logo

Announcement Keynote Rolf at SCCS Lisbon Event:

April 11, 2025

Rolf A. Becker will speak at the SCCS Europe Conference on 11 April 2025 in Lisbon:

The Cloud Security Alliance Swiss Chapter has started a new Research Project on Cyber Threat Psychology

March 13, 2025

Cyber Threats often have a strong psychological component underneath which facilitates the success of the attacks. The new Cyber Threat Psychology Research Project intends to set the focus on the supply side i.e. the hackers and their motivations and incentive structures, what made them become a hacker, the transmission mechanisms supporting the attack to succeed, and of course also on the receiving side i.e. the victims. Our goal is to find patterns which can be leveraged to influence the supply side and the transmission mechanisms, and to broadly communicate these, with the goal of changing mindset at the supply side and interrupting the transmission channels where possible.

Shadow Access and AI

March 11, 2025

This document explores the intricate relationship between Shadow Access and AI. It outlines how AI can reduce the risks of Shadow Access through continuous monitoring, context and visualization, automated risk analysis, and other security measures. It also emphasizes that Shadow Access is a lifecycle issue that requires ongoing efforts to address. It shows how solving Shadow Access issues enhances data security, ensures compliance, and fosters trust with stakeholders.

Enterprise Authority To Operate (EATO) Auditing Guidelines

March 5, 2025

Many small and mid-sized cloud-based Anything-as-a-Service (XaaS) vendors struggle to implement robust information security controls. These security gaps particularly discourage corporate customers that operate in highly regulated industries. Customers in these industries must individually assess XaaS cloud services using heavy-weight cloud control assessments, incurring a significant cost and resulting in complex remediation requirements for the vendor.

Artificial Intelligence as a Catalyst for Social Engineering

March 2, 2025

Artificial intelligence (AI) is rapidly transforming various aspects of our lives, driving increased efficiency and automation. However, this technological advancement also presents significant challenges to cybersecurity. Cybercriminals, unconstrained by ethical considerations, are increasingly leveraging AI for malicious purposes, with social engineering attacks being a prime target. The growing accessibility of AI tools further exacerbates this issue, making it easier for even less sophisticated actors to deploy these tactics.

SaaS AI-Risk for Mid-Market Organizations Survey Report

January 27, 2025

The survey results show that mid-market organizations are making progress in recognizing and addressing SaaS security risks. However, significant gaps remain. Organizations should prioritize adopting specialized technologies that enhance visibility. They should also work on automating processes and addressing critical security gaps, such as sensitive data leaks to third parties. By following this guidance and other insights covered in the report, mid-market businesses will have an easier time navigating the evolving SaaS landscape.

DLT Cybersecurity Governance Package

January 22, 2025

Distributed Ledger Technology (DLT) brings traceability and transparency to external business workflows, while also instilling trust and efficiency in an untrusted and competitive business environment. However, many of these workflows involve transactions and custody of value in the form of digital assets and sensitive data. As a result, cybersecurity takes center stage in the DLT space. CSA’s DLT Cybersecurity Governance Framework serves as a comprehensive framework for blockchain and DLT security professionals to manage the cybersecurity risk of their DLT assets.

Context-Based Access Control for Zero Trust

January 22, 2025

Today, Zero Trust aims to remove all trust and assumptions from access decisions. To align with Zero Trust principles, teams should evaluate each access request based on risk and approve each request based on evidence. This is known as Context-Based Access Control (CBAC). CBAC enhances security by making real-time, risk-based access decisions using dynamic signals. These signals can include user behavior, device health, location, network conditions, and more.

Zero Trust Guidance for Small and Medium Size Businesses (SMBs)

January 13, 2025

This publication provides guidance for small and medium-sized businesses (SMBs) transitioning to a Zero Trust architecture. It takes into account the many unique constraints that SMBs face, including budget, resources, and deep subject matter expertise.