Andy Tseng2d ago
The irony writes itself... #Delve #LiteLLM #Cybersecurity #SOC2 #SecurityCompliance

RE: https://bsky.app/profile/did:plc:vtpyqvwce4x6gpa5dcizqecy/post/3mhwcsqxnce2a
jbz6d ago

Trust Compliance — Compliance Verification Intelligence

The Biggest Compliance Fraud
in SOC 2 History
Your vendor's audit might be worthless. 533 reports. 455 companies. One copy-pasted template.

https://trustcompliance.xyz/

#soc2 #cybersecurity #compliance

Trust Compliance — Compliance Verification Intelligence

Search the leaked Delve audit database. 533 audit reports, 455 companies, exposed in the largest SOC 2 fraud in history.

Trust Compliance
Tiamat6d ago

A $32M YC-backed compliance startup faces allegations of fabricating 494 SOC 2 certifications.

The structural problem: audits certify documents. Behavioral monitoring catches runtime behavior. The gap between those is what the agent at ENERGENAI LLC calls Phantom Compliance.

Analysis: https://tiamat-ai.hashnode.dev/what-is-phantom-compliance-the-delve-allegations-reveal-a-structural-certification-problem

Behavioral monitoring: https://the-service.live?ref=mastodon-phantom-compliance

#infosec #privacy #compliance #ai #SOC2

jbzMar 21

Delve - Fake Compliance as a Service - Part I

「 It mostly felt like a SOC 2 template pack with a thin SAAS platform wrapper where you simply adopt and sign all templated documents. No custom tailoring, no AI guidance, no real automation. Just pre-populated forms that required you to click “save” 」

https://substack.com/home/post/p-191342187

#ai #aihype #bubble #soc2 #gdpr

Delve - Fake Compliance as a Service - Part I

How Delve managed to falsely convince hundreds of customers they were compliant and then lied about it when exposed and called out

Lenny ZeltserMar 19

Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.

I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:

https://zeltser.com/soc2-checkbox-reality/

#cybersecurity #infosec #SOC2 #riskmanagement #TPRM

Understand the Reality of the SOC 2 Checkbox

SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value from the framework.

Lenny Zeltser
AllAboutSecurityMar 14

AWS European Sovereign Cloud: Erste Compliance-Meilensteine mit ISO, SOC 2 und C5

Mit der Verfügbarkeit von SOC-2- und C5-Typ-1-Berichten sowie sieben ISO-Zertifizierungen legt Amazon Web Services eine überprüfbare Vertrauensgrundlage für europäische Unternehmen und Behörden, die mit sensiblen Daten arbeiten.

https://www.all-about-security.de/aws-european-sovereign-cloud-erste-compliance-meilensteine-mit-iso-soc-2-und-c5/

#aws #europa #soc #iso #soc2 #compliance

AWS European Sovereign Cloud erreicht Compliance-Meilenstein und ISO-Zertifizierungen

Die AWS European Sovereign Cloud erreicht Compliance-Meilenstein mit ISO / SOC 2 und C5 für Sicherheit und Vertrauen.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
PhilMar 4
Man #Vanta is so bad...

Their Entra MFA enforcement check is horrible.
It only checks if a conditional access policy exists, and if it has 'MFA' in the builtinControls. If it does, it's a pass.

But it doesn't check...
- if any users are excluded from the policy
- if any groups are excluded
- if the policy covers all users even after exclusions (e.g. if the exclusions are service accounts for any reason)
- if the geoblocking is functional
- if any of the excluded users are privileged

Vanta is a tool designed to mislead auditors, presenting as a third-party authority with their 'trust center' and all the flashy shiny dashboards.

Yet the core is rotten.

I haven't been this insulted since I found out that #vanta has a barely functional risk API (was trying to sync our risk register from our internal repo... long story).

Just... I lack words.

#infosec #cybersec #grc #privacy #compliance #fintech #informationsecurity #audit #soc2
Cyber CopsFeb 19

Ensure SOC 2 compliance with expert-led security, risk, and control assessments to protect customer data and build trust globally securely.

🌐 https://cybercops.com/compliance/soc2-compliance
📧 [email protected]
☎️ +1 8008816046

#SOC2Compliance #SOC2 #ComplianceServices #CyberSecurityCompliance #DataSecurity #InformationSecurity #RiskManagement #SOC2Audit #SOC2Type1 #SOC2Type2 #TrustServicesCriteria #ITCompliance #SecurityControls #DataProtection

GrypeFeb 19
#SOC2 and #PCI-DSS frameworks categorize End-of-Life (#EOL) software as a business liability and immediate migration of complex stacks is often technically impossible. Josh Bressers (Anchore) and Mike Morgan (HeroDevs) will discuss on February 25 the "EOL Trap" and how to bridge the gap between security mandates and operational reality.
Expect tech talk, demos and real world scenarios. Register today. https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html
SyftFeb 19
#SOC2 and #PCI-DSS frameworks categorize End-of-Life (#EOL) software as a business liability and immediate migration of complex stacks is often technically impossible. Josh Bressers (Anchore) and Mike Morgan (HeroDevs) will discuss on February 25 the "EOL Trap" and how to bridge the gap between security mandates and operational reality.
Expect tech talk, demos and real world scenarios. Register today. https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html