Скачать или смотреть 04-17-2021 SOC2 Audit Preparation with Michael Brown

SOC2 Audit Preparation
As companies are more and more relying upon third-party vendors to run their business and provide services to their customers & clients, the concern about these vendors has increased. We rely upon them to host our data, rely upon the systems and services they provide (from Office 365 to various cloud services), and more. If something goes wrong with a vendor, you can be impacted, maybe put out of business.
And something that used more and more in this space are the SOC reports: SOC 1, 2, 3 and more. In particular the SOC 2 report. But what IS this SOC 2 report? What does it contain, how do you as an infosec professional put it to use? And what do you do if your employer says YOU need to get one for the company?
In this presentation, you’ll learn what the AICPA’s suite of SOC reports are all about. What is contained within a SOC 2 report and how to understand it.
Then how can you use it as a tool for vendor management.
And just as important, what does it take to prepare a company for a SOC 2 assessment, at least for those involved in information security?

Bio:
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, ISSA Fellow, has been involved with IT for over 20 years, more than half in information security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant working with clients to implement information security management systems as well as performing security risk assessments, gap analysis, developing policies and procedures, and more. He served as a virtual CISO for some clients. In this role he has helped some of his clients obtain SOC 2 reports. He now is Security and Compliance Manager for Trapollo. His research interests include IT/Security frameworks and compliance, the Internet of Things, and infosec maturity models.