Building an API Risk Management Program for Enterprises

Program for Enterprises.

Workshop/Course Description: Web APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation, etc. Their growing significance can be measured based on the fact that APIs contribute 83% of the Internet traffic today. This growing API usage also means increased cybersecurity risks for enterprises. Given the importance of APIs in digital transformation and the risk they pose to enterprises, it is imperative for Security, Compliance and Audit professionals to better understand various API risks.

In this workshop, we'll identify various risks that originate from enterprise API ecosystems. We’ll then provide an overview of an API Governance framework that effectively manages API risks. This framework is inspired by Software Composition Analysis (SCA) and Zero Trust model. We’ll then highlight the best industry practices and hands-on examples for API Risk Management.

If you have questions before the meeting, please send them to Programs Director, Aaron Smith (programs@isacanashville.org).

Instructor: Dr. Baljeet Malhotra, Founder & CEO of TeejLab

Workshop Schedule:

• Global and Enterprise API Ecosystems
• Classification of API Risks
• Zero Trust Model
• Software Composition Analysis (SCA)
• Account Setup
• Building the API Risk Management Program (I)
• Building the API Risk Management Program (II)
• Conclusions Q&A

*Breaks included

Location/Delivery: Virtual via Zoom. The Zoom Webinar link will be provided automatically after registration.

Prerequisites: None

Program Field of Study: Information Technology

Program Level: Intermediate

Delivery: Group Internet-Based

CPE Credits: Training participants can earn up to 4 CPE in Information Technology fields of study

The Middle Tennessee Chapter of ISACA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.

Refunds and Cancellations: Cancellations will be refunded less a $20 processing fee and the cost of the manual (if already shipped/emailed). Cancellations must be made via email to Roger Brotz at certification@isacanashville.org by the close of business Thursday, January 19th. See the Chapter website for complete details on the Chapter's event policies.

Chapter Event Policy: See the Chapter website for complete details on the Chapter's event policies.

Speaker Bios:

Dr. Baljeet Malhotra

Dr. Baljeet Malhotra is an award-winning researcher known for his work in Open Source and API Risk Management. He conceived the world's first "API Composition Analysis" based on source code static analysis. He founded TeejLab in 2017 and steered the team to build API Discovery and Security™, world's first comprehensive end-to-end API Risk Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys). He also served as Research Director at SAP. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC.

past_events