The ITSM Practice: Elevating ITSM and IT Security Knowledge

Fintech leaders: stop defaulting to ISO 42001. Discover how FINOS empowers you to design scalable, audit-ready AI governance before regulation forces your hand. Learn to align controls, reduce risk, and build governance by design—not by pressure.

In this episode, we answer to:
What makes FINOS a powerful alternative to ISO 42001?
How can fintechs design governance before audits hit?
Why does governance fail without alignment?

Resources Mentioned in this Episode:
FINOS website, article "AI Strategic initiative series: Building an AI Governance Framework - Key Takeaways from the NYC Workshop", link https://www.finos.org/blog/building-an-ai-governance-framework-key-takeaways-from-the-nyc-workshop

FINOS website, article "FINOS AI Governance Framework v1.0 — Turning Drafts into Deployable Guardrails", link https://www.finos.org/blog/finos-ai-governance-framework-v1.0-turning-drafts-into-deployable-guardrails

Air Governance website, article "A heuristic approach to identifying GenAI risks", link https://air-governance-framework.finos.org/heuristic-assessment.html

Air Governance website, article "FINOS AI Governance Framework", link https://air-governance-framework.finos.org

GitHub website, repo "finos/ai-governance-framework - Public", link https://github.com/finos/ai-governance-framework

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

A single question can expose a major cloud risk: who is responsible? This episode breaks down the cloud shared responsibility model, revealing how unclear ownership, misconfigurations, and weak governance lead to data breaches, and how ISO/IEC 27017 helps close the gaps.

In this episode, we answer to:
Who is really accountable for cloud security failures?
Why do misconfigurations cause most cloud data breaches?
How does ISO/IEC 27017 strengthen cloud security governance?

Resources Mentioned in this Episode:
ISO Standards website, standard ISO/IEC 27017:2015, link https://www.iso.org/standard/43757.html

Vanta website, article "The ultimate guide to ISO 27017", link https://www.vanta.com/collection/iso-27001/guide-to-iso-27017

Microsoft website, article "ISO/IEC 27017:2015", link https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27017

Safeshield website, article "Why should SaaS companies comply with the ISO/IEC 27017 security standard for cloud service providers (CSP)", link https://www.safeshield.cloud/why-should-saas-companies-comply-with-the-iso-27017-security-standard-for-cloud-service-providers-csp

NordLayer website, article "ISO 27017: cloud protection essentials", link https://nordlayer.com/learn/iso/iso-27017/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

Most organisations manage only build and operate, ignoring growth, where security risk explodes. Luigi Ferri reveals how CISOs miss the most critical phase, where scaling, DevOps, and rapid decisions create hidden security debt. This episode challenges leaders to shift from reactive controls to full product lifecycle governance before risk turns into incidents.

In this episode, we answer to:
Why is product growth the most dangerous phase for cybersecurity risk?
Are CISOs governing product lifecycle or just reacting to failures?
How does DevOps accelerate delivery but weaken security accountability?

Resources Mentioned in this Episode:
Advisera website, article "ISO 27001 control 8.25 Secure development life cycle", link https://advisera.com/iso27001/control-8-25-secure-development-life-cycle/

Ikarus website, article "Security by Design", link https://www.ikarussecurity.com/en/security-news-en/security-by-design-cybersecurity-throughout-the-product-life-cycle/

Netguru website, article "SaaS Development Life Cycle: Key Stages & Best Practices", link https://www.netguru.com/blog/saas-development-life-cycle

DevOps by Techstrong Group website, article "DevSecOps: Integrating Security Into the DevOps Lifecycle", link https://devops.com/devsecops-integrating-security-into-the-devops-lifecycle/

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

ITIL 5 exposes a critical ITSM flaw: Service Owners held accountable without authority. Discover how broken governance, security vs delivery conflicts, and unclear decision rights undermine outcomes. Learn why real accountability starts before operations, and how to redesign Enterprise Service Management for true leadership.

In this episode, we answer to:
Why are Service Owners accountable but not empowered in ITIL 5?
How does the security vs delivery tension reveal weak ITSM governance?

Resources Mentioned in this Episode:
PeopleCert website, article "Understanding the evolution of ITIL", link https://www.peoplecert.org/news-and-announcements/itil-version-5-explained

Learning Tree International website, article "ITIL® (Version 5) Has Arrived", link https://www.learningtree.com/blog/itil-5-launch-what-you-need-to-know/

Agile PM Hub website, article "ITIL® 5 Is Here: What’s New and Why It Matters", link https://agilepmhub.com/blog/itil-version-5-whats-new-and-why-it-matters

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya

PSD3 is reshaping payments security, moving beyond PSD2’s access model to address fraud, scams and trust abuse. This episode explains why strong authentication is no longer enough, how APIs become critical to trust, and what banks and fintechs must change to stay secure, compliant and resilient.

In this episode, we answer to:
What makes PSD3 fundamentally different from PSD2 in payments security?
Is strong customer authentication enough to stop modern fraud?
How do APIs influence trust, performance and security under PSD3?

Resources Mentioned in this Episode:
Stripe website, article "What platforms and marketplaces can expect from PSD3", link https://stripe.com/guides/what-platforms-and-marketplaces-can-expect-from-psd3

Trustbuilder website, article "From PSD2 to PSD3: What’s Changing in the Future of Payments in Europe", link https://www.trustbuilder.com/en/psd2-psd3-directive-future-payments-europe/

Deloitte website, article "Shedding light on PSD3/PSR", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/perspectives/shedding-light-on-psd3-psr.html

Schoenherr website, article "The EU's new Payments Services Package", link https://www.schoenherr.eu/content/the-eu-s-new-payments-services-package

European Payments Council, article "What do the PSD3 and PSR mean for the payments sector", link https://www.europeanpaymentscouncil.eu/news-insights/insight/what-do-psd3-and-psr-mean-payments-sector

Connect with me on:
LinkedIn: https://www.linkedin.com/in/theitsmpractice/
Website: http://www.theitsmpractice.com
And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:
Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya