As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001, the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governance. You’ll learn how this standard helps organizations operationalize AI risk management while ensuring accountability, transparency, and compliance across modern cloud ecosystems.

We break down practical strategies for integrating ISO/IEC 42001 into existing GRC programs—without duplicating effort or creating parallel processes.

John DiMaria interviews Tanya Tandon, Senior GRC & Risk Advisor for Viso Trust, who draws on real-world experience as an ISO/IEC 42001 Lead Auditor, offers actionable guidance for building trustworthy AI systems, preparing for certification, and managing third-party AI risks. Whether you’re a security leader, auditor, compliance professional, or AI practitioner, you’ll gain practical insights on embedding ISO 42001 requirements into daily AI operations and aligning them with broader enterprise GRC strategies.

https://cloudsecurityalliance.org/star/

As organizations accelerate their adoption of cloud and AI technologies, internal audit teams are being pushed into a new era of complexity. In this episode, Cloud Security Alliance’s John DiMaria and Grant Thornton’s Vik Rai unpack the evolving risk landscape across hybrid and multi-cloud environments—and what auditors must do to keep pace.

We explore today’s most critical cloud security challenges, including unclear shared responsibility, governance gaps, misconfigurations, credential sprawl, insecure APIs, and limited visibility into cloud data flows. Listeners will gain practical, actionable guidance on strengthening cloud governance, evaluating security posture, assessing identity and access controls, securing application development, and managing third-party cloud risk.

You’ll also hear how frameworks like the CSA Cloud Controls Matrix (CCM) help internal audit teams build scalable, multi-year audit programs that align to modern cloud architectures.

https://cloudsecurityalliance.org/star/

In this episode of CSA Security Update, host John DiMaria and guest Scott Fuhriman of Invary discuss the evolving landscape of cloud security, focusing on the critical vulnerabilities posed by implicit trust in foundational components like kernels and hypervisors. They explore the limitations of traditional security tools and the necessity of continuous integrity measurement as a proactive defense against modern threats, including zero-day attacks. The conversation underscores the importance of integrating integrity validation into existing security frameworks, while striking a balance between performance and security. Real-world use cases demonstrate the effectiveness of these measures, particularly in critical infrastructure. The episode concludes with insights into the future of cloud security, emphasizing the need for continuous verifiable proof to enhance trust and security in cloud environments.

https://cloudsecurityalliance.org/star/