HOME
Latest News from the Suisse Chapter
CSA & SIGS Special Event – April 10 – 11, 2024
Join CSA and SIGS on April 10th and 11th to hear from featured speakers John Kindervag and Rob van der Veer at a special two-day event in Zurich. Learn about Zero Trust and AI and network with like-minded peers in cybersecurity. Register today to save your spot! Learn More Rob van der Veer, Senior Director…
New CSA CH vEvent – Morning Breakfast on July 6th, 2022 !!
Title: Dealing with the challenges of China’s cross-border data transfer restrictions Speaker Name: Samuel Yang Abstract: In this session we will discuss: China’s most up-to-date data localization and cross-border data transfer rules, and how they affect companies doing business in/with China. Regulatory and practical issues in relation to the use of VPN and foreign…
New CSA CH vEvent on April 5th, 2022
More news to come soon, stay tuned.
Instructions how to deal Log4Shell vulnerability
Here some news from Gov agencies how to react to this complex and critical vulnerability: https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/#
Chapter Suimmit 2021 – Nov 4th
All CSA chapter members are encouraged to join us on November 4th (8am-12pm Pacific Time) for the inaugural CSA Chapter Summit, an exclusive and free virtual event. This summit will be a unique opportunity for chapter members to come together and network, while also learning about ways to engage with CSA global. During the event,…
Zero-cloud and Data Protection
Here my last article on the topic “Data Security as Business enabler”, which I recently presented in a 3-days panel organized by EPFL on “Zero-Trust cloud week – Data Protection in the Cloud”. Recording available here: https://lnkd.in/dWtrF9E #datasecurity #security #privacy
Latest News from CSA blog
- 6 Surprising Findings from the CSA State of Security Remediation ReportOriginally published by Dazz.Written by Julie O’Brien, CMO, Dazz.As more companies shift left and embrace hybrid cloud operations, the need for security visibility across the entire code-to-cloud environment is critical for staying on top of vulnerabilities and reducing exposure.The CSA State of Security Remediation survey validates the challenges that we know organizations are facing, as well as what’s needed to solve them. This post highlights six main findings observed from the CSA survey....continue reading on CSA Home
- Beyond the Black Box: How XAI is Building ConfidenceWritten by Dr. Chantal Spleiss, Co-Chair for the CSA AI Governance & Compliance Working Group.While "AI" has become a broadly used word, there are key distinctions within AI to keep in mind. Narrow AI systems excel at specific tasks, like playing chess or recognizing objects in images. Generative AI (GenAI) is a rapidly growing field that involves creating new text, images, code, or other forms of content. These systems pose unique challenges for understanding their output and ensuring it...continue reading on CSA Home
- Everything You Need to Know About the EU AI ActOriginally published by BARR Advisory.Written by Claire McKenna. We’ve recently witnessed the rapid expansion of artificial intelligence (AI)—and we can expect its continued integration into our daily lives. As our use and reliance on AI grows, so do the potential security risks that come along with it. These risks have prompted several new standards to address the security concerns posed by AI, including the NIST AI Management Framework and ISO 42001.The European Union (EU) is currently work...continue reading on CSA Home
- 5 Security Questions to Ask About AI-Powered SaaS ApplicationsWritten by Wing Security.Artificial intelligence (AI) has emerged as a disruptive force, reshaping the way organizations operate, innovate, and compete. With enhanced efficiency, productivity, and personalized user experiences, AI-powered SaaS applications have become integral to modern businesses across industries. However, due to the transformative potential of AI, organizations are starting to grapple with the complexities of data privacy, intellectual property protection, and security vul...continue reading on CSA Home
- Powerful Cloud Permissions You Should Know: Part 1Originally published by Sonrai Security.Written by Deirdre Hennigar and Tally Shea.MITRE ATT&CK Framework: Initial AccessA cloud permission is never a dangerous thing by nature. In fact, their power is solely defined by the context in which they are used. Whether a permission falls into the wrong hands for malicious use, or an employee uses it and unintentionally introduces new risk, cloud permissions can be powerful tools.Some permissions inherently hold more power than others and should...continue reading on CSA Home
- Salesforce Data Security Challenges in Wake of the Recent BreachOriginally published by Adaptive Shield.Written by Hananel Livneh. Recent incidents continue to shed light on vulnerabilities that organizations face. A notable case involves a networking products company whose support website inadvertently exposed sensitive customer information, as reported by KrebsOnSecurity. This incident underscores the critical importance of robust security measures in safeguarding customer data. In this blog post, we'll delve into the details of the exposure, explore po...continue reading on CSA Home
- How Attackers Exploit Non-Human Identities: Workshop RecapOriginally published by Astrix.Written by Tal Skverer and Danielle Guetta. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restriction...continue reading on CSA Home
- Recommendations for Self-Managed FedRAMP Red Team ExercisesOriginally published by Schellman & Co.When FedRAMP issued Revision 5 in May 2023, the changes included a new requirement for a red team exercise in addition to the already-mandated penetration test. Now that Rev 5 is officially being enforced as of 2024, organizations pursuing FedRAMP Authorization must get this new obligation right.FedRAMP permits organizations two options to satisfy their red team exercise requirement: You can have one performed by a third-party assessor organization (...continue reading on CSA Home
- CISOs, Sewers, and Unsolvable ProblemsOriginally published by CXO REvolutionaries.Written by Daniel Ballmer, Senior Transformation Analyst, Zscaler.CISOs and sewer engineers face similar challenges, and it goes beyond keeping the contents of their systems moving fast and smooth. There is a mathematical exercise that has many names, but I learned it as the New York City Sewer Problem. In short, it states that finding the optimal configuration of the NYC sewer system is a problem modern computing cannot solve in a human lifetime. B...continue reading on CSA Home
- CSA STAR Level 2: All About STAR Attestations and CertificationsAny organization providing cloud services can benefit from completing the STAR program’s cloud security and privacy assessments. These assessments are based on the Cloud Controls Matrix (CCM), as well as the privacy requirements for GDPR compliance. STAR assessments fall under two levels of assurance: Level 1 (self-assessments) and Level 2 (third-party assessments). Let’s dive into some of the intricacies of STAR Level 2.What is CSA STAR Level 2?STAR Level 2 consists of third-party audits tha...continue reading on CSA Home