Shows
RTS Washington Women's Bible StudyJohn Class 6: 13:1-30 (Stephanie DiMaria)John Class 6: 13:1-30 (Stephanie DiMaria)2025-03-1254 min
Your Personal Bank with Ferenc TothJohn Burley InterviewJohn Burley With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. John is a Pioneer in the Real Estate Investment Business, originally trained in the World of Wall St., in 1989 he left and founded his Private Equity Company, where he serves today as the Founder & CEO. It is a leader in the industry, with holdings from multiple countries and a dozen different states. His was among the first ever companies to bring Single Family Home...2024-11-2654 min
The Sit Down: A Crime History PodcastEpisode 184: TOP 15 Mobsters In NYC In 2024I hear all the time that the Mafia is dead in America. While they are surely weakened there are still many men in the Mob that are dug in and still very powerful and all have the same core principles and ethics. Men like Bruno Indelicato, Lenny DiMaria, Joel Cacace and Gene Gotti. Today I delve into the top 15 most powerful mobsters in NY today, excluding bosses.Jeff Nadu is an American Mafia researcher, podcaster and content creator. He has worked at Barstool Sports and was hired personally by Dave Portnoy. His podcast "The Sitdown" with Jeff Nadu...2024-11-1331 min
Out of the Woods: The Threat Hunting Podcast[Bonus Episode] Inside Cloud Security with CSA’s John DiMariaIn this bonus episode of Out of the Woods, Scott Poley sits down with John DiMaria, Director of Operations Excellence at the Cloud Security Alliance (CSA), live from the Information Security Summit in Cleveland. DiMaria discusses his pivotal role in developing CSA’s STAR (Security, Trust, Assurance, and Risk) program and shares insights on cloud security, the evolution of the STAR program, and its alignment with CSA's Cloud Controls Matrix (CCM).
They also explore the future of STAR in the AI landscape, the crucial role of shared responsibility models in cloud security, and the importance of continuous monitoring an...2024-11-0722 minYour Personal Bank with Ferenc TothJohn Burley InterviewWith 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. John is a Pioneer in the Real Estate Investment Business, originally trained in the World of Wall St., in 1989 he left and founded his Private Equity Company, where he serves today as the Founder & CEO. It is a leader in the industry, with holdings from multiple countries and a dozen different states. His was among the first ever companies to bring Single Family Home (SFH) Port...2024-10-1553 min
CSA Security UpdateEmpowering Cloud Providers: The EU Cloud Code of Conduct and GDPR ExplainedIn this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry.Join us as we discuss the significance of these codes of conduct, their role in ensuring data protection, and how they offer a practical framework for companies striving to meet GDPR requirements. We will also delve into the ongoing...2024-09-2731 minCSA Security UpdateReal-talk: Opportunities for Security Teams to Fight AI with AIThe attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, operations, and applications. Modern cloud development enables faster application building and introduces complex security challenges. As generative AI becomes increasingly integrated into our tools and processes, it promises to transform how we approach cybersecurity. But what does that mean for security and development teams today?Join us in this episode as we interview Tomer Schwartz, CTO and Co-founder, Dazz, and explore how AI can be a game-changer for security teams, especially resource-constrained...2024-08-2141 minYour Personal Bank with Ferenc TothJohn Burley Interview, Real Estate Expert, Educator, Private Equity Company FounderJohn Burley With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. John is a Pioneer in the Real Estate Investment Business, originally trained in the World of Wall St., in 1989 he left and founded his Private Equity Company, where he serves today as the Founder & CEO. It is a leader in the industry, with holdings in multiple countries and a dozen different states. His was among the first ever companies to bring Single Family Home...2024-07-3053 min
The John Loughlin ShowJohn Loughlin With Special Guest Captain Phil DiMariaJuly 27, 2024 Hour 2 of 3: John talks with civil war reenactor, Captain Phil DiMaria. Follow us on Facebook, Instagram, and X Listen to past episodes at the station website Follow the Show on Apple, Spotify or Amazon MusicSee omnystudio.com/listener for privacy information.2024-07-2713 minCSA Security UpdateISO/IEC 27001:2022 Unpacked: Embracing Auditing ThemesIn our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reorganization of domains marks a significant shift in how we think about and implement information security management. By centering our conversation on auditing themes, we explore how this new structure enhances the alignment of security practices with organizational goals and risks. We'll discuss the rationale behind this change, practical insights on transitioning to the new model, and the benefits it brings to ensuring a robust and comprehensive security audit. Join us as we interview David Forman, founder of...2024-07-2343 minCSA Security UpdateFrom Concept to Competence: The Impact of CSA's Zero Trust TrainingIn this exclusive interview, we have the honor of speaking with a representative from the Cloud Security Alliance (CSA), the esteemed recipient of the 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training. This award acknowledges CSA's groundbreaking Certificate of Competence in Zero Trust (CCZT), the industry's first authoritative training and certification program dedicated to Zero Trust architecture, components, and best practices.During this session, we will delve into the development and significance of the CCZT, exploring the motivations behind its creation and the goals CSA aimed to achieve. Our discussion will highlight the unique features of the CCZT...2024-06-2741 min
Digiexam Dialogues: Voices of InnovationGood technology solves the whyWelcome to Digiexam Dialogues: Voices of Innovation and this episode, “Good Technology Solves the Why,” where we explore the impactful integration of educational technology. Our host, John DiMaria, is joined by Brian Gray, Technology Systems Administrator from St. Stephen’s Episcopal School in Austin, Texas, and a 2024 Blackbaud Community All-Star.Brian shares his wealth of experience within edtech, diving into how technology in education should address the essential “why” behind teaching and learning challenges. He discusses strategies for choosing tools that truly enhance educational processes, emphasizing the importance of aligning tech solutions with teacher and student needs....2024-06-191h 28CSA Security UpdateDecoding Security Solutions: ASPM vs CSPM vs CNAPPIn the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security field acronyms: Application Security Posture Management (ASPM), Cloud Security Posture Management (CSPM), and Cloud-Native Application Protection Platform (CNAPP). While all focused on bolstering security posture, these target different aspects of one's security program.Listen as we interview Karthik Swarnam, Chief Security and Trust Officer at Armorcode, a CSA member, and take a deep dive into this subject. We discuss:Distinguishing between ASPM, CSPM, and CNAPP: Understand their functionalities, target areas, and how they...2024-05-2830 minCSA Security UpdateAligning Security Standards: Maximizing Synergy Between CSA STAR Level 2 and ISO 27001In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory, delve into the relationship between CSA STAR Level 2 and ISO 27001 standards, emphasizing the significant overlap in best practices, procedures, and controls for cloud service providers (CSPs) operating in medium- to high-risk environments. They highlight how collaboration with an auditing firm certified in both frameworks can expedite the compliance process, offering practical tips for streamlining attestations. Discover why dual compliance against CSA STAR Level 2 and ISO 27001 is paramount for CSPs to demonstrate their commitment to robust security practices and gain a competitive a...2024-05-0228 minCSA Security UpdateNavigating the New Age of ComplianceIn a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new competitive edge. In this episode, we delve into the heart of agile compliance with a special guest Travis Howerton; Co-Founder and Chief Executive Officer of RegScale, a pioneering company at the forefront of compliance automation.Discover how automated technology and continuous monitoring is revolutionizing the way organizations approach compliance, risk management, and governance in both the private and government sectors. Our guest will share insights into the challenges businesses face in...2024-04-3037 minYour Personal Bank with Ferenc TothJohn Burley Interview - Successful Real Estate Investing in 2024 John Burley is one of the most experienced real estate experts, educators, and is a private equity founder in the US. With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. Your Personal Bank can help you enhance real estate investing. You can lower your cost of borrowing. You can also operate similar to a bank and earn positive cash flow on your money. Contact Ferenc at YourPersonalBank.com or 866-268-4422 for more info.See omnystudio.com/li...2024-03-1253 minCSA Security UpdateWhy CPA Firms Excel in Cybersecurity AttestationsIn the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm.The episode delves into why CPA firms, traditionally known for financial audits, are exceptionally well-suited for cybersecurity attestations and how they apply their expertise in ensuring rigorous processes and adherence to standards like CSA STAR when performing cybersecurity...2024-01-1728 min
The Gospel DefenderDec 31st 2023 / Three Witnesses To salvation in 1 JohnSee omnystudio.com/listener for privacy information.2023-12-2626 minCSA Security UpdateCloud Security Unveiled: Navigating CSA STAR Attestation and SOC2 in the Digital AgeIn today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent frameworks for assessing and ensuring cloud security. In this episode, we dive deep into the intricacies of CSA STAR Attestation, its relationship with SOC2, and their collective impact on cloud governance and cybersecurity. Join the CSA and our guests, Pat Nester and Michael Nouguier, as they shed light on these intertwined topics, helping businesses navigate the cloudy (pun intended) waters of modern...2023-11-2743 min
Nova Lectio - Storie di GeopoliticaGli Stati Uniti e la "lobby ebraica"PROGETTO KIRGHIZISTAN: https://donorbox.org/reportage-kirghizistan-nova-lectioIl mio NUOVO libro "La dura vita del dittatore": https://amzn.to/3BLc2FlUn ringraziamento al collaboratore giornalista, Paolo Arigotti per la fase di scriptaggio.fonti:La Israel lobby e la politica estera americana, di John J. Mearsheimer - Stephen M. Walt, 2007www.agi.it/estero/news/2022-12-17/qatargate-lobby-stati-uniti-come-funziona-19247124/www.limesonline.com/cartaceo/come-funziona-la-lobby-sionista-negli-stati-unitiformiche.net/2014/08/perche-gli-stati-uniti-amici-israele/www.forumcostituzionale.it...2023-10-2022 minYour Personal Bank with Ferenc TothJohn Burley Interview - Successful Real Estate Investing with High Interest RatesJohn Burley Interview - Successful Real Estate Investing with High-Interest Rates Show Description: John Burley is one of the most experienced real estate expert, educator, and private equity founder in the US. With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. His Bio: BIO LINK Your Personal Bank can help you enhance real estate investing. You can lower your cost of borrowing. You can also operate similar to a bank and earn positive cash...2023-10-1055 minCSA Security UpdateBridging Cloud Security and Compliance: Government Cloud, FEDRAMP, and CCM/STAR IntegrationIn our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective on how these powerful tools are shaping the landscape of data security and regulatory compliance in the digital age. We also explore the challenges and opportunities presented by these technologies, offering valuable insights for stakeholders navigating the complex government cloud infrastructure. This engaging conversation promises to deepen your understanding of these critical domains and their transformative impact on today's digital governance...2023-07-2441 min
Your Personal Bank with Ferenc Toth7.10.23 John Burley Interview: Real Estate Expert, Educator, and Private Equity Company Founder"7.10.23 John Burley Interview: Real Estate Expert, Educator, and Private Equity Company Founder" With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. John is a Pioneer in the Real Estate Investment Business, originally trained in the World of Wall St., in 1989 he left and founded his Private Equity Company, where he serves today as the Founder & CEO. It is a leader in the industry, with holdings from multiple countries and a dozen different states. His...2023-07-1248 minCSA Security UpdateSecuring Cloud Technology: Insights from NCC Group. Adopting and Implementing CSA Cloud Control MatrixIn this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them. He also highlights the specific benefits and improvements that resulted from the adoption within NCC Group. Furthermore, Nandor delves into the common challenges faced by clients when implementing the CSA CCM and p...2023-05-1634 min
Knockout City Pirate RadioCity of TomorrowIt’s a meeting of the minds at the Super-Science Symposium! Freelance holo-caster Kat Hunter is on the scene to report on the S3 show floor and interview the brainiacs competing for the prestigious Scientist of Tomorrow award. With bitter rivalries and accusations of stolen findings flying faster than an overcharged dodgeball, Kat soon finds herself embroiled in a great mystery.Chapters0:00 - The City of Tomorrow0:41 - The Hunting Grounds2:12 - Super-Science Symposium5:15 - Meet the Makers11:26 - Committed to Memory15:21 - One Man’s Trash19:38 - Comparing Note...2023-04-2547 minCSA Security UpdateShining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud SecurityThis case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture. Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's challenges, objectives, and implementation outcomes.Find out how they were able to...2023-04-1817 minCSA Security UpdateShining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud SecurityThis case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture. Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's challenges, objectives, and implementation outcomes.Find out how they were able to...2023-04-1717 minThe Gospel DefenderApril 16th 2023 / Five Mistakes Made In John 9See omnystudio.com/listener for privacy information.2023-04-1225 minCSA Security UpdatePrivate Cloud Computing - Security Considerations, Risks and Shared ResponsibilityPrivate cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center.What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks?Due to heightened security issues over the last few years, are companies considering moving to a private cloud? What are the pros and cons and what is the best advise from those doing it?Listen as we interview Balasubramanian (Bala) Krishnamurthy; Head...2023-01-3035 min
3 Old GoaliesSeason 2 Episode 6: World Cup Recap with Guest Greg RaberThe 3 Old Goalies are back for a #WORLDCUP special with Special Guest Greg Raber!
John Boa, Greg Deutsch aka Bone, Eric Vaughter "EV", and Ryan Sparks aka @Touchedartist, dive into the 2022 World Cup along with guest Greg Raber.
A 2 Hour and 26 Minute episode with some great one liners and some rants along the way.
We know it's a long one but, it was a great time. Join us, won't you?
Talking #USMNT, #Soccer, Greg Berhalter, and more. #worldcup2022 #ARGENTINA #FRANCE #collegesoccer #ncaa #Naia #futbol #3oldgoalies #pele #messi #mbappe #dimaria #SCOREgoals #YNWA #UK #UniversityofKentucky #Syrac...2022-12-282h 26CSA Security UpdateSTAR Attestation - One of the most powerful programs to evaluate the cloud sectorAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles,AT 101) and the CSA Cloud Controls Matrix.Requirements for the cloud can be quite different than non-cloud environments...2022-05-1736 minCSA Security UpdateApplication Security - The Importance of Future Proofing Your ProcessAs we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. - How can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design)- Urgency for daily scans- How the CCM and STAR Program can facilitate reducing risk and understanding the Shared Responsibility Model.- What to expect in 2022 (more supply chain attacks expected)Get the answers to all these topics and more as we interview Farshad Abasi...2022-04-2232 min
The Virtual CISO PodcastUse the CSA Cloud Controls to Maximize Your Security & Reduce Your Risk of BreachEven before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. Which means cloud security and compliance is more important than ever. That’s why I’m speaking to one of the authorities on cloud security, John DiMaria, Assurance Investigatory Fellow at Cloud Security Alliance, in today’s episode — to demystify cloud security. Join us as we discuss: How CSA’s STAR program can help you strengthen your cloud securityThe biggest vulnerabilities organizations face when operating in the cloudHow landing on CSA’s CCM registry can give your organization mo...2022-04-0547 minCSA Security UpdateCSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSESTAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud security requirements on CSPs. The CSA Cloud Controls Matrix (CCM) is the de-facto standard for cloud security assurance and compliance, widely used in assessing cloud security performance of cloud implementations.Ribose Achieved the world’s first STAR Certification with CSA Cloud Controls Matrix v4 that was released in January 2021. Recorded live from Hong Kong, Ronald Tse; CEO and founder of RIBOSE, takes us through their journey with STAR over the years and discusses the value, ROI and fut...2022-03-2147 minCSA Security UpdateWho moved my cheese? Changes to the ISO standards and how they will affect you.As the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes can help company's succeed.CSA is dedicated to keep our followers up-to-date on these changes and how they may affect the users and provide guidance and information on what can be expected moving forward as well as what organizations should be concerned about as well as tips on preparing for these changes.Listen as we interview Ryan Mackie of Schellman and Eric Hibbard of Samsung, both members of SC27...2022-03-1732 minCSA Security UpdateFighting Ransomeware in the CloudIn order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respond to attacks. But IT organizations often struggle to understand the priorities and the appropriate approach to mitigate risk and minimize the impact of ransomware. With more tools and software, organizations many times throw money at technology solutions and do not address people and processes not to mention sector-specific controls to help detect, prevent, respond to ransomware not to mention other malware attacks.Listen as we discuss the subject and solutions...2022-03-1119 minCSA Security UpdateCSA STAR Case Study, Guest: Nick Murison; CISO of ArdoqCloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging. With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procurement process can be a daunting task for clients since each cloud service provider shows its security methods unique ways, making comparisons between sellers time-consuming. CSA facilitates this process. "We take security very seriously, focusing on protecting our customers and ourselves. In a constantly shifting landscape, we map out security threats and risks to plan current and future dangers. As the next step in ou...2021-12-1036 minCSA Security UpdateMulti-party Recognition (MPRF) - Reduces cost and facilitates lower risk all the while building a culture of resiliency.Through a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance schemes, and has observed that many security requirements and control objectives in different standards are largely overlapping.As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of duplicated work that unduly increases costs and complexity.The idea behind the MPRF is not to create yet another cloud certification or auditing architecture. Instead, it aims to provide a unified method of systematic and consistent...2021-11-0848 min
The Crux of the StoryThe Crux - Valerie DiMariaIn our sixty-fourth episode of The Crux, we welcome Valerie DiMaria, founder and principal of the10company. Valerie has held CMO & CCO roles at Fortune 100 companies and developed comprehensive brand and reputation building programs working closely with CEOs at GE Capital, Motorola, and Willis. She has been honored with PRSA’s John W. Hill Award for leadership in the practice of public relations, two PRSA Silver Anvils and two Big Apples. Valerie has been named one of the “10 Top Women in PR,” one of the “50 Most Powerful Women in PR” and a “tech industry key player” by PR Week.2021-11-071h 00CSA Security UpdateSAXO Bank - First Bank to achieve STAR AttestationSaxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation.This milestone in the bank’s technology aspirations means Saxo Bank qualifies for and adheres to the highest and most comprehensive principles in terms of transparency, privacy, security and harmonization of standards across its IT systems, services and infrastructure that supports the business and different client segments from back-office systems to open APIs. The CSA STAR Level 2 attestation is verified and validated by a third-party auditor.The admission to the CS...2021-07-2722 minCSA Security UpdateCSA CxO Trust Initiative Understanding the priorities of your peers within the C-SuiteThe mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-Suite.Join us as we interview Illena Armstrong; President of CSA and discuss the details about the CSA CxO as well as...2021-06-2529 minCSA Security UpdateObjectives-based Security - Enabling Security Teams to deliver desired outcomes"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environments rapidly change. Security teams are stretched thin trying to continuously map the desired business outcomes to disparate product configurations in these environments"."What we lack as an industry is a cohesive and a high-level approach to enabling security teams to deliver cybersecurity outcomes. A different approach to security is needed".~Vishwas Manral, Forbes Councils Member~Join us as we interview Vishwas Manral Forbes Councils Member, founder and CEO at NanoSec (acquired by McAfee...2021-06-0832 minCSA Security UpdateThe advantages and future of the Cloud Control MatrixThe Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The CCM is considered the de-facto standard for cloud security and privacy.Listen as we interview Harry Lu; The current Co-Chair of the Cloud Security Alliance Cloud Control Matrix Working Group and discuss the CCM, the advantages it brings to organizations, how it...2021-03-0331 minCSA Security UpdateA case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost.The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks, and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publicly available to all clients....2021-02-0127 minCSA Security UpdateThe Business Value of STAR AttestationAs organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that enables third party audit review to give security teams the support and trust they require to enable this move to the cloud.Listen as...2020-10-1637 minCSA Security UpdateHow to Engage with Cloud CustomersAs a cloud service provider (CSP) customer engagement is crucial. It impacts customer loyalty, which directly impacts the bottom line. The potential cost of incompetent customer engagement should be concerning to CSPs.The lines between cloud providers and cloud consumers keep getting fuzzier every day. What are the main challenges of cloud computing that users face?What is the growing paradigm shift in what users will expect from CSP’s moving forward as a minimum requirement? What are the top 3 or 4 risks of cloud computing they should be aware of on...2020-07-2724 minCSA Security UpdateCSA STAR + SOC2 - From Readiness to AttestationAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix.1. What is CSA STAR & SOC2? What is CSA STAR & SOC2? 2020-05-2731 minCSA Security UpdateCSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QADThe Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.Listen as we interview Larry Greenblatt, Information Security Specialist at QAD as he takes us through his journey to CSA STAR Certification from business case...2020-03-2536 minCSA Security UpdateIoT and SMART Nations - Building Resilience - Guest: David Mudd; BSI GroupIoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges – presenting a huge opportunity but risk as well. With SMART Cites and SMART Nations emerging, a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world’s 9 billion people will be city-dwellers by 2050, it’s vital we ensure cities provide a safe and pleasant environment that is sustainable and resilient to change. Listen as we interview David Mudd, Global Digital and Connecte...2020-03-0228 minCSA Security UpdateSneak Preview of CSA Summit and RSA February 24 - 27 2020Excerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers at the upcoming CSA Summit at RSA!https://cloudsecurityalliance.org/star/2020-02-1105 minCSA Security UpdateCSA 2019 Year in Review and look into 2020 with Co-Founder & CEO Jim Reavis2019 was another great year for CSA and it sets the stage for an even greater year in 2020.Listen to this insightful interview with Jim Reavis; Co-Founder and CEO of the Cloud Security Alliance as he provides a look back at the accomplishments and milestones achieved in 2019 and provides a look into the journey we will be taking in 2020.If you're not already, it is a great starting point to get involved with CSA and it's massive cloud community.https://cloudsecurityalliance.org/star/2020-01-1726 minCSA Security UpdateThe STAR Certification Journey - Guest:Willibert Fabritius; Global Head of Information Security and Business Continuity, BSI GroupThe Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.Listen as we interview Willibert Fabritius; Global Head of Information Security and Business Continuity of BSI Group and take the journey with us down the...2019-12-1138 minCSA Security UpdateCSA STAR Attestation; The first cloud-specific attestation program. Guest: Debbie Zallar; Principle, Schellman & Company LLCAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Services Criteria) and the CSA Cloud Controls Matrix.Listen as we interview Debbie Zaller; Principal, practice leader, and SME for...2019-11-1928 minCSA Security UpdateReducing Business Risk with Forensic Readiness – Guest: Lamont Orange; CISO, NetskopeForensic readiness is defined as the ability of an organization to maximize its potential to use good quality digital evidence to protect the organization, support the investigators while minimizing the costs of an investigation.Trust in the cloud is constantly under attack, so good data-driven decisions are critical. Determining whether a data source provides an acceptable level of digital evidence is one thing, but how do you safeguard data integrity to ensure that the information contained within supports the investigation with the proper content or context, transparency, and trust? Proving "Due Diligence" and "Standard of Care" is...2019-11-0624 minCSA Security UpdateEU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSASecurity compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, international and industry-specific standards and certification schemes present in the market, generating "compliance fatigue", not to mention sometimes contradicting audit reports related to similar controls, That often translates into substantial costs for those service providersThe idea behind the MPRF is to provide a unified method of systematic and consistent activities with the goal of minimizing the burden of obtaining certification "Y" for a CSP, once it has already obtained certification "X". The MPRF’s purpose is, ther...2019-10-2127 min