Your Security Is ALWAYS in Scope, Part 2 – Joseph Kirkpatrick – #SCW80
Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor’s external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.