Shows
CSA Security UpdateContinuous verifiable proof is the new standardIn this episode of CSA Security Update, host John DiMaria and guest Scott Furman of Invary discuss the evolving landscape of cloud security, focusing on the critical vulnerabilities posed by implicit trust in foundational components like kernels and hypervisors. They explore the limitations of traditional security tools and the necessity of continuous integrity measurement as a proactive defense against modern threats, including zero-day attacks. The conversation underscores the importance of integrating integrity validation into existing security frameworks, while striking a balance between performance and security. Real-world use cases demonstrate the effectiveness of these measures, particularly in critical infrastructure. The...
2025-11-0438 minCSA Security UpdateThe Human Side of AI Security: Leadership, Culture, and ChangeSummaryIn this episode, John DiMaria and John Earle discuss the rapid rise of AI in cybersecurity, drawing parallels to the early adoption of cloud security. They explore the importance of organizational culture, change management, and team dynamics in shaping security initiatives. The conversation emphasizes the need for effective communication and the role of security champions in overcoming resistance to change. Looking ahead, they highlight the qualities that will define successful security leaders in the evolving landscape of technology.Key takeawaysAI is transforming cybersecurity at an unprecedented pace.Organizational...
2025-10-2326 minCSA Security UpdateGuardrails for Generative AI: Balancing Innovation with ResponsibilityAs organizations embrace generative AI, ensuring applications align with safeguards is critical. Today, we are here to explore how proper Guardrails can enable responsible AI by filtering harmful content, enforcing policies, and supporting compliance—all without slowing innovation. Join us as we interview Saptarshi Banerjee, Senior Solutions Architect at Amazon Web Services (AWS Listeners will hear real-world use cases, governance best practices, and how to build AI solutions that are powerful, secure, and aligned with enterprise values. https://cloudsecurityalliance.org/star/
2025-09-2225 min
TeaFlix with The McCartney LadiesTeaFlix Interview with Anthony DiMariaSend us a textAnthony DiMaria is an American actor, producer, author, and director. He is also known for preserving the legacy of his uncle, Jay Sebring, a pioneering stylist who was killed by members of the Manson Family in August 1969, during what is now known as the "Tate Murders."Jay Sebring Novel 2025 "Cutting To The Truth"In summer 2025 Anthony DiMaria and co-author Marshall Terrill released the 576-page novel Jay Sebring: Cutting to the Truth through Steven W. Booth's "Genius Books" with many restored facts, images, and interviews regarding Jay Sebring's life history...
2025-09-021h 04
2025-08-2126 min
2025-08-2126 min
2025-08-2126 min
2025-08-2126 min
2025-08-2126 min
2025-08-1526 min
2025-08-1526 min
2025-08-1526 min
2025-08-1526 min
2025-08-1526 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
2025-08-0826 min
RTS Washington Women's Bible StudyJohn Class 6: 13:1-30 (Stephanie DiMaria)John Class 6: 13:1-30 (Stephanie DiMaria)
2025-03-1254 min
Your Personal Bank with Ferenc TothJohn Burley InterviewJohn Burley With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. John is a Pioneer in the Real Estate Investment Business, originally trained in the World of Wall St., in 1989 he left and founded his Private Equity Company, where he serves today as the Founder & CEO. It is a leader in the industry, with holdings from multiple countries and a dozen different states. His was among the first ever companies to bring Single Family Home...
2024-11-2654 min
Out of the Woods: The Threat Hunting Podcast[Bonus Episode] Inside Cloud Security with CSA’s John DiMariaIn this bonus episode of Out of the Woods, Scott Poley sits down with John DiMaria, Director of Operations Excellence at the Cloud Security Alliance (CSA), live from the Information Security Summit in Cleveland. DiMaria discusses his pivotal role in developing CSA’s STAR (Security, Trust, Assurance, and Risk) program and shares insights on cloud security, the evolution of the STAR program, and its alignment with CSA's Cloud Controls Matrix (CCM).
They also explore the future of STAR in the AI landscape, the crucial role of shared responsibility models in cloud security, and the importance of continuous monitoring an...
2024-11-0722 minYour Personal Bank with Ferenc TothJohn Burley InterviewWith 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. John is a Pioneer in the Real Estate Investment Business, originally trained in the World of Wall St., in 1989 he left and founded his Private Equity Company, where he serves today as the Founder & CEO. It is a leader in the industry, with holdings from multiple countries and a dozen different states. His was among the first ever companies to bring Single Family Home (SFH) Port...
2024-10-1553 minCSA Security UpdateEmpowering Cloud Providers: The EU Cloud Code of Conduct and GDPR ExplainedIn this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry.Join us as we discuss the significance of these codes of conduct, their role in ensuring data protection, and how they offer a practical framework for companies striving to meet GDPR requirements. We will also delve into the ongoing...
2024-09-2731 minCSA Security UpdateReal-talk: Opportunities for Security Teams to Fight AI with AIThe attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, operations, and applications. Modern cloud development enables faster application building and introduces complex security challenges. As generative AI becomes increasingly integrated into our tools and processes, it promises to transform how we approach cybersecurity. But what does that mean for security and development teams today?Join us in this episode as we interview Tomer Schwartz, CTO and Co-founder, Dazz, and explore how AI can be a game-changer for security teams, especially resource-constrained...
2024-08-2141 minYour Personal Bank with Ferenc TothJohn Burley Interview, Real Estate Expert, Educator, Private Equity Company FounderJohn Burley With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. John is a Pioneer in the Real Estate Investment Business, originally trained in the World of Wall St., in 1989 he left and founded his Private Equity Company, where he serves today as the Founder & CEO. It is a leader in the industry, with holdings in multiple countries and a dozen different states. His was among the first ever companies to bring Single Family Home...
2024-07-3053 minCSA Security UpdateISO/IEC 27001:2022 Unpacked: Embracing Auditing ThemesIn our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reorganization of domains marks a significant shift in how we think about and implement information security management. By centering our conversation on auditing themes, we explore how this new structure enhances the alignment of security practices with organizational goals and risks. We'll discuss the rationale behind this change, practical insights on transitioning to the new model, and the benefits it brings to ensuring a robust and comprehensive security audit. Join us as we interview David Forman, founder of...
2024-07-2343 minCSA Security UpdateFrom Concept to Competence: The Impact of CSA's Zero Trust TrainingIn this exclusive interview, we have the honor of speaking with a representative from the Cloud Security Alliance (CSA), the esteemed recipient of the 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training. This award acknowledges CSA's groundbreaking Certificate of Competence in Zero Trust (CCZT), the industry's first authoritative training and certification program dedicated to Zero Trust architecture, components, and best practices.During this session, we will delve into the development and significance of the CCZT, exploring the motivations behind its creation and the goals CSA aimed to achieve. Our discussion will highlight the unique features of the CCZT...
2024-06-2741 min
Digiexam Dialogues: Voices of InnovationGood technology solves the whyWelcome to Digiexam Dialogues: Voices of Innovation and this episode, “Good Technology Solves the Why,” where we explore the impactful integration of educational technology. Our host, John DiMaria, is joined by Brian Gray, Technology Systems Administrator from St. Stephen’s Episcopal School in Austin, Texas, and a 2024 Blackbaud Community All-Star.Brian shares his wealth of experience within edtech, diving into how technology in education should address the essential “why” behind teaching and learning challenges. He discusses strategies for choosing tools that truly enhance educational processes, emphasizing the importance of aligning tech solutions with teacher and student needs....
2024-06-191h 28CSA Security UpdateDecoding Security Solutions: ASPM vs CSPM vs CNAPPIn the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security field acronyms: Application Security Posture Management (ASPM), Cloud Security Posture Management (CSPM), and Cloud-Native Application Protection Platform (CNAPP). While all focused on bolstering security posture, these target different aspects of one's security program.Listen as we interview Karthik Swarnam, Chief Security and Trust Officer at Armorcode, a CSA member, and take a deep dive into this subject. We discuss:Distinguishing between ASPM, CSPM, and CNAPP: Understand their functionalities, target areas, and how they...
2024-05-2830 minCSA Security UpdateAligning Security Standards: Maximizing Synergy Between CSA STAR Level 2 and ISO 27001In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory, delve into the relationship between CSA STAR Level 2 and ISO 27001 standards, emphasizing the significant overlap in best practices, procedures, and controls for cloud service providers (CSPs) operating in medium- to high-risk environments. They highlight how collaboration with an auditing firm certified in both frameworks can expedite the compliance process, offering practical tips for streamlining attestations. Discover why dual compliance against CSA STAR Level 2 and ISO 27001 is paramount for CSPs to demonstrate their commitment to robust security practices and gain a competitive a...
2024-05-0228 minCSA Security UpdateNavigating the New Age of ComplianceIn a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new competitive edge. In this episode, we delve into the heart of agile compliance with a special guest Travis Howerton; Co-Founder and Chief Executive Officer of RegScale, a pioneering company at the forefront of compliance automation.Discover how automated technology and continuous monitoring is revolutionizing the way organizations approach compliance, risk management, and governance in both the private and government sectors. Our guest will share insights into the challenges businesses face in...
2024-04-3037 minYour Personal Bank with Ferenc TothJohn Burley Interview - Successful Real Estate Investing in 2024 John Burley is one of the most experienced real estate experts, educators, and is a private equity founder in the US. With 35+ years of investing experience and thousands of (personally) completed real estate deals, hundreds of millions of dollars raised, John Burley has the perfect mix of street-savvy knowledge and sound investing principles. Your Personal Bank can help you enhance real estate investing. You can lower your cost of borrowing. You can also operate similar to a bank and earn positive cash flow on your money. Contact Ferenc at YourPersonalBank.com or 866-268-4422 for more info.See omnystudio.com/li...
2024-03-1253 minCSA Security UpdateWhy CPA Firms Excel in Cybersecurity AttestationsIn the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm.The episode delves into why CPA firms, traditionally known for financial audits, are exceptionally well-suited for cybersecurity attestations and how they apply their expertise in ensuring rigorous processes and adherence to standards like CSA STAR when performing cybersecurity...
2024-01-1728 min
The Gospel DefenderDec 31st 2023 / Three Witnesses To salvation in 1 JohnSee omnystudio.com/listener for privacy information.
2023-12-2626 minCSA Security UpdateCloud Security Unveiled: Navigating CSA STAR Attestation and SOC2 in the Digital AgeIn today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent frameworks for assessing and ensuring cloud security. In this episode, we dive deep into the intricacies of CSA STAR Attestation, its relationship with SOC2, and their collective impact on cloud governance and cybersecurity. Join the CSA and our guests, Pat Nester and Michael Nouguier, as they shed light on these intertwined topics, helping businesses navigate the cloudy (pun intended) waters of modern...
2023-11-2743 minCSA Security UpdateBridging Cloud Security and Compliance: Government Cloud, FEDRAMP, and CCM/STAR IntegrationIn our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective on how these powerful tools are shaping the landscape of data security and regulatory compliance in the digital age. We also explore the challenges and opportunities presented by these technologies, offering valuable insights for stakeholders navigating the complex government cloud infrastructure. This engaging conversation promises to deepen your understanding of these critical domains and their transformative impact on today's digital governance...
2023-07-2441 minCSA Security UpdateSecuring Cloud Technology: Insights from NCC Group. Adopting and Implementing CSA Cloud Control MatrixIn this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them. He also highlights the specific benefits and improvements that resulted from the adoption within NCC Group. Furthermore, Nandor delves into the common challenges faced by clients when implementing the CSA CCM and p...
2023-05-1634 minCSA Security UpdateShining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud SecurityThis case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture. Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's challenges, objectives, and implementation outcomes.Find out how they were able to...
2023-04-1817 minCSA Security UpdateShining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud SecurityThis case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and compliance posture. Join us as we talk to Andrea Doherty; Technical lead for the Dell Technologies Security and Resiliency Organization's Trusted Cloud and Services program where she discusses Dell's challenges, objectives, and implementation outcomes.Find out how they were able to...
2023-04-1717 minThe Gospel DefenderApril 16th 2023 / Five Mistakes Made In John 9See omnystudio.com/listener for privacy information.
2023-04-1225 minCSA Security UpdatePrivate Cloud Computing - Security Considerations, Risks and Shared ResponsibilityPrivate cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center.What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks?Due to heightened security issues over the last few years, are companies considering moving to a private cloud? What are the pros and cons and what is the best advise from those doing it?Listen as we interview Balasubramanian (Bala) Krishnamurthy; Head...
2023-01-3035 min
2023-01-0626 min
2023-01-0526 min
2023-01-0426 min
2023-01-0326 min
2023-01-0226 min
2022-12-3126 min
2022-12-3126 min
2022-12-3126 min
2022-12-3126 min
3 Old GoaliesSeason 2 Episode 6: World Cup Recap with Guest Greg RaberThe 3 Old Goalies are back for a #WORLDCUP special with Special Guest Greg Raber!
John Boa, Greg Deutsch aka Bone, Eric Vaughter "EV", and Ryan Sparks aka @Touchedartist, dive into the 2022 World Cup along with guest Greg Raber.
A 2 Hour and 26 Minute episode with some great one liners and some rants along the way.
We know it's a long one but, it was a great time. Join us, won't you?
Talking #USMNT, #Soccer, Greg Berhalter, and more. #worldcup2022 #ARGENTINA #FRANCE #collegesoccer #ncaa #Naia #futbol #3oldgoalies #pele #messi #mbappe #dimaria #SCOREgoals #YNWA #UK #UniversityofKentucky #Syrac...
2022-12-282h 26
2022-12-1526 min
2022-12-1426 min
2022-12-1326 min
2022-12-1226 minCSA Security UpdateSTAR Attestation - One of the most powerful programs to evaluate the cloud sectorAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles,AT 101) and the CSA Cloud Controls Matrix.Requirements for the cloud can be quite different than non-cloud environments...
2022-05-1736 minCSA Security UpdateApplication Security - The Importance of Future Proofing Your ProcessAs we’re seeing more cyber attacks in software, open-source software, etc., there is a crucial need for businesses to future-proof against emerging threats. - How can companies take preventative (vs reactive) measures, including embedding security into the software as it’s being built (security by design)- Urgency for daily scans- How the CCM and STAR Program can facilitate reducing risk and understanding the Shared Responsibility Model.- What to expect in 2022 (more supply chain attacks expected)Get the answers to all these topics and more as we interview Farshad Abasi...
2022-04-2232 min
The Virtual CISO PodcastUse the CSA Cloud Controls to Maximize Your Security & Reduce Your Risk of BreachEven before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do business without it. Which means cloud security and compliance is more important than ever. That’s why I’m speaking to one of the authorities on cloud security, John DiMaria, Assurance Investigatory Fellow at Cloud Security Alliance, in today’s episode — to demystify cloud security. Join us as we discuss: How CSA’s STAR program can help you strengthen your cloud securityThe biggest vulnerabilities organizations face when operating in the cloudHow landing on CSA’s CCM registry can give your organization mo...
2022-04-0547 minCSA Security UpdateCSA STAR and CCM V4 Case Study Guest: Ronald Tse; CEO and Founder of RIBOSESTAR Certification is the internationally recognized cloud security certification program from CSA that specifies comprehensive and stringent cloud security requirements on CSPs. The CSA Cloud Controls Matrix (CCM) is the de-facto standard for cloud security assurance and compliance, widely used in assessing cloud security performance of cloud implementations.Ribose Achieved the world’s first STAR Certification with CSA Cloud Controls Matrix v4 that was released in January 2021. Recorded live from Hong Kong, Ronald Tse; CEO and founder of RIBOSE, takes us through their journey with STAR over the years and discusses the value, ROI and fut...
2022-03-2147 minCSA Security UpdateWho moved my cheese? Changes to the ISO standards and how they will affect you.As the businesses change the world changes and so does the standards industry. Being up to speed on those changes and paying attention to such changes can help company's succeed.CSA is dedicated to keep our followers up-to-date on these changes and how they may affect the users and provide guidance and information on what can be expected moving forward as well as what organizations should be concerned about as well as tips on preparing for these changes.Listen as we interview Ryan Mackie of Schellman and Eric Hibbard of Samsung, both members of SC27...
2022-03-1732 minCSA Security UpdateFighting Ransomeware in the CloudIn order to fight against ransomware in the cloud, you need to have a multifaceted strategy so you can be better prepared to protect against and respond to attacks. But IT organizations often struggle to understand the priorities and the appropriate approach to mitigate risk and minimize the impact of ransomware. With more tools and software, organizations many times throw money at technology solutions and do not address people and processes not to mention sector-specific controls to help detect, prevent, respond to ransomware not to mention other malware attacks.Listen as we discuss the subject and solutions...
2022-03-1119 minCSA Security UpdateCSA STAR Case Study, Guest: Nick Murison; CISO of ArdoqCloud computing has created new security vulnerabilities, including security issues whose full impacts are still emerging. With the massive growth the cloud industry is experiencing, it's a "buyer beware" environment for sure. The procurement process can be a daunting task for clients since each cloud service provider shows its security methods unique ways, making comparisons between sellers time-consuming. CSA facilitates this process. "We take security very seriously, focusing on protecting our customers and ourselves. In a constantly shifting landscape, we map out security threats and risks to plan current and future dangers. As the next step in ou...
2021-12-1036 minCSA Security UpdateMulti-party Recognition (MPRF) - Reduces cost and facilitates lower risk all the while building a culture of resiliency.Through a funded initiative called the EU-SEC Project, CSA has analyzed the issue of the proliferation of cloud security standards and compliance schemes, and has observed that many security requirements and control objectives in different standards are largely overlapping.As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of duplicated work that unduly increases costs and complexity.The idea behind the MPRF is not to create yet another cloud certification or auditing architecture. Instead, it aims to provide a unified method of systematic and consistent...
2021-11-0848 min
The Crux of the StoryThe Crux - Valerie DiMariaIn our sixty-fourth episode of The Crux, we welcome Valerie DiMaria, founder and principal of the10company. Valerie has held CMO & CCO roles at Fortune 100 companies and developed comprehensive brand and reputation building programs working closely with CEOs at GE Capital, Motorola, and Willis. She has been honored with PRSA’s John W. Hill Award for leadership in the practice of public relations, two PRSA Silver Anvils and two Big Apples. Valerie has been named one of the “10 Top Women in PR,” one of the “50 Most Powerful Women in PR” and a “tech industry key player” by PR Week.
2021-11-071h 00CSA Security UpdateSAXO Bank - First Bank to achieve STAR AttestationSaxo Bank became the first bank in the world to earn the Cloud Security Alliance STAR Level 2 Attestation and Trusted Cloud Provider accreditation.This milestone in the bank’s technology aspirations means Saxo Bank qualifies for and adheres to the highest and most comprehensive principles in terms of transparency, privacy, security and harmonization of standards across its IT systems, services and infrastructure that supports the business and different client segments from back-office systems to open APIs. The CSA STAR Level 2 attestation is verified and validated by a third-party auditor.The admission to the CS...
2021-07-2722 minCSA Security UpdateCSA CxO Trust Initiative Understanding the priorities of your peers within the C-SuiteThe mission of the CSA CxO Trust is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-Suite.Join us as we interview Illena Armstrong; President of CSA and discuss the details about the CSA CxO as well as...
2021-06-2529 minCSA Security UpdateObjectives-based Security - Enabling Security Teams to deliver desired outcomes"There is a proliferation of security products. As more high-value assets come online, the cybersecurity threats grow and the application environments rapidly change. Security teams are stretched thin trying to continuously map the desired business outcomes to disparate product configurations in these environments"."What we lack as an industry is a cohesive and a high-level approach to enabling security teams to deliver cybersecurity outcomes. A different approach to security is needed".~Vishwas Manral, Forbes Councils Member~Join us as we interview Vishwas Manral Forbes Councils Member, founder and CEO at NanoSec (acquired by McAfee...
2021-06-0832 minCSA Security UpdateThe advantages and future of the Cloud Control MatrixThe Cloud Control Matrix (CCM) is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The CCM is considered the de-facto standard for cloud security and privacy.Listen as we interview Harry Lu; The current Co-Chair of the Cloud Security Alliance Cloud Control Matrix Working Group and discuss the CCM, the advantages it brings to organizations, how it...
2021-03-0331 minCSA Security UpdateA case study – CCM and STAR –Integrating with third-party assessments and regulations to avoid duplication of effort and cost.The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks, and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publicly available to all clients....
2021-02-0127 minCSA Security UpdateThe Business Value of STAR AttestationAs organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA’s Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that enables third party audit review to give security teams the support and trust they require to enable this move to the cloud.Listen as...
2020-10-1637 minCSA Security UpdateHow to Engage with Cloud CustomersAs a cloud service provider (CSP) customer engagement is crucial. It impacts customer loyalty, which directly impacts the bottom line. The potential cost of incompetent customer engagement should be concerning to CSPs.The lines between cloud providers and cloud consumers keep getting fuzzier every day. What are the main challenges of cloud computing that users face?What is the growing paradigm shift in what users will expect from CSP’s moving forward as a minimum requirement? What are the top 3 or 4 risks of cloud computing they should be aware of on...
2020-07-2724 minCSA Security UpdateCSA STAR + SOC2 - From Readiness to AttestationAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix.1. What is CSA STAR & SOC2? What is CSA STAR & SOC2?
2020-05-2731 minCSA Security UpdateCSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QADThe Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.Listen as we interview Larry Greenblatt, Information Security Specialist at QAD as he takes us through his journey to CSA STAR Certification from business case...
2020-03-2536 minCSA Security UpdateIoT and SMART Nations - Building Resilience - Guest: David Mudd; BSI GroupIoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges – presenting a huge opportunity but risk as well. With SMART Cites and SMART Nations emerging, a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world’s 9 billion people will be city-dwellers by 2050, it’s vital we ensure cities provide a safe and pleasant environment that is sustainable and resilient to change. Listen as we interview David Mudd, Global Digital and Connecte...
2020-03-0228 minCSA Security UpdateSneak Preview of CSA Summit and RSA February 24 - 27 2020Excerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers at the upcoming CSA Summit at RSA!https://cloudsecurityalliance.org/star/
2020-02-1105 minCSA Security UpdateCSA 2019 Year in Review and look into 2020 with Co-Founder & CEO Jim Reavis2019 was another great year for CSA and it sets the stage for an even greater year in 2020.Listen to this insightful interview with Jim Reavis; Co-Founder and CEO of the Cloud Security Alliance as he provides a look back at the accomplishments and milestones achieved in 2019 and provides a look into the journey we will be taking in 2020.If you're not already, it is a great starting point to get involved with CSA and it's massive cloud community.https://cloudsecurityalliance.org/star/
2020-01-1726 minCSA Security UpdateThe STAR Certification Journey - Guest:Willibert Fabritius; Global Head of Information Security and Business Continuity, BSI GroupThe Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.Listen as we interview Willibert Fabritius; Global Head of Information Security and Business Continuity of BSI Group and take the journey with us down the...
2019-12-1138 minCSA Security UpdateCSA STAR Attestation; The first cloud-specific attestation program. Guest: Debbie Zallar; Principle, Schellman & Company LLCAs organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Services Criteria) and the CSA Cloud Controls Matrix.Listen as we interview Debbie Zaller; Principal, practice leader, and SME for...
2019-11-1928 minCSA Security UpdateReducing Business Risk with Forensic Readiness – Guest: Lamont Orange; CISO, NetskopeForensic readiness is defined as the ability of an organization to maximize its potential to use good quality digital evidence to protect the organization, support the investigators while minimizing the costs of an investigation.Trust in the cloud is constantly under attack, so good data-driven decisions are critical. Determining whether a data source provides an acceptable level of digital evidence is one thing, but how do you safeguard data integrity to ensure that the information contained within supports the investigation with the proper content or context, transparency, and trust? Proving "Due Diligence" and "Standard of Care" is...
2019-11-0624 minCSA Security UpdateEU-SEC-Multiparty Recognition Framework – Guest Damir Savanovic; Senior Analyst & Researcher; CSASecurity compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, international and industry-specific standards and certification schemes present in the market, generating "compliance fatigue", not to mention sometimes contradicting audit reports related to similar controls, That often translates into substantial costs for those service providersThe idea behind the MPRF is to provide a unified method of systematic and consistent activities with the goal of minimizing the burden of obtaining certification "Y" for a CSP, once it has already obtained certification "X". The MPRF’s purpose is, ther...
2019-10-2127 minCSA Security UpdateCSA STAR Case Study - Guest: Deepak Gupta; Co-founder and CTO at LoginRadiusAs a cloud service provider, there are many security challenges that organizations have to face which include providing customers and regulators with the proper level of transparency and assurance that is needed to achieve the required level of trust. Many organizations are turning to CSA STAR in answer to mandates, provide a marketing differentiator or just raising the bar in terms of their level of assurance and transparency. Listen as Deepak Gupta; Co-founder and CTO at LoginRadius explains their journey and approach to implementation. How they weaved the CCM controls into their current management system inc...
2019-10-0822 minCSA Security UpdateWhat Executives Should Know About Security Breaches and Prevention - Guest: Phillip Merrick; CEO, FugueSecurity is not simply a CIO, CSO, or IT department issue. It is critical that organizations have a system in place that can prove the all important "Standard of Care" was deployed and maintained.Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees. It is a matter of resilience and survival of the company.How should CEOs and board members get proactively involved in mitigating future challenges and get involved in the decision making process in an industry where there is...
2019-09-2436 minCSA Security UpdateLive from Hong Kong! Meeting Business Requirements with CSA STAR - Guest: Ron Tse; CEO of RiboseRibose has achieved STAR Attestation, Certification and C-STAR along with being one of the first adopters of STAR Continuous. What was the main driver? What was the approach to implementation and how did they weave the STAR controls into their current management system to build one holistic integrated process?Listen as Ron Tse; Founder and CEO of Ribose as he addresses these questions along with discussing what challenges STAR addressed and predictions on what can be expected in the global compliance landscape. https://cloudsecurityalliance.org/star/
2019-09-1246 minCSA Security UpdateCSA Research – Providing solutions for tomorrow's problems today – Guest: John Yeoh; Global V.P. of ResearchCSA research is such a big part of what CSA does, providing high quality relevant papers, studies and data free for all to take advantage of, yet in some cases is one of the best kept secrets on the amount of effort that goes into the output that has produced over 400 artifacts and to ensure its value and relevance.Collaborating with industry and harnessing the right subject matter expertise to ensure good cross-functionality is critical when it comes to producing valuable research. Listen as John Yeoh: Global V.P. of Research for CSA provides insight to t...
2019-08-2827 minCSA Security UpdateBusiness Email Compromise Scams Remain a Billion-Dollar Problem - Guest: Ken Dunham, OptivBusiness email compromise (BEC) scams are not going away anytime soon. For such a relatively low-tech type of financial fraud, it has proved to be a high-yield and lucrative enterprise for scammers. But the prevention measures are not expensive and not technology dependent.Listen as Ken Dunham;Senior Technical Director, Cyber Operations for Optiv discusses this growing issue, the process hackers use, the root cause and prevention recommendations you can use for cloud security when adopting the cloud and why transparency is so important.Episode is Not LivePublish: Aug. 14, 2019 @ 6...
2019-08-1430 minCSA Security UpdateMeasuring the Value that Information Sharing adds to Threat Intelligence - Guest: Paul Kurtz; Co-Founder, CEO, TruStarInformation sharing activities when combined with other threat intelligence activities can be seen as important part of the arrangements of human and non‐human activities that, together, form a critical part to achieving organizational resilience. There is a reciprocal relationship between all processes within an organization and the ways in which information is used and shared. Join us as we talk to Paul Kurtz; Former white house senior member relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush and internationally recognized expert on cybers...
2019-07-3031 minCSA Security UpdateThe Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSightContinuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, which customers and tool vendors can then retrieve and present in a variety of contexts. Continuous monitoring/auditing improves on the traditional point-in-time certification in both trust and transparency. Point-in-time audits while the foundation of many respected certifications, often contain a considerable time gap between audits, and by adopting continuous monitoring/auditing with an increased audit frequency, chances of deviation of the security posture becomes less. This empowers cloud service providers to ma...
2019-07-2238 minCSA Security UpdateCSA CAIQ-Lite – When is a more Streamlined Vendor Security Assessment option applicable? Guest: Nick Sorensen, CEO, WhisticCSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enable cybersecurity professionals to more easily engage with cloud vendors. CAIQ-Lite was developed to meet the demands of an increasingly fast-paced cybersecurity environment where adoption is becoming paramount when selecting a vendor security questionnaire. CAIQ-Lite contains 73 questions compared to the 295 found in the CAIQ, while maintaining representation of 100% of the original 16 control domains present in The Cloud Controls Matrix (CCM) 3.0.1.Listen as we talk with our guest Nick Sorensen, CEO of Whistic and discuss...
2019-07-0322 minCSA Security UpdateThe growing complexity around cybersecurity and evolving technology Guest: Dr. Ron Ross, NISTDr. Ron Ross, Fellow and Senior Computer Scientist and Information Security Researcher in the computer security division at the National Institute of Standards and Technology (NIST) joins us to discuss the growing problem of too much complexity and the associated security issues that are growing because of it. In this episode we discuss the problem, the root cause and the proven best practice solutions that will facilitate moving from a reactive to proactive culture providing organizational resiliehttps://cloudsecurityalliance.org/star/
2019-06-1821 minCSA Security UpdateTrust and Transparency - The continued challenges in the cloud - Guest: Jim ReavisAn interview with Jim Reavis; Co-Founder and CEO of CSA addressing the many challenges and solutions regarding trust and transparency in the cloud as well a new operational security issues that is coming with 5G technology. https://cloudsecurityalliance.org/star/
2019-06-0437 minCSA Security UpdatePilot Episode - CVE Vulnerability, Information Sharing and applicability to CSA STARhttps://cloudsecurityalliance.org/star/
2019-05-1327 min