ISACA Podcast ISACA Podcast

Are you curious about how to maximize the strategic value and impact of your bug bounty program?
In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective.
In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a metrics-driven approach to enhance the internal security testing and detection capabilities of your organization.
Explore Further: Delve deeper into the subject with additional resources
https://blog.developer.adobe.com/adobe-announces-researcher-hall-of-fame-initiative-for-security-researchers-5e677286dbd6
https://blog.developer.adobe.com/researcher-q-a-aem-solution-architect-by-day-adobe-bug-bounty-hunter-by-night-aed39a4750e4
https://blog.developer.adobe.com/attention-security-researchers-level-up-your-skills-and-join-our-private-bug-bounty-program-2da9d5979d8b
https://blog.developer.adobe.com/adobe-recap-2023-ambassador-world-cup-final-four-df701e1a1b12

Tune in to the inaugural episode of "The Cyber Standard Podcast," “The Vision!”
Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions for the future, the significance of the Audit & Assurance specialism, and the collaborative efforts between the two organizations. Don't miss this insightful conversation that sets the stage for the podcast's journey into the world of cybersecurity standardization.
Explore Further: Delve deeper into the subject with additional resources provided in the episode description.
https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme 

Getting dressed is a routine example of everyday life packed with choices. Should I wear pants or shorts? Do I need a sweater? Shoes or sandals? While we often make these choices subconsciously, even actions that don’t appear as choices include several microscopic risk-based calculations. These judgments are executed based on some estimate of risk, and as known in the cybersecurity industry, what is believed to be safe today may no longer be safe tomorrow (or possibly even within the hour). Given this unique challenge, how do you establish a process that allows you to identify, analyze, prioritize, and treat security risks that are constantly evolving and where the threat is persistently adapting?In this podcast, ISACA's Lisa Cook discusses with Adobe's Matt Carroll, Senior Manager of Technology Governance, Risk, and Compliance the risk methodology and practices his team has developed at Adobe that have helped the company rapidly measure security risk in a constantly changing landscape.

ISACA recently marked the 25th anniversary of Steve Ross’ ISACA Journal Information Security Matters column. Over the last quarter century, technology, security, and the workforce have evolved, while certain challenges remain the same.
In this ISACA Podcast episode, Safia Kazi speaks to Steve about how he started writing for the Journal, societal shifts in security perceptions, and how writing skills are invaluable for anyone in the security industry.

Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included.
In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware by taking an asset-centric prioritized-security approach that includes all of these security areas.
For more ISACA Podcasts, visit www.isaca.org/podcasts
To learn more about Nanitor, please visit https://nanitor.com/
To view the Nanitor article, please click https://nanitor.com/resources/blog/cybersecurity/exploring-continuous-threat-exposure-management-ctem/

Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits).
A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today.
In this ISACA Podcast episode, ISACA's Chris McGowan listens in as Zach Folk, Director of Solutions Engineering explains why having a central CCF can help various product engineering teams meet their security compliance needs and understand the level of effort required for each compliance certification.