Developing an Audit-Ready Security Program presented at FutureConFortLauderdale 2019

by Grant Elliott,

Summary : Security programs need to be continuously measured against industry standards and many security teams persuade themselves they are doing a better job than they are in reality. Just because you are in good shape with your technical controls - do you store your data in AWS? for example - it doesn’t mean that you could pass a security audit. Technical controls are only about 30% of a security audit; most gaps are at the admin or process level. To be truly accountable, you need to bring in an independent third party, who will do a comprehensive audit. In this session we will look at what it means to be audit-ready, how to assign resources so the audit is not a distraction from doing business, and how to get through an audit without breaking the bank.