Compliance

Your Security Is ALWAYS in Scope, Part 2 – Joseph Kirkpatrick – SCW #80

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Full episode and show notes

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Joseph Kirkpatrick
Joseph Kirkpatrick
President at KirkpatrickPrice

As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick leads the firm’s specialization in thorough and efficient audits and penetration tests. Joseph has over 25 years of experience in information technology and cybersecurity. He holds CPA, CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.

Hosts

Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Kat Valentine
Kat Valentine
Compliance Free Agent (Consultant) at Osmosis Security
Scott Lyons
Scott Lyons
CEO at Red Lion
prestitial ad