Compliance

Constantly Frustrated – SCW #80

This week, we welcome Joseph Kirkpatrick, President at KirkpatrickPrice, to talk about Your Security Is ALWAYS in Scope!

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Your Security Is ALWAYS in Scope, Part 1 – Joseph Kirkpatrick – SCW #80

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Joseph Kirkpatrick
Joseph Kirkpatrick
President at KirkpatrickPrice

As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick leads the firm’s specialization in thorough and efficient audits and penetration tests. Joseph has over 25 years of experience in information technology and cybersecurity. He holds CPA, CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.

Hosts

Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Kat Valentine
Kat Valentine
Compliance Free Agent (Consultant) at Osmosis Security
Scott Lyons
Scott Lyons
CEO at Red Lion

2. Your Security Is ALWAYS in Scope, Part 2 – Joseph Kirkpatrick – SCW #80

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Joseph Kirkpatrick
Joseph Kirkpatrick
President at KirkpatrickPrice

As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick leads the firm’s specialization in thorough and efficient audits and penetration tests. Joseph has over 25 years of experience in information technology and cybersecurity. He holds CPA, CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.

Hosts

Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Kat Valentine
Kat Valentine
Compliance Free Agent (Consultant) at Osmosis Security
Scott Lyons
Scott Lyons
CEO at Red Lion
prestitial ad