DiscoverISACA Podcast
Claim Ownership
ISACA Podcast
Author: ISACA Podcast
Subscribed: 403Played: 11,772Subscribe
Share
© All rights reserved
Description
The ISACA Podcast gives you insight into the latest regulations, trends and threats experienced by information systems auditors and governance and security professionals. The experts interviewed in the ISACA Podcast have valuable perspectives they have gained from their years of experience in the field. Whether you are beginning your career or have decades of experience, the ISACA Podcast can help you be better equipped to address industry challenges and embrace opportunities.
303 Episodes
Reverse
SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated w
SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated with other cybersecurity groups within an organization to empower them with a security approach that unifies the entire enterprise landscape.
A chief information security officer (CISO) has many priorities, but when it comes to SAP environments, CISOs must fully understand how SAP applies to the IT enterprise and organizational environment to help them achieve all security goals. In addition, CISOs need to know their SAP team members personally so they can integrate them rather than contain them in silos. Finally, SAP must be secured to the same degree as other enterprise applications. When there is a Linux, Microsoft, or even a hybrid cloud incident, cybersecurity teams have a detailed plan of action upon which they are ready to act. SAP requires high-level consideration, or critical elements of the business will be vulnerable to malicious cyber actors—with no apparent response.
Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe.
In this ISACA podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity professionals and the overall goal of enterprise security, as well as how cybercriminals who want to exploit it can leverage it as well. He believes the world is entering a time when AI is fighting AI, and security professionals must focus on feeding ChatGPT technology more relevant data faster than the adversary. Folk also addresses how AI is affecting social engineering and his predictions for upcoming AI developments.
Welcome to Episode 4 of "The Cyber Standard Podcast"!
Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the world of cybersecurity standardization. In this episode, titled "Becoming a License Body," Ameet is joined by esteemed guests Bryan Lillie, Strategic Technical Lead at the UK Cyber Security Council, and Peter Leitch, Co-Founder and Managing Partner at ANSEC. Together, they explore the intricacies of licensed bodies in shaping the cyber profession. Don't miss this insightful conversation!
Explore Further:
Delve deeper into the subject with additional resources provided in the episode description.
https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme
Welcome to Episode 3 of "The Cyber Standard Podcast"!
Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the essential aspects of applying for and assessing candidates in the cybersecurity field. In this episode, titled "How to Apply," Ameet is joined by distinguished guests Ethan Duffell, representing the UK Cyber Security Council, and Allan Broadman, Director of CyberAdvisor London. Together, they shed light on the launch of specializations and the significance of professional standards in the cybersecurity sector. Don't miss this insightful conversation!
Explore Further:
Delve deeper into the subject with additional resources provided in the episode description.
https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme
Traditional security questionnaires just aren't cutting it anymore.
Tune into this ISACA Podcast episode, Chris McGowan chats with VISO TRUST CEO and Co-founder, Paul Valente as they delve into the evolving landscape of Third-Party Risk Management (TPRM), exposing the limitations of current methods and exploring how emerging AI trends are shaping a more secure future and driving more effective third-party risk management programs.
To learn more about VISO Trust please go to https://visotrust.com/
Are you curious about how to maximize the strategic value and impact of your bug bounty program?
In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective.
In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a metrics-driven approach to enhance the internal security testing and detection capabilities of your organization.
Explore Further: Delve deeper into the subject with additional resources
https://blog.developer.adobe.com/adobe-announces-researcher-hall-of-fame-initiative-for-security-researchers-5e677286dbd6
https://blog.developer.adobe.com/researcher-q-a-aem-solution-architect-by-day-adobe-bug-bounty-hunter-by-night-aed39a4750e4
https://blog.developer.adobe.com/attention-security-researchers-level-up-your-skills-and-join-our-private-bug-bounty-program-2da9d5979d8b
https://blog.developer.adobe.com/adobe-recap-2023-ambassador-world-cup-final-four-df701e1a1b12
Welcome to Episode 2 of "The Cyber Standard Podcast"!
Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the intricacies of cybersecurity standardization. In this episode, titled "Audit and Assurance," Ameet is joined by esteemed guests Leanne Sperry, Project Manager for Standards Development at the UK Cyber Security Council, and Mike Hughes, the ISACA Immediate Past President for ISACA Central UK. Together, they explore key challenges, lessons learned, and insights from related workshops in the realm of Audit and Assurance. Don't miss this insightful conversation!
Explore Further:
Delve deeper into the subject with additional resources provided in the episode description.
https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme
Tune in to the inaugural episode of "The Cyber Standard Podcast," “The Vision!”
Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions for the future, the significance of the Audit & Assurance specialism, and the collaborative efforts between the two organizations. Don't miss this insightful conversation that sets the stage for the podcast's journey into the world of cybersecurity standardization.
Explore Further: Delve deeper into the subject with additional resources provided in the episode description.
https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme
Getting dressed is a routine example of everyday life packed with choices. Should I wear pants or shorts? Do I need a sweater? Shoes or sandals? While we often make these choices subconsciously, even actions that don’t appear as choices include several microscopic risk-based calculations.
These judgments are executed based on some estimate of risk, and as known in the cybersecurity industry, what is believed to be safe today may no longer be safe tomorrow (or possibly even within the hour). Given this unique challenge, how do you establish a process that allows you to identify, analyze, prioritize, and treat security risks that are constantly evolving and where the threat is persistently adapting?
In this podcast, ISACA's Lisa Cook discusses with Adobe's Matt Carroll, Senior Manager of Technology Governance, Risk, and Compliance the risk methodology and practices his team has developed at Adobe that have helped the company rapidly measure security risk in a constantly changing landscape.
ISACA recently marked the 25th anniversary of Steve Ross’ ISACA Journal Information Security Matters column. Over the last quarter century, technology, security, and the workforce have evolved, while certain challenges remain the same.
In this ISACA Podcast episode, Safia Kazi speaks to Steve about how he started writing for the Journal, societal shifts in security perceptions, and how writing skills are invaluable for anyone in the security industry.
Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included.
In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware by taking an asset-centric prioritized-security approach that includes all of these security areas.
For more ISACA Podcasts, visit www.isaca.org/podcasts
To learn more about Nanitor, please visit https://nanitor.com/
To view the Nanitor article, please click https://nanitor.com/resources/blog/cybersecurity/exploring-continuous-threat-exposure-management-ctem/
In this ISACA Podcast episode, we’ll delve into how leveraging Agile concepts can mitigate common challenges neurodiverse auditors face in the workplace. Neurodivergent auditors can bring a fresh and dynamic energy to projects if given appropriate accommodation.
Join us as ISACA's Robin Lyons chats with Program External Audit IT Program Manager Amanda Tucker as they explore small changes that can significantly impact not only neurodiverse individuals on your team but the entire team itself.
With the increasing demand for audits and risk assessments, artifact requests will not be going away anytime soon. However, the burden these activities bring to the organization can be drastically reduced when audit and risk work together.
In this ISACA Podcast episode, Paul Phillips, Director of Event Content Development at ISACA, hosts Staff Governance, Risk, and Compliance Analyst Benjamin Bartz. Ben takes a deeper dive and elaborates on some of the must-haves for this partnership to live to its full potential.
Effective IT issue management is crucial for organizations to mitigate financial loss, reputational damage, and operational disruptions. Issue management tools streamline the process by tracking and resolving issues, while risk rating helps prioritize responses based on their impact and likelihood.
In this ISACA Podcast episode, ISACA's GRC Professional Practices Principal, Lisa Cook chats with IT Risk Manager, Eric Peck about why acknowledging and addressing high-risk issues with a structured approach empowers organizations to protect themselves and ensure compliance in today's complex regulatory landscape.
Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits).
A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today.
In this ISACA Podcast episode, ISACA's Lisa Cook listens in as James Huang, Global Cloud Compliance Senior Manager, explains why having a central CCF can help various product engineering teams meet their security compliance needs and understand the level of effort required for each compliance certification.
Understanding product security risk starts before a single code line is written. Teams can discover threats to the architecture of a system early in the development life cycle with Threat Modeling. While it’s not a new concept, how do we transform traditional ways of Threat Modeling to meet the complexities of modern software development at scale?
In this ISACA Podcast episode, Chris McGowan chats with Lauren Strope, Manager of Application Security at Adobe. Lauren offers her expertise on strategies for scaling your program and provides unique perspectives on the future of Threat Modeling.
Learn more about Adobe at www.adobe.com
For more ISACA Podcasts, please visit https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
Security risks introduced by vendors have become a top-of-mind concern for executives today, driven by recent supply chain incidents that have exposed organizations to operational and reputational risks.
A robust vendor security program is now a must, as it helps ensure compliance and proactively identifies and mitigates these risks throughout the vendor lifecycle. However, many vendor security teams today face an ever-growing backlog of security reviews, creating increased urgency and pressure for teams to maintain quality assessments. These reviews are often perceived as time-consuming in the procurement process, calling for a balance between meeting business demands and conducting thorough assessments to identify and isolate potential risks.
In this ISACA Podcast, Adobe's Manager of Vendor Security Nidhi Bandi shares about recent enhancements Adobe has made to calculate risk in the vendor space better and provides guidance on how you can stand up a strong vendor security program that balances procurement needs at your organization.
Learn more about Adobe at https://www.adobe.com/
Listen to more ISACA Podcasts at https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
If we want people to bring their most creative, innovative selves to work, we need to cultivate a culture where inspiration is given, encouraged, and fostered.
In this ISACA Podcast, Kristi Hedges, executive coach, and leadership development consultant, speaker, and author, gives a sneak peek of her upcoming member-exclusive 'Cultivating Inspired Leaders, a CPE-eligible event. At the event, Kristi Hedges will provide a roadmap for building an inspired mindset for leaders, teams, and individuals.
Register for this ISACA event at https://www.isaca.org/membership/member-exclusive-speaker-series
Neurodiversity within cybersecurity offers many benefits but requires organizations and hiring managers to re-evaluate hiring practices and job descriptions typically structured for neurotypical applicants.
Join ISACA's Director of Professional Practices and Innovation as he hosts a conversation with a company helping to remove barriers and maximize the value neurodiverse talent brings to cybersecurity.
For more ISACA Podcast, go to https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
Agile Scrum is a lightweight framework that promises to significantly improve internal audits by creating a mindset that generates stakeholder value through adaptive solutions for complex auditing problems. This mindset is needed as organizations face unprecedented changes and pressures in today's business landscape. Internal audits must keep leaders informed and aware of potential risks.
Such a mindset addresses some of the often-experienced auditing challenges such as a lack of senior management support, insufficient audit preparation time, difficult auditees and lack of time needed to write audit results.
Featuring special guest Thomas Bell and hosted by ISACA's Robin Lyons.
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
United States