scw80

Security and Compliance Weekly Episode #80 – July 20, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Your Security Is ALWAYS in Scope, Part 1 – 12:00 PM-12:30 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor’s external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Guest(s)

Joseph Kirkpatrick

Joseph Kirkpatrick – President at KirkpatrickPrice

As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick leads the firm’s specialization in thorough and efficient audits and penetration tests. Joseph has over 25 years of experience in information technology and cybersecurity. He holds CPA, CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

KatValentine

Kat Valentine

@kjvalentine

Compliance Free Agent (Consultant) at Osmosis Security

ScottLyons

Scott Lyons

@Csp3r

CEO at Red Lion

2. Your Security Is ALWAYS in Scope, Part 2 – 12:30 PM-01:00 PM

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor’s external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Guest(s)

Joseph Kirkpatrick

Joseph Kirkpatrick – President at KirkpatrickPrice

As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick leads the firm’s specialization in thorough and efficient audits and penetration tests. Joseph has over 25 years of experience in information technology and cybersecurity. He holds CPA, CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

KatValentine

Kat Valentine

@kjvalentine

Compliance Free Agent (Consultant) at Osmosis Security

ScottLyons

Scott Lyons

@Csp3r

CEO at Red Lion