CloudSec 아카데미

Cybersecurity Maturity Model Certification (CMMC) is an evaluation designed for Defense Industrial Base (DIB) contractors.

DORA is an EU regulation that’s centered around cybersecurity and operational resilience.

Shaked Rotlevi

3월 26, 2025

Understanding how to implement zero trust architecture is crucial for protecting against the complexities of modern cyber threats.

In this article, we'll explore the different types of data categorization, strategies for effective management, and how to avoid common pitfalls that can complicate cloud data governance.

Cloud governance entails the policies, processes, and controls an organization puts in place to ensure the effective and secure management of its cloud resources and services.

FISMA compliance is the set of processes, controls, and protocols an organization must have in place to ensure its information assets satisfy the requirements of the Federal Information Security Management Act (FISMA).

This article is your cheat sheet for understanding the ISO 27001 controls, implementing them to tackle security risks, and getting ISO 27001 certified—without any hassles.

In this article, we’ll explore the ins and outs of NIST 800-171 compliance, including how it fits within the broader NIST standards and who needs to comply. We’ll also discuss some cloud security best practices to help you keep data safe.

Although the HIPAA doesn't make any specific reference to the cloud, it is a completely different IT environment from the on-premises data center—with different compliance challenges. Learn some of the key HIPAA considerations when you host your healthcare workloads in the cloud.

In this post, we'll explore NIST's cloud security standards and how they provide a framework of best practices that enhance the safety and reliability of cloud environments.

In this post, we’ll explore why NIST 800-53 is an essential part of modern data protection and important to your cloud environment—along with some best practices so you can roll it out smoothly in your organization.

This checklist is a comprehensive guide to becoming NIST-compliant and reinforcing the most critical security pillars.

NIST compliance is adherence to security standards and guidelines developed by the National Institute of Standards and Technology (NIST).

Shaked Rotlevi

12월 13, 2024

A data security policy is a document outlining an organization's guidelines, rules, and standards for managing and protecting sensitive data assets.

Shaked Rotlevi

12월 13, 2024

Data risk management involves detecting, assessing, and remediating critical risks associated with data. We're talking about risks like exposure, misconfigurations, leakage, and a general lack of visibility.

Cloud governance best practices are guidelines and strategies designed to effectively manage and optimize cloud resources, ensure security, and align cloud operations with business objectives. In this post, we'll the discuss the essential best practices that every organization should consider.

A data risk assessment is a full evaluation of the risks that an organization’s data poses. The process involves identifying, classifying, and triaging threats, vulnerabilities, and risks associated with all your data.

이 가이드에서는 AI 거버넌스가 조직에 매우 중요해진 이유를 분석하고, 이 공간을 형성하는 주요 원칙과 규정을 강조하고, 자체 거버넌스 프레임워크를 구축하기 위한 실행 가능한 단계를 제공합니다.

이 게시물에서는 EU가 이 법을 제정한 이유, 이 법의 내용, 규정 준수를 간소화하기 위한 모범 사례를 포함하여 AI 개발자 또는 공급업체로서 알아야 할 사항에 대해 자세히 설명합니다.

Discover key cloud security standards to protect sensitive data and ensure compliance with frameworks like ISO, SOC 2, and NIST.

The principle of least privilege (PoLP) is a cybersecurity concept in which users, processes, and devices are granted the minimum access and permissions necessary to perform their tasks.

Shaked Rotlevi

9월 22, 2024

Data security compliance is a critical aspect of data governance that involves adhering to the security-centric rules and regulations set forth by supervisory and regulatory bodies, including federal agencies.

CIS 벤치마크는 공개적으로 사용 가능한 보안 로드맵으로, 조직이 사이버 위협에 대해 IT 시스템을 강화하는 데 도움이 되는 핵심 권장 사항을 제공합니다.

공동 책임 모델은 클라우드 서비스 공급자(AWS, GCP, Azure)와 고객 간의 클라우드 보안 책임을 설정하는 프레임워크입니다.

Shaked Rotlevi

3월 7, 2024

CSPM(Cloud Security Posture Management)은 클라우드 환경 및 서비스(예: 공용 읽기 액세스 권한이 있는 S3 버킷)에서 위험을 지속적으로 감지하고 수정하는 프로세스를 설명합니다. CSPM 도구는 업계 모범 사례, 규정 요구 사항 및 보안 정책에 따라 클라우드 구성을 자동으로 평가하여 클라우드 환경이 안전하고 적절하게 관리되도록 합니다.