Name
D6. A CISO’s Perspective on Cloud Audits
Track
Audit & Risk Management
Date
Wednesday, June 5, 2019
Time
3:15 PM - 4:15 PM
Description
All organizations use the cloud in one form or another. Whether its infrastructure as a service (IaaS) or a hosted application delivered as software as a service (SaaS), our exposure to cloud services has never been greater. In many cases, the use of cloud services is actually more secure than traditional on-premise IT. That being, internal auditors and IT auditors need to ensure that how they assess cloud services accurately captures and reflects different types of risk including the correct way to use these services, their impact with respect to “shadow” IT, as well as growing privacy concerns.
Learner Objectives
After completing this session, the learner will: – Develop a cloud audit program that is comprehensive and repeatable – Validate privacy and security risks of cloud services to meet organizational objectives and risk tolerances – Apply professional skepticism in evaluating and assessing vendor claims relative to governance and security
Speakers
Speaker Bio(s)
With over 25 years in technology and as a multi-industry CISO, Matt Shufeldt brings decades of practical experience building and operating security programs. Before joining EVOTEK as a CISO and Executive Advisor, he served as a long term CISO in both Healthcare and Retail, and has several years leading teams at multiple levels in both IT and Security. Matt was also the inaugural winner of the CTA APEX CISO of Year award in 2017 and is a long term board member for the Denver OWASP chapter.
CEUs
1