Category Archives: Cloud Security Alliance

Category Added in a WPeMatico Campaign

Ignoring the Change Healthcare Attack Invites a Cycle of Disaster

Originally published by CXO REvolutionaries.Written by Tamer Baker, CTO in Residence, Zscaler.You may recall, in February, Change Healthcare announced that threat actors affiliated with BlackCat/ALPHV had breached their organization. The adversaries executed a ransomware attack affecting critical operations in its care authorization and billing portals. Change has not released details on how the threat actors […]

It’s Time to Throw Away the Manual with Evidence Collection

Originally published by RegScale.Written by Larry Whiteside Jr.In today’s complex and ever-changing regulatory environment, it is more important than ever for organizations to have a strong compliance program in place. However, manually gathering compliance data can be a time-consuming and inefficient process. This can lead to compliance gaps, which can expose organizations to risk. Manual […]

The Risk and Impact of Unauthorized Access to Enterprise Environments

Originally published by StrongDM.Unauthorized access poses serious threats to businesses, compromising sensitive information and disrupting operations. Cybercriminals leverage vulnerabilities through advanced phishing attacks and API security breaches, underscoring the necessity for companies to implement strong security measures. This blog post underscores the importance of protecting against unauthorized access and outlines both established and innovative strategies […]

Automated Cloud Remediation – Empty Hype, Viable Strategy, or Something in Between?

Originally published by Tamnoon.Written by Idan Perez, CTO, Tamnoon.What role does automation play in cloud remediation? Will it replace or simply augment the role of security and R&D teams?Over 60% of the world’s corporate data now resides in the cloud, and securing this environment has become a daunting task. The vast attack surface and countless […]

Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars of DevSecOps Series

Document promotes and demonstrates the importance of clear measurements for security performance in DevSecOpsSEATTLE – May 15, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, and today released The Six Pillars of DevSecOps: Measure, Monitor, Report, […]

Building Trust Through Vendor Risk Management

Originally published by BARR Advisory.Written by Brett Davis.In today’s business landscape, relationships are paramount. But while the focus often lies on customer relationships, relationships with vendors are equally crucial. Establishing trust with vendors facilitates smooth operations and strengthens the entire business ecosystem. Let’s delve into why building trust with vendors is so important and how […]

New SEC Rules: Material Incident Reporting Through Cybersecurity Disclosures

Originally published by Cyera.Written by Jonathan Sharabi.The Securities and Exchange Commission (SEC) rules set forth on July 26th, 2023, require that nearly all companies that file documents with the SEC (“registrants”) must describe the processes and management procedures they use to assess, identify, and manage cybersecurity risks. The new regulations aim to provide investors and […]

A Risk-Based Approach to Vulnerability Management

Written by Devin Maguire, ArmorCode.Security and risk are related but not synonymous. Security prevents, detects, and responds to attacks and is a key variable in the broader category of risk management. Risk management weighs the probability and impact of adverse events across the organization to inform and influence decisions. The relationship between security and risk […]

Utah S.B. 149: Creating a Safe Space for Developers While Regulating Deceptive AI

Originally published by Truyo.Written by Dan Clarke.Utah’s foray into the realm of artificial intelligence (AI) regulation is marked by the passage of Senate Bill 149, the Artificial Intelligence Policy Act. While many states grapple with the complexities of AI governance, Utah’s rather fast and reactive approach emphasizes consumer protection and seeks to hold businesses accountable […]

Building Resilience Against Recurrence with Cloud Remediation

Originally published by Tamnoon.Written by Michael St.Onge, Principal Security Architect, Tamnoon.In the fast-evolving cloud security landscape, successful remediation isn’t just about fixing issues when they arise – it’s equally about preventing the recurrence of these issues.Prevention is the final, critical stage of the cloud security remediation process. After a specific threat or vulnerability has been […]