Field Report: ISACA NACACS 2018
Members of the TalaTek team recently participated in the largest ever ISACA North American CACS conference in Chicago, alongside over 1,500 attendees. The opening keynote energized the conference with a dynamic presentation from the inspiring Erik Wahl. His message explored the need to break through fear and conventional thinking and harness emotion to rediscover your creativity. An interesting topic for an audience set to spend three days learning about audit and compliance best practices for following rules and regulations. Erik’s presentation resonated though, with a message about the need for creativity if you wish to excel, no matter what your trade.
Over the next three days the conference hosted dozens of sessions on a wide range of topics including audit, AWS Cloud, DevOps, incident response, risk assessment and third-party risk management. By far some of the hottest topics at the conference included:
GDPR – GDPR was top of mind for all attendees. Even the opening remarks included an overview of GDPR and its looming deadline of May 25, 2018. Many sessions devoted time to discussing the practical implications of GDPR and how organizations should be integrating this new regulation into their operations.
Block Chain – This emerging technology was a prominent topic in several sessions. Presentations included exploration of block chain fundamentals and what this disruptive technology may mean for security and audit professionals in the future.
Cloud Security – With cloud becoming not just mainstream but the first choice in many organizations, the honeymoon is over. Many sessions covered practical approaches to key cloud risk and security considerations including architectures, data security, identity management, DevOps and access control. The key recommendation in every session – don’t be lulled into a false sense of security with the cloud. Organizations must understand their responsibilities when implementing cloud technologies, they may have more at risk than they think.
Engaging the Business – More than a few sessions tackled the topic of engaging the business and delivered practical guidance on ways audit and security professionals can involve their entire organization, not just executives in risk management practices. Several sessions also shared tips to enhance communication with executives and the board around risk and security metrics.
Our action packed three days in Chicago included a presentation on The Hidden Traps in Third Party Risk Management by TalaTek President Baan Alsinawi and our business partner Adriaen Morse of Morse Law Office. The session covered key risk management traps introduced by third parties and often overlooked by organizations in their race to onboard new vendors and outsource non-core business operations. Practical guidance stressed the need for cross functional collaboration between Information Security, Procurement, Compliance & Ethics and Legal, led by executives, to ensure organizations are managing these risks most effectively.
Contact TalaTek to learn more about GDPR, effective risk management for the Cloud, engaging the business with meaningful quantitative risk metrics, third party risk management or any risk management needs you have!