 
• CCM Controls Applicability / Shared Responsibility Model
• CCM Controls as related to specific technologies
• CCM Controls as related to specific industries 
• CCM Controls as related to specific laws, regulation and other standards
• CAIQ Questions 
• etc

This group will be moderate by CSA to avoid the inappropriate use of the platform, e.g. commercial product announcements, offensive language, misleading information, etc.

We reserve the right to edit or remove inappropriate content.

Please note that this group is NOT about developing the next iteration of the CCM or CAIQ, for that we encourage you to join the CCM WG Community in Circle, though these discussions might provide valuable input to the working group.

Peter van Eijk, CCSK/CCAK trainer

Linda Strick, Managing Director CSA EMEA

Welcome to our new members!  Don't forget to help grow our community and invite other marketing professionals!

Hi all: Really looking forward to our final meeting for 2020 this Thursday. Come and see what a difference this interactive group has made with your feedback this year and looking forward to your wish list for 2021.

We schedule two calls to hopefully make it convenient for all involved. If you did not receive an invite, please let us know.

Hello there.  The Atlanta Chapter is now live on Circle.  2021 is almost here and you'll see Chapter activity here.

The CSA Delaware Valley Chapter is hosting the "Vectra O365 Lecture" begins in less than 3 hours!!! There is a limited capacity, but there is still room to attend! So, sign up this morning and join us at 12pm EST! See you then!

Join us on Tuesday, December 1 at 12pm for an hour with Chris Morales, Head of Analytics with Vectra.  Chris  will help us navigate through the uncharted security territory by analyzing the attack lifecycle in the cloud, reviewing the top cloud security threats, and dissecting a real-world cloud attack.

The slides from Salt from the meeting last night have been placed in the library.

Register your interest in CloudBytes Connect, CSA's multi-day virtual event program, taking place on February 2-4, 2021.

Leading security experts will focus on the event theme, From SOC to the Boardroom and address the most critical cloud priorities for CISOs, their CxO peers and the board of directors. We will also explore security threats, innovations, best practices, and the global cyber governance approaches needed to traverse and thrive in the new frontiers of cloud security from the industry’s top security experts.

Attend the FREE 3-day virtual event at your own pace and earn up to 7 CPE credits by participating. Visit the event page to register and to stay up-to-date as we release information about the speakers and agenda.

REGISTER

Please feel free to invite others to join the Circle!

The BeLux Chapter is operated by LSEC - Leaders In Security, from out of Leuven - Belgium. It has been around since 2012, focusing on creating awareness on cloud and cloud security activities. The CSA BeLux chapter is an active promotor of CSA's activities in BeLux, and in relations to the Brussels EC-based discussions. LSEC is participating in ECSO the European Cybersecurity Organization, and in the CSP-Cert discussions preserving also the interests of CSA. CSA BeLux has organized different annual Cloud Security events, with contributions by the EMEA CSA team. On a monthly basis, LSEC organizes a Cloud Security working group with both technology providers and enterprise cybersecurity and cloud representatives. CSA BeLux has a specific interest in AI, IoT, Incident Management, Privacy and CCA/CCSK developments. CSA BeLux (through LSEC) participated together with CSA EMEA in a couple of European projects, such as Takedown on Cybercrime and Organised Crime. CSA BeLux has approximately 20 industry vendor members and reaches out to over 250 enterprise cloud users on a regular basis.
CSA BeLux is considering the setup of a new topic group on (Full) Homomorphic Encryption (FHE) and Multi Party Computation (MPC). Belgian an Luxemburgn but also other members, please contact us to be involved in the next activities.

Join us on Tuesday, October 20 at 730pm for a Fireside chat with Richard Stiennon, industry analyst, and author of four books on cyber security including Secure Cloud Transformation: The CIO's Journey. In this Fireside chat our host and former CSA Delaware Valley Chapter Vice President, Mike Jordan, will talk with Richard to hear his perspectives on cloud security and the rapid changes to IT infrastructure that the Cloud is bringing to all of our lives.

Richard has presented on cybersecurity topics in 31 countries on six continents. He is one of the most followed security industry analysts and writes for Forbes and The Analyst Syndicate.

BONUS

Mr. Stiennon has generously donated 50 of his "Security Yearbook 2020" books (https://lnkd.in/g55326A) to the CSA - Delaware Valley Chapter for the first 50 registrants/attendees of this event. You have to register to attend and you must attend to receive one of the books! So don't delay and register today!

https://lnkd.in/gqvmK28

2020 has been a challenging year for all of us. But the digital age has allowed many of us to stay connected, continue business operations, and even enhance our relationships with customers and employees. Through these times, this group of special individuals has stood out helping CSA secure the cloud and the remote workforce. It's been a pleasure getting to know many of them personally over the years. Congratulations to the 2020 Ron Knode Award winners! @Yale Li @Masahiro Morozumi @James Angle @A Chetal @Jon-Michael C. Brook @Michael Roza @Jim de Haas @Vrettos Moulos #CSAvolunteers #RonKnode #CloudSecurity

https://www.linkedin.com/posts/johnyeoh_csavolunteers-ronknode-cloudsecurity-activity-6720041751274508288-g3yt
​​​​​​​​​

We are excited for this opportunity to engage with our peers on the subject of design!

This community is a place for open discussion between CSA’s internal Design team and the community which we design for. Projects ranging from logos, research papers, and digital illustrations will be shared here for the opportunity to provide feedback. Likewise this community is a space for open discussion on all design topics related to security.

We invite you to openly communicate with us on our design projects as we strive to create effective and unique designs in order to have a positive impact on the greater Security community. Thank you for being part of this journey!

The free, virtual event will focus on core topics critical to the cloud ecosystem and offer attendees the opportunity to earn up to six continuing professional education (CPE) credits while gleaning educational and practice advice from some of the cloud’s top business and thought leaders. 

OPEN PEER REVIEW: 

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the Security Guidance v.4, that is considered the de-facto standard for cloud security assurance and compliance. The CCM v.4 constitutes a significant upgrade to the previous version (v3.0.1) by introducing changes in structure of the framework with a new domain dedicated to Log and Monitoring (LOG), and modifications in the existing ones (GRC, A&A, UEM, CEK). This update will also deliver a significant increase of control as result of developing additional controls and updating existing ones. Additional features of the CCM v.4 update are: ensured coverage of requirements deriving from new cloud technologies, new controls and security responsibility matrix, improved auditability of the controls, and enhanced interoperability and compatibility with other standards. The objective of this update is to continue to lead the security industry and market as the cloud provider and user-centric control framework of choice for all. Share your knowledge by providing feedback and contributing to the open peer review for CCM v.4. Participants of the peer review are asked to focus on the content and semantics of controls.

This peer review closes on Nov 4th. Provide your feedback before then!

Dave Glover is a Principal Sales Engineer supporting the RSA Netwitness Platform.  Dave has been on Incident Response team for the Black Hat NOC at their conferences worldwide for the past couple of years.  Dave started with RSA in 2002, has held various positions within the company and specializes in the SIEM space.  Dave has spoken at various conferences around the world, and held many customer training workshops.  Dave is a complex problem thinker, and has solved complex challenges at some of the largest global customers.   He has presented at various RSA events for the past decade on the capabilities of RSA products.

Mike Godin is a CISSP, and holds a B.S. in Psychology from the University of New Hampshire, and an M.S. in Information Assurance from Northeastern University.  With over 20 years experience in Information Technology and Information Security Mike has served in technician, analyst, administrator, engineer and consultant roles.   Based in the North East Mike has been directly employed at large financial services companies such as John Hancock, Thomson Reuters, One Beacon Insurance Group, and information security companies such as Ecora, ESET, RSA and Symantec.    Mike has been focused on SOC technologies, such as EDR, NDR, ETM, DLP, MFA, SIEM, TIP, SOAR, Malware Analysis, and AV, and has been involved in over 30 Incident Response engagements for customers in the financial services, health care, biotech, education, manufacturing and legal industry verticals.

Como a Lei Geral de Proteção de Dados Pessoais (LGPD) pode impactar o uso da Computação em Nuvem? Como adequar nosso ambiente em nuvem as exigências da LGPD?

A LGPD é um marco regulatório muito importante para as atividades relacionadas ao tratamento de dados pessoais e define vários requisitos de proteção e controle que devem ser incorporados aos processos e ferramentas das empresas.

Neste encontro online e gratuito, agendado para o dia 17/09, o C6 Bank irá receber o capítulo brasileiro da Cloud Security Alliance (CSA) para discutirmos o impacto da LGPD nas empresas que adotam a computação em nuvem e os recursos existentes de conformidade para apoiar na jornada de adequação.

Junte-se a nós!

Agenda (evento online)

19h - Recepção
19h15 - Abertura – José Luiz Santana (CISO), C6 Bank
19h30 – Palestra "LGPD em ambientes de nuvem", Leonardo Goldim (CSA BR)
20h - Painel "Os impactos da LGPD nos serviços de nuvem e como obter conformidade", Fernando Fonseca (ISACA), Paulo Pagliusi (ISACA RJ) e Natasha Malara (C6 Bank) (moderadora)
21h - Encerramento

Participantes

Leonardo Goldim é empresário e consultor em segurança da informação e privacidade. Diretor executivo do IT2S Group, atua há mais de 10 anos na área. Fundou o capítulo brasileiro da CSA, entidade onde colaborou no desenvolvimento das certificações CCSK e CCSP, além de ministrar os treinamentos oficiais em diversos países da América Latina.

Natasha Malara é Engenheira de Segurança da Informação, líder Brasil do programa Womcy Talent e especialista em Governança de Segurança, utiliza suas competências para identificar e endereçar riscos cibernéticos em ambientes altamente regulados.

== ATENÇÃO: O EVENTO SERÁ SOMENTE ONLINE ==

Photo by Ricardo Gomez Angel on Unsplash

Hello Everyone, 

Please find the session details for the meetup this afternoon. 

When: Aug 20, 2020 01:00 PM Central Time (US and Canada)
Topic: CSA NTX Black Hat Follow up

Please click the link below to join the webinar:
https://us02web.zoom.us/j/84579909768?pwd=Qi9md1VTak5JZGRFdkVVUE9HZ3Nldz09
Passcode: 617220
Or iPhone one-tap :
US: +13462487799,,84579909768#,,,,,,0#,,617220# or +12532158782,,84579909768#,,,,,,0#,,617220#
Or Telephone:
Dial(for higher quality, dial a number based on your current location):
US: +1 346 248 7799 or +1 253 215 8782 or +1 669 900 9128 or +1 301 715 8592 or +1 312 626 6799 or +1 646 558 8656
Webinar ID: 845 7990 9768
Passcode: 617220
International numbers available: https://us02web.zoom.us/u/kd3AcjmN0

Thanks,
CSA NT Team

Global technology association ISACA and the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced a strategic partnership to collaborate closely on critical initiatives to transform the auditing and assurance of cloud computing. The first initiative will combine forces to bring to market the previously announced Certificate of Cloud Auditing Knowledge (CCAK) as a joint venture. 

The CCAK, scheduled for completion in Q4 2020, is the first credential for industry professionals that demonstrates expertise in the essential principles of auditing cloud computing systems. With this announcement, ISACA has joined CSA as an equal partner to deliver the CCAK portfolio (body of knowledge, training materials, and an examination), giving IT, audit and information security professionals the opportunity to obtain the credential and raise the baseline of cloud assurance knowledge across the industry.

Join the CCAK Circle community and stay up to date on the latest information on this exciting project. 

Neil “Grifter” Wyler is a Threat Hunting and Incident Response Specialist with RSA. He has spent over 20 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security and incident response. He has been a staff member of the Black Hat Security Briefings for over 18 years and a member of the Senior Staff at DEF CON for 19 years. Wyler has spoken at numerous security conferences worldwide, including Black Hat, DEF CON and the RSA Conference. He has been the subject of various online, print, film and television interviews, and has authored several books on information security. Wyler is a member of the DEF CON and Black Hat CFP Review Boards, the Black Hat Training Review Board, the founder of DC801 and founder of his local hackerspace, 801 Labs. You can follow him on Twitter at @grifter801.

The Second Annual Philadelphia Cyber Security Summit has gone virtual and will be held on Thursday, August 20th.

CSA Delaware Valley is proud to partner with the Cyber Security Summit to offer its members exclusive Free virtual access to this invitation-only event – rated a Top 50 InfoSec Conference to attend Worldwide!

Learn from experts from the U.S. Dept. of Justice, U.S. Dept. of Homeland Security, Darktrace, Verizon, and more about the latest security threats, best practices to prevent a breach, and protocols if you are breached.

Those who attend will receive Continuing Education Credits.

Space is limited. Secure your Free Pass with Registration Code CSA20DV during checkout at https://CyberSummitUSA.com/Summit/Philadelphia20/

You may share this invitation with your Senior IT Security Team as well.

Please note: Admission is for C-Suite / Senior Level Executives, Directors, Managers, Heads of IT, etc. Those in Sales / Marketing and Students are not permitted.

Engage in Interactive Discussions, Including:

• Security Briefing with the U.S. Dept. of Justice
• Faking It – How Cyber AI can Combat Digital Fakes
• Security Orchestration, Automation and How it Relates to the Workforce & Retention
• Insider Threat – How to Detect Malicious Attacks and Defend Your Organization from the Human Error
• Security Briefing with the U.S. Dept. of Homeland Security / CISA
• …and much more!

Discover & evaluate cutting-edge technologies from 30+ innovative solution providers including Darktrace, Check Point Software Technologies, Verizon, MBA CSi, Fortinet, Palo Alto Networks, Pulse Secure, Arctic Wolf, Tenable, IDMWORKS, SailPoint, ReliaQuest, Spirion, Armor, Code42, BlackBerry Cylance, and many more.

For full details, visit https://CyberSummitUSA.com/Summit/Philadelphia20/

If you would like to exhibit and / or speak at the Cyber Security Summit, contact Megan Hutton at [email protected] / 212.655.4505 x241.

Join the SECtember Experience

CSA is excited to launch the SECtember Experience, a webinar series that will provide a preview of the top-notch content attendees can expect to receive at the in-person SECtember conference in 2021. This complimentary series is designed to guide participants on their race to the cloud, while offering the opportunity to earn CPE credits. As a consequence of the COVID-19 pandemic, organizations are accelerating their migration to the cloud as the optimal strategy to support a virtual workforce and enable digital transformation. To meet this unprecedented need, the SECtember Experience will deliver a webinar at 11AM each day, September 8-25, covering a range of topics critical to moving to and securing data in the cloud. Among the sessions will be keynote speeches from Global 2000 security leaders, Chief Information Security Officer (CISO) panels, and cloud security technology deep dives. For the latest agenda and speaker information, please visit www.sectember.com.

Join the SECtember Experience

CSA is excited to launch the SECtember Experience, a webinar series that will provide a preview of the top-notch content attendees can expect to receive at the in-person SECtember conference in 2021. This complimentary series is designed to guide participants on their race to the cloud, while offering the opportunity to earn CPE credits. As a consequence of the COVID-19 pandemic, organizations are accelerating their migration to the cloud as the optimal strategy to support a virtual workforce and enable digital transformation. To meet this unprecedented need, the SECtember Experience will deliver a webinar at 11AM each day, September 8-25, covering a range of topics critical to moving to and securing data in the cloud. Among the sessions will be keynote speeches from Global 2000 security leaders, Chief Information Security Officer (CISO) panels, and cloud security technology deep dives. For the latest agenda and speaker information, please visit www.sectember.com.

In this webinar Daniele will provide an overview of the CSA cloud security and privacy governance and compliance program: "Security, Trust, Assurance and Risk (STAR) program". In particular, Daniele will explain the benefits of CSA STAR for both to Cloud users and Cloud providers, and highlight differences as well as synergies with other leading security certification and attestation, such as ISO27001 and SOC 2

Don't miss out any annoucements and on-demand trainings

Now more than ever, we could all use a little more time to get things done. CSA is extending the SECtember Call for Papers (CFP) deadline until June 26th to give you some additional time to gather your ideas.

Held September 14-18 in CSA’s home city of Seattle, WA, the CFP is your opportunity to get in at the ground floor of CSA’s inaugural event and reach a global audience of security professionals.

We are interested in new, challenging, innovative and technical content across a variety of cloud and cybersecurity topics, such as:

• DevOps, DevSecOps & CI/CD security experiences
• Cloud governance, compliance and risk management
• Hybrid and multi-cloud implementation & security architectures
• Incident Management best practices
• Cloud threats and threat actors 
• Role of adjacent and emerging technologies in cloud: IoT, Blockchain, 5G, Artificial Intelligence, Quantum Computing

To submit your paper for consideration, visit sectember.com/cfp. The key objective of SECtember is to deliver top quality content and interesting presentations for attendees. If you have research, developments or experiences that security professionals would value or enjoy hearing about, we strongly encourage you to submit. 

• Lessons from Leveraging Risk Management for Cybersecurity in Healthcare on Tuesday, June 2, 2020 12:00 PM
• Human Capital and Lessons Learned from COVID-19 for future BCP on Wendnesday, June 10, 2020 12:00 PM
• Personal Disaster Recovery Preparedness - Train Yourself in Cloud Security on Tuesday, June 16, 2020 12:00 PM

It's your last chance to submit papers for consideration to be a speaker at CSA's inaugural event: SECtember. There will be no shortage of networking and community engagement opportunities, but the key objective of the conference is to deliver top quality content and interesting presentation for attendees. Check out our list of recommended submission topics and submit your paper by Friday, May 1st to be considered. → 

We are looking for members who want to be actively engaged in all aspects of Cloud Security. Bring your talents and time and we'll bring you connections to some of the brightest minds in Cloud Security.

Held in CSA’s home city of Seattle among the giants of cloud computing, SECtember will feature in-depth trainings, networking opportunities and expert-led sessions from industry leaders. Join cybersecurity and cloud professionals as we explore the convergence of national and cybersecurity interests within the market. Register by June 1^st to take advantage of early bird pricing.
 
Your Participation Matters
Attending SECtember has a direct impact on the community. CSA will donate 5% of all attendee proceeds to the Seattle Children’s Hospital.
 
Call for Papers is Open
Gain recognition as a thought leader and subject matter expert by speaking at SECtember. Submit your paper at sectember.com/cfp by May 1st for consideration.

SECtember:
September 14th-18th
Seattle, Washington

Find out more about our flagship event and register today. → sectember.com

One of our first deliverables from the Focus Group feedback. 
Feel free to review and please share with your contacts

On August 19th and 20th, the West Michigan Cloud Security Alliance is thrilled to bring you one of the only cloud-centric security conventions in the world, CloudConGR!

The CSA-DC Chapter is proud to support local university research efforts that operate to effect improved cloud security for the community.  Additionally, we understand the desire of many of our members to get involved in open collaboration and advanced research activities. As a result, we are honored to deliver the following research support opportunity to our membership.  Ms. Shannon Pearson is conducting research as part of her Doctoral program at Capella University on the use of encryption in cloud security. As you know, encryption technologies though generally agreed to deliver strong data protection against compromises to confidentiality and integrity, may also present management complexities and have performance impacts.  As a topic of interest to our membership, we are pleased to pass along the invitation to support her research (https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3NUhMCicW7JrKrb) which will also result in a CSA-DC Chapter specific report that we will distribute to our members upon completion.

 

Your support for the CSA-DC Chapter is always greatly appreciated and your research ideas are continually sought. Thank you in advance for your participation and please do consider joining the Research Committee because together we make the difference!

 

Sincerely,

 

Mari J. Spina, D.Sc

CSA-DC Research Committee Chair

Greetings!  Thank you for connecting with us at the NJ chapter of the CSA, via Circle.  We hope to be able to share content with this community application.

Read the latest cloud security news, trends, and thought leadership from subject matter experts.