CSA Security Update

Beyond Encryption: Quantum Computing and the Future of Cyber Risk

In this episode, we delve into the transformative world of quantum computing and its implications for cybersecurity. Join us as William (Bill) Genovese, Chief Quantum Officer at Cyber Eagle Project, shares insights on how quantum technology is reshaping cyber risk, governance, and resilience. Discover why organizations must prepare now for a quantum future, the challenges of transitioning to post-quantum encryption, and the strategic steps leaders should take to safeguard their digital assets. Tune in to explore the intersection of quantum advancements and cybersecurity with industry experts. https://cloudsecurityalliance.org/star/

The New Mandate for Internal Audit in Cloud & AI Environments

As organizations accelerate their adoption of cloud and AI technologies, internal audit teams face mounting pressure to evaluate increasingly complex hybrid and multi-cloud environments. In this episode, the Cloud Security Alliance’s John DiMaria sits down with Jerrad Bartczak of Advantage Partners to examine the rapidly evolving cloud risk landscape—spanning unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows. Listeners will gain practical guidance on establishing strong cloud governance, clarifying accountability, assessing cloud and data security posture, evaluating identity and access controls, securing application development, and addressing third-party cloud risk. The conversation also explores how frameworks such as the CSA Cloud Controls Matrix can support a structured, multi-year cloud audit strategy. Ultimately, this episode reinforces that cloud security is a strategic business imperative that requires collaboration, continuous monitoring, and a unified approach to risk management. https://cloudsecurityalliance.org/star/

Navigating AI Governance Insights - ISO 42001: The Future of AI Compliance

In this episode of CSA Security Update, host John DiMaria speaks with Walter Haydock, founder of StackAware, about the critical role of AI governance and compliance in today's rapidly evolving regulatory landscape. They discuss the importance of ISO 42001 as a framework for managing AI-related risks while fostering innovation. Walter shares insights on how certification can build trust with customers and streamline sales processes, as well as the challenges organizations face in navigating a patchwork of regulations. Drawing from his military background, Walter emphasizes the necessity of making informed decisions in risk management. The conversation concludes with a forward-looking perspective on the future of AI in business. https://cloudsecurityalliance.org/star/

AI Governance Gets Real: How ISO/IEC 42001 Elevates Cloud GRC

As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001, the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governance. You’ll learn how this standard helps organizations operationalize AI risk management while ensuring accountability, transparency, and compliance across modern cloud ecosystems. We break down practical strategies for integrating ISO/IEC 42001 into existing GRC programs—without duplicating effort or creating parallel processes.  John DiMaria interviews Tanya Tandon, Senior GRC & Risk Advisor for VISO TRUST, who draws on real-world experience as an ISO/IEC 42001 Lead Auditor, offers actionable guidance for building trustworthy AI systems, preparing for certification, and managing third-party AI risks. Whether you’re a security leader, auditor, compliance professional, or AI practitioner, you’ll gain practical insights on embedding ISO 42001 requirements into daily AI operations and aligning them with broader enterprise GRC strategies. https://cloudsecurityalliance.org/star/

Internal Audit in the Age of Cloud & AI: Navigating the New Risk Frontier

As organizations accelerate their adoption of cloud and AI technologies, internal audit teams are being pushed into a new era of complexity. In this episode, Cloud Security Alliance’s John DiMaria and Grant Thornton’s Vik Rai unpack the evolving risk landscape across hybrid and multi-cloud environments—and what auditors must do to keep pace. We explore today’s most critical cloud security challenges, including unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows. Listeners will gain practical, actionable guidance on strengthening cloud governance, evaluating security posture, assessing identity and access controls, securing application development, and managing third-party cloud risk. You’ll also hear how frameworks like the CSA Cloud Controls Matrix (CCM) help internal audit teams build scalable, multi-year audit programs that align to modern cloud architectures. https://cloudsecurityalliance.org/star/