CSA to use CloudTrust Protocol
Posted on 06 July 2011.
Cloud Security Alliance (CSA) announced that it has received a no‑cost license for the CloudTrust Protocol (CTP) from CSC. The CTP is being integrated as the fourth pillar of the CSA’s cloud Governance, Risk and Compliance stack.

The CSA’s GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

The GRC stack is an integrated suite of CSA initiatives — CloudAudit, Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire — available for free download.

Through this licensing agreement, the CSA plans to integrate the CTP into this stack and distribute it at no charge to enterprises, consumers and cloud service providers, enabling them to bring workloads more efficiently to the cloud. 
The CTP was created by CSC to provide the cloud consumer with the right information to confidently make choices about what processes and data to put into what type of cloud, and to sustain information risk management decisions about cloud services.

It provides transparency into cloud service delivery, offering cloud consumers important information about service security and cloud service providers with a standard technique to prepare and deliver information to clients about their data. In so doing, the CTP generates the evidence needed to verify that all of a company’s activity in the cloud is happening as described.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th