My topic is "Continuous Security Validation" which, if implemented right, can really help an organization stress-test its cyber security stance and make corrections before it's too late.
Continuous Security Validation is a more comprehensive approach than traditional control testing, because it allows an organization (think of internal red teams) to take an attacker's point of view and simulate cyber attacks using various real-life scenarios. Key parameters of this approach include the following:
In advance of the GRC Conference, ISACA asked me to write a short post for the ISACA Now Blog. Feel free to check it out if you're interested in learning more about Continuous Security Validation. The post provides a basic overview of this somewhat newer concept. I am planning on going deeper in my session.
Of course, it'd be great if you could drop by my session in case you're attending this conference.
Cheers,
Berk
