Search IANS

This document breaks down how organizations like yours should approach Data Inentory and Mapping by creating an accurate, up‑to‑date view of what data exists; how it moves; and who processes it across systems, products and services.

This Principle underscores that maintaining data inventories and flow maps is essential for identifying and managing privacy‑related security risks. This visibility enables teams to meet obligations like RoPA, DSARs and vendor oversight while enforcing governance and lifecycle controls.

AI-driven automation is rapidly changing expectations for security leaders, but many security organizations are still built around workflows, staffing models, and operating assumptions from a pre-AI era. As CISOs seek to improve execution, reduce operational burden, and augment decision-making with AI, they must also rethink how their teams are structured, staffed, and developed.

AI is turning into an existential crisis for many security tool vendors, with some seeing their stock price plummet with the advent of Claude and other AI tools. How does (and should) AI impact security teams’ build-vs-buy decisions? As more organizations turn to AI and vibe-coding to build their own internal toolsets, where should they start and what should they watch for?

This AAE Call Summary outlines how to build and execute an AI security program with the frameworks, visibility, and controls needed to manage risk at scale.

As organizations accelerate adoption of Microsoft Copilot agents, security leaders must balance innovation with risk. 

As organizations adopt AI agents and MCP, security teams are challenged to enable these emerging technologies while still managing the risk. In this session, IANS Faculty Aaron Turner and CSA Chief Analyst Rich Mogull share practical reference patterns for multi-platform security architectures and compensating controls that protect sensitive data, maintain operational visibility and manage risk across increasingly complex AI workflows.

Download a summary version of IANS’ 2026 Small and Mid-Market Cybersecurity Talent Report

Rich is the Chief Analyst at the Cloud Security Alliance where he focuses on leading-edge cloud and AI security research and implementation. He has over 25 years of security experience, with over 15 years of focusing on cloud and emerging technologies. Prior to joining the CSA full time Rich frequently collaborated with CSA as the principle course designer of the CCSK training class, primary author of the Guidance, and developer of the Cloud Security Maturity Model, among other projects. As Researcher and CEO of Securosis, RIch taught cloud security and incident response at Black Hat for over 10 years, developed the free Cloud Security Lab a Week (CloudSLAW) project, and actively works on developing hands-on cloud security techniques. Rich also founded DisruptOps, a cloud security startup acquired by FireMon where he became the SVP of Cloud Security. Prior to founding Securosis and DisruptOps, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).

The Model Context Protocol (MCP), an open standard defining how AI assistants connect to external data sources and tools, is becoming vital infrastructure for generative and agentic AI applications. As organizations rapidly adopt these capabilities while managing risks, this symposium helps security leaders understand MCP's architecture, why vendors are quickly developing MCP servers, and the security risks of connecting AI systems to enterprise resources. We also explore how AI Security Posture Management (AI-SPM) tools are evolving to address these challenges and provide practical frameworks for managing MCP-enabled AI deployments.