Category Archives: Cloud Security Alliance

Written by Chandra Rajagopalan, Principal Software Engineer, Netskope. Imagine you have a role in making sure your enterprise is secure and on a typical Wednesday, you suddenly suspect that something is amiss or you come to know of a new threat intelligence about a specific technique or tool or in the worst case, your organization […]

Originally published by Skyhawk Security.Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud, and the motivation of attackers to utilize this to their advantage. But if we look closer, we can also identify some […]

Originally published by Schellman. Written by Megan Sajewski. When seeking ISO 42001:2023 certification, you must ensure that your artificial intelligence management system (AIMS) aligns with the standard’s key clauses (4-10), each of which focuses on a specific facet—context, leadership, planning, support, operation, performance evaluation, and improvement. For those acquainted with other, more established ISO standards, […]

Originally published by Abnormal Security.Account takeover (ATO) is a well-known attack method that has been documented for years. However, a less common type of attack occurs when ATO is used as the initial attack vector to gain access to another account, this is known as cross-platform ATO. In this article, we’ll showcase four scenarios where […]

Written by Rahul Kalva.Abstract The integration of artificial intelligence (AI) into DevSecOps is reshaping the way organizations approach security within their software development and deployment processes. As DevSecOps aims to embed security practices seamlessly into the DevOps pipeline, AI brings transformative capabilities that address the growing complexities and threats in modern software environments. From predictive […]

Written by Adam Cheriki, Co-Founder & CTO, Entro Security.As cloud-native architectures transform business operations, they bring unique security challenges. The rapid expansion of microservices, containers, and serverless functions has increased the number of secrets, making their protection a pressing concern. Why SOC2 Matters for Security SOC2 (Service Organization Control Type 2) is a crucial framework […]

As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we take pride in the organization’s extensive research accomplishments throughout the years that have defined the trajectory of cloud security. Since its founding in 2009, CSA has produced groundbreaking research that has set the benchmark for best practices in cloud security. This robust body of […]

For decades, the cybersecurity industry has relied on the Common Vulnerabilities and Exposures (CVE) program to standardize vulnerability documentation and guide threat intelligence. The program assigns a unique identifier to each discovered security vulnerability. Then, it ranks the vulnerability’s severity using the Common Vulnerability Scoring System (CVSS).Despite the widespread reliance on CVE, the system has […]

Written by Satyavathi Divadari, Founder and President of the CSA Bangalore Chapter, in collaboration with the AI Technology and Risk Working Group.In the fast-paced world of media, where delivering authentic news quickly is essential, cybersecurity plays a critical role in protecting data, ensuring privacy, and upholding journalistic standards. With my experience as a Director of […]

Originally published by Schellman.Written by Jordan Hicks.Generally, with new cybersecurity regulations, organizations affected are provided a “grace period” to make the necessary adjustments to achieve full compliance before enforcement begins. Looking toward the horizon and 2025, many new laws will be coming into full effect, which means organizations will now likely be subject to various […]