Explore the intricacies of SOC 2 audits in this informative 46-minute conference talk from BSidesLV 2021. Delve into the different types of SOC 2 audits, their importance for organizations, and the distinction between audits and assessments. Learn about the SOC 2 rules, including availability, confidentiality, and privacy principles, as well as the Trust Services Criteria. Gain insights into example controls, such as policies, access control, security basics, patching updates, risk management, and security incidents. Compare SOC 2 audits with SOC 1 audits, and understand the scope and reporting process of SOC 2 audits. Discover what to look for in SOC 2 controls, explore GRC platforms and automation tools, and get a glimpse into the future of SOC 2 compliance. Perfect for security professionals and those interested in understanding the complexities of security audits and compliance.
Overview
Syllabus
Intro
Welcome
What are SOC 2 audits
Types of SOC 2 audits
Why undergo a security audit
Audits vs Assessments
SOC 2 Rules
Availability
Confidentiality
Privacy Principle
Trust Services Criteria
Example Controls
Policies
access control
Security basics
Patching updates
Risk management
Security incidents
SOC 2 Audit
SOC 1 Audit
SOC 2 Audit Scope
Audit Report
QA
Scope
Data Mapping
Audit Firm
What do I look for
SOC 2 Controls
GRC Platforms
Automation
Google Docs
CICD
A Recruiting Ad
Future of SOC 2
Thanks Wendy
Taught by
BSidesLV
