Are you curious about how to maximize the strategic value and impact of your bug bounty program? In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective. In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a m ..read more

Tune in to the inaugural episode of "The Cyber Standard Podcast," “The Vision!” Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions for the future, the significance of the Audit & Assurance specialism, and the collaborative efforts between the two organizations. Don't miss this insightful conversation that sets the stage for ..read more

Getting dressed is a routine example of everyday life packed with choices. Should I wear pants or shorts? Do I need a sweater? Shoes or sandals? While we often make these choices subconsciously, even actions that don’t appear as choices include several microscopic risk-based calculations. These judgments are executed based on some estimate of risk, and as known in the cybersecurity industry, what is believed to be safe today may no longer be safe tomorrow (or possibly even within the hour). Given this unique challenge, how do you establish a process that allows you to identify, analyze, prior ..read more

Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included. In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware b ..read more

Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits). A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today. In this ISACA Podcast episode, ISACA's Chris McGowan listens in as Zach Folk, Dir ..read more

In this ISACA Podcast episode, we’ll delve into how leveraging Agile concepts can mitigate common challenges neurodiverse auditors face in the workplace. Neurodivergent auditors can bring a fresh and dynamic energy to projects if given appropriate accommodation. Join us as ISACA's Robin Lyons chats with Program External Audit IT Program Manager Amanda Tucker as they explore small changes that can significantly impact not only neurodiverse individuals on your team but the entire team itself.  ..read more

With the increasing demand for audits and risk assessments, artifact requests will not be going away anytime soon. However, the burden these activities bring to the organization can be drastically reduced when audit and risk work together. In this ISACA Podcast episode, Paul Phillips, Director of Event Content Development at ISACA, hosts Staff Governance, Risk, and Compliance Analyst Benjamin Bartz. Ben takes a deeper dive and elaborates on some of the must-haves for this partnership to live to its full potential ..read more

Understanding product security risk starts before a single code line is written. Teams can discover threats to the architecture of a system early in the development life cycle with Threat Modeling. While it’s not a new concept, how do we transform traditional ways of Threat Modeling to meet the complexities of modern software development at scale? In this ISACA Podcast episode, Chris McGowan chats with Lauren Strope, Manager of Application Security at Adobe. Lauren offers her expertise on strategies for scaling your program and provides unique perspectives on the future of Threat Modeling. Lea ..read more

Security risks introduced by vendors have become a top-of-mind concern for executives today, driven by recent supply chain incidents that have exposed organizations to operational and reputational risks. A robust vendor security program is now a must, as it helps ensure compliance and proactively identifies and mitigates these risks throughout the vendor lifecycle. However, many vendor security teams today face an ever-growing backlog of security reviews, creating increased urgency and pressure for teams to maintain quality assessments. These reviews are often perceived as time-consuming in th ..read more

If we want people to bring their most creative, innovative selves to work, we need to cultivate a culture where inspiration is given, encouraged, and fostered.   In this ISACA Podcast, Kristi Hedges, executive coach, and leadership development consultant, speaker, and author, gives a sneak peek of her upcoming member-exclusive 'Cultivating Inspired Leaders, a CPE-eligible event. At the event, Kristi Hedges will provide a roadmap for building an inspired mindset for leaders, teams, and individuals.   Register for this ISACA event at https://www.isaca.org/membership/member-exclusive-sp ..read more