ISACA Podcast

SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated w

SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated with other cybersecurity groups within an organization to empower them with a security approach that unifies the entire enterprise landscape.

A chief information security officer (CISO) has many priorities, but when it comes to SAP environments, CISOs must fully understand how SAP applies to the IT enterprise and organizational environment to help them achieve all security goals. In addition, CISOs need to know their SAP team members personally so they can integrate them rather than contain them in silos. Finally, SAP must be secured to the same degree as other enterprise applications. When there is a Linux, Microsoft, or even a hybrid cloud incident, cybersecurity teams have a detailed plan of action upon which they are ready to act. SAP requires high-level consideration, or critical elements of the business will be vulnerable to malicious cyber actors—with no apparent response.

Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe.

In this ISACA podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity professionals and the overall goal of enterprise security, as well as how cybercriminals who want to exploit it can leverage it as well. He believes the world is entering a time when AI is fighting AI, and security professionals must focus on feeding ChatGPT technology more relevant data faster than the adversary. Folk also addresses how AI is affecting social engineering and his predictions for upcoming AI developments.

Welcome to Episode 4 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the world of cybersecurity standardization. In this episode, titled "Becoming a License Body," Ameet is joined by esteemed guests Bryan Lillie, Strategic Technical Lead at the UK Cyber Security Council, and Peter Leitch, Co-Founder and Managing Partner at ANSEC. Together, they explore the intricacies of licensed bodies in shaping the cyber profession. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Welcome to Episode 3 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the essential aspects of applying for and assessing candidates in the cybersecurity field. In this episode, titled "How to Apply," Ameet is joined by distinguished guests Ethan Duffell, representing the UK Cyber Security Council, and Allan Broadman, Director of CyberAdvisor London. Together, they shed light on the launch of specializations and the significance of professional standards in the cybersecurity sector. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Traditional security questionnaires just aren't cutting it anymore.

Tune into this ISACA Podcast episode, Chris McGowan chats with VISO TRUST CEO and Co-founder, Paul Valente as they delve into the evolving landscape of Third-Party Risk Management (TPRM), exposing the limitations of current methods and exploring how emerging AI trends are shaping a more secure future and driving more effective third-party risk management programs.

To learn more about VISO Trust please go to https://visotrust.com/

Are you curious about how to maximize the strategic value and impact of your bug bounty program?

In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective.

In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a metrics-driven approach to enhance the internal security testing and detection capabilities of your organization.

Explore Further: Delve deeper into the subject with additional resources

https://blog.developer.adobe.com/adobe-announces-researcher-hall-of-fame-initiative-for-security-researchers-5e677286dbd6

https://blog.developer.adobe.com/researcher-q-a-aem-solution-architect-by-day-adobe-bug-bounty-hunter-by-night-aed39a4750e4

https://blog.developer.adobe.com/attention-security-researchers-level-up-your-skills-and-join-our-private-bug-bounty-program-2da9d5979d8b

https://blog.developer.adobe.com/adobe-recap-2023-ambassador-world-cup-final-four-df701e1a1b12

Welcome to Episode 2 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the intricacies of cybersecurity standardization. In this episode, titled "Audit and Assurance," Ameet is joined by esteemed guests Leanne Sperry, Project Manager for Standards Development at the UK Cyber Security Council, and Mike Hughes, the ISACA Immediate Past President for ISACA Central UK. Together, they explore key challenges, lessons learned, and insights from related workshops in the realm of Audit and Assurance. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Tune in to the inaugural episode of "The Cyber Standard Podcast," “The Vision!”

Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions for the future, the significance of the Audit & Assurance specialism, and the collaborative efforts between the two organizations. Don't miss this insightful conversation that sets the stage for the podcast's journey into the world of cybersecurity standardization.

Explore Further: Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme 

Getting dressed is a routine example of everyday life packed with choices. Should I wear pants or shorts? Do I need a sweater? Shoes or sandals? While we often make these choices subconsciously, even actions that don’t appear as choices include several microscopic risk-based calculations.

These judgments are executed based on some estimate of risk, and as known in the cybersecurity industry, what is believed to be safe today may no longer be safe tomorrow (or possibly even within the hour). Given this unique challenge, how do you establish a process that allows you to identify, analyze, prioritize, and treat security risks that are constantly evolving and where the threat is persistently adapting?

In this podcast, ISACA's Lisa Cook discusses with Adobe's Matt Carroll, Senior Manager of Technology Governance, Risk, and Compliance the risk methodology and practices his team has developed at Adobe that have helped the company rapidly measure security risk in a constantly changing landscape.

ISACA recently marked the 25^th anniversary of Steve Ross’ ISACA Journal Information Security Matters column. Over the last quarter century, technology, security, and the workforce have evolved, while certain challenges remain the same.

In this ISACA Podcast episode, Safia Kazi speaks to Steve about how he started writing for the Journal, societal shifts in security perceptions, and how writing skills are invaluable for anyone in the security industry.