If you're anything like me (which I hope you're not), or let's say if you're anything like my mind, you spend 75% of your time overthinking. You reach for the closest pen and paper to write down a thought before it becomes obsolete, or you'll write it down in some app on your phone. My brain will jump from baking cookies to, "I really need to learn sign language", to "I need to read the next chapter of 'Modern Cybersecurity, Tales from the Near Distant Future'", all in the span of two seconds. Then one ... two ... poof! My brain hits eject and I'm back to reality questioning what I was doing.
Situations will arise in which those notes could benefit me, but because my thoughts weren't housed in one place, I spent an excessive amount of time locating the information. This could be bothersome, but over the years I've learned to organize my thoughts in a more practical manner.
All this brings me to the point of the importance of proper documentation methods. New regulations around security and data privacy are constantly being implemented to manage ongoing cyber threats. These regulations have led to frameworks such as SOC 2 and NIST, which require companies to provide evidence that their policies and processes are in compliance with its requirements.
The Problem with Providing Audit Evidence of Meetings
Auditors will always want to see evidence of meetings as part of audit evidence for any framework, from PCI DSS to ISO 27001 to SOC 2. Each audit framework requires a set of meetings - like, most frameworks require regular security meetings, ISO requires executive leadership meetings, and PCI DSS requires a "charter meeting."
Without this work-around, it's time consuming to provide this evidence to auditors, forcing you to go through the team's Google calendar and take a million screenshots.
Jasmine Henry was a pretty decent JupiterOne user before she worked here, but she didn't know about a work-around the J1 team uses for managing evidence. Between screenshots of Google calendar, confluence pages with meeting agendas, and zoom screenshots, she spent as much as 12 hours gathering meeting evidence for auditors in order to 'prove' the list of who attended.
How to Provide Meeting Evidence as Code
The JupiterOne security team manages evidence of meetings by creating and storing the evidence as code. We do this by submitting meeting notes as an update to a markdown document and then merging using a pull request on Github. One approving review from a meeting attendee is needed to merge the pull request into the security meeting main branch. Doing this creates searchable artifacts in JupiterOne of our weekly meetings, along with a timestamp of when updates occur.
This streamlined approach makes it easier to track and manage evidence for security assessments and regulatory audits. It's a clever tactic that has proved beneficial in many ways.
As an example, here is an overview of our Github security tracking repository:
The security team member who is currently on-call is responsible for taking notes and for creating a PR in GitHub.
One approving review from a team member is needed to merge the pull request into the main branch.
How to Retrieve Meeting Evidence Via JupiterOne
Here is a screenshot, using JupiterOne to search for meeting evidence - both the query you type in, and the results.
Results:
Conclusion
This is an approach that can be used for nearly ANYTHING that JupiterOne can ingest. Even if JupiterOne doesn't have an integration to automatically pull metadata from a certain data source (like GitHub), users can still use the API to put entities to the graph for custom data sets that they want to be searchable.
Theoretically, all evidence necessary to complete any audit should be consumable and able to be represented in the graph, and that makes it a one-stop shop for compliance, reducing work hours, complexity, and increasing the confidence of auditors in your adherence to standards, policies, and controls.
Want to take things one step further? Learn how to automate some of these steps in this blog.
