Cost: ISACA Member $10 / Non-Member $15.00
CPE: Minimum 2
This workshop will provide an overview of an API Governance framework to manage API security and legal risks. This framework is inspired by the Zero Trust model that enterprises can adopt for effective API Risk Management. We’ll highlight best practices, both manual and automated, with
relevant tool recommendations. Participants will have an opportunity to exercise use case(s) using these tools.
APIs are software glue that connect our digital world driven by AI/ML, IoT and other applications. APIs impact organizations both positively (through innovations, new business models, competitive differentiation, etc.) and negatively (due to security, business disruptions, legal and compliance issues etc.). These impacts are compounding with evolving APIs within enterprises and globally. Gartner has already predicted 90% of attacks on web applications come from exposed APIs resulting in data breaches. Given the importance of APIs for enterprises, it is imperative for Security, Compliance and Audit professionals to get a handle on APIs before
things get out of control.
Workshop Details/Agenda
• 15 mins: Global and Enterprise API Ecosystems
• 15 mins: Classification of API Risks
• 25 mins: Zero Trust Model
• 5 mins: {Break}
• 25 mins: Software Composition Analysis (SCA)
• 25 mins: Building an API Risk Management Program
• 10 mins: Conclusions Q&A