Originally published by BARR Advisory.Written by Claire McKenna. We’ve recently witnessed the rapid expansion of artificial intelligence (AI)—and we can expect its continued integration into our daily lives. As our use and reliance on AI grows, so do the potential security risks that come along with it. These risks have prompted several new standards to […]
Category Archives: Cloud Security Alliance
Category Added in a WPeMatico Campaign
Written by Wing Security.Artificial intelligence (AI) has emerged as a disruptive force, reshaping the way organizations operate, innovate, and compete. With enhanced efficiency, productivity, and personalized user experiences, AI-powered SaaS applications have become integral to modern businesses across industries. However, due to the transformative potential of AI, organizations are starting to grapple with the complexities […]
Originally published by Sonrai Security.Written by Deirdre Hennigar and Tally Shea.MITRE ATT&CK Framework: Initial AccessA cloud permission is never a dangerous thing by nature. In fact, their power is solely defined by the context in which they are used. Whether a permission falls into the wrong hands for malicious use, or an employee uses it […]
Originally published by Adaptive Shield.Written by Hananel Livneh. Recent incidents continue to shed light on vulnerabilities that organizations face. A notable case involves a networking products company whose support website inadvertently exposed sensitive customer information, as reported by KrebsOnSecurity. This incident underscores the critical importance of robust security measures in safeguarding customer data. In this […]
Originally published by Astrix.Written by Tal Skverer and Danielle Guetta. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The […]
Originally published by Schellman & Co.When FedRAMP issued Revision 5 in May 2023, the changes included a new requirement for a red team exercise in addition to the already-mandated penetration test. Now that Rev 5 is officially being enforced as of 2024, organizations pursuing FedRAMP Authorization must get this new obligation right.FedRAMP permits organizations two […]
Originally published by CXO REvolutionaries.Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler.CISOs and sewer engineers face similar challenges, and it goes beyond keeping the contents of their systems moving fast and smooth. There is a mathematical exercise that has many names, but I learned it as the New York City Sewer Problem. In short, it […]
Written by the CSA Zero Trust Working Group Co-Chairs: Jason Garbis, Jerry Chapman, and Christopher Steffen. In our roles as co-chairs, we spend a lot of time and energy talking with enterprises and promoting the idea that Zero Trust needs to be more than just a security initiative – it has to deliver business value […]
Written by Ken Huang, Co-Chair of Two CSA AI Safety Working Groups, VP of Research of CSA GCR, and CEO of Distributedapps.ai. 1: Introduction AI safety and security are fundamental aspects that play distinct yet interconnected roles in the development and deployment of AI systems. AI security primarily revolves around safeguarding systems to ensure confidentiality, […]
Written by AuditCue.The Kingdom of Saudi Arabia’s Essential Cybersecurity Controls (ECC), established by the National Cybersecurity Authority (NCA), is a significant leap towards enhancing the nation’s cyber defense mechanisms. This set of regulations spans across five critical domains, emphasizing a holistic approach to cybersecurity governance, defense, resilience, third-party/cloud computing, and industrial control systems. With a […]