Highlights from ISACA’s 2018 CACS Conference

Downtown Chicago

The recent North America Computer Audit, Control and Security Conference (CACS) held in Chicago, focused on the theme, “See What’s Next, Now.” The conference offered professionals more than 100 sessions in nine educational tracks that included big data, risk management, cybersecurity, information security audit and assurance, and industry trends — with a special focus paid to the General Data Protection Regulation (GDPR) that will be enacted on May 25, 2018. Here are some of BARR’s key takeaways from the event.

Hot topics heard around the conference

  • Cloud computing services and infrastructure
  • DevSecOps, including containerization and immutable infrastructure
  • Privacy, velocity of innovation and ethical responsibilities over who holds data

Trends to keep on your radar

  • DevSecOps
  • Increased attacks resulting from the IoT (Internet of Things) and IoP (Internet of People)
  • More effective audit practices using automation and analytics

FAQs about innovation, audits, cybersecurity and governance

  • How do we select the best Cloud Service Provider (CSP) for our company’s needs?
  • How do we ensure security and compliance during and after the transition and implementation period?
  • What is the best way to audit and consult companies using containers and immutable infrastructures?
  • Which control framework should our company use as a guide when designing controls if we need to be compliant with many regulatory frameworks?
  • Where do we start with a risk assessment; how do we narrow the scope?
  • How do we choose a great penetration testing firm that will include social engineering tests in their review?
  • How do we govern data that we don’t have complete control over?
  • How do we manage and hold our vendors accountable for data?

Inspiring keynote speakers

As auditors, we recognize that we can be analytical by nature, which is why we enjoyed the introductory keynote speaker, Erik Wahl. Erik, an artist, TED speaker and best-selling author, shared a powerful demonstration on imagination and perspective. He emphasized the importance of “unlocking one’s childlike creativity” in order to see new opportunities and better serve clients.

Technology futurist and closing keynote speaker, Shara Evans, was also interesting. Her presentation focused on the security, privacy and ethics challenges in our digital future, including the personal and strategic business implications of AI, drones, robots, facial recognition and IoT. Shara had us wondering: Where will the checks and balances be in the future; and should companies and industries have independent privacy assessors?

Helpful tools to use

This event was a great reminder of industry resources available to organizations. While this particular one is often overlooked, we recommend you check out CIS Benchmarks, which shares recognized best practices for securing IT systems and data against pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals.

To learn about more insights and trends from the CACS conference, contact us at info@barradvisory.com.