Auditor Insights: Vulnerability Assessments vs. Penetration Testing

by Sean Rosado / April 5, 2023

Confusion About Vulnerability Assessments and Penetration Testing In my work as a penetration tester, I work with clients who are attempting to meet security and compliance objectives through penetration tests, vulnerability assessments, and other information security-related exercises. What I’ve seen time and time again is organizations who are confused about the difference between vulnerability assessments and penetration testing. I’m passionate about educating our clients on security exercises and determining what…

Who’s Responsible for Cloud Security?

by Sarah Harvey / December 19, 2022

As more and more organizations migrate to the cloud, it drives cloud service customers to consider how the cloud will impact their privacy, security, and compliance. First, cloud service customers must understand how their cloud service provider delivers a secure solution. Second, cloud service customers must consider their new role in cloud security. Some cloud service customers mistakenly believe that when they migrate to the cloud, their cloud security responsibilities…

Auditor Insights: Compliance from the Start

by Shannon Lane / October 11, 2023

Why Don’t Organizations Start with Compliance? At its core, business is a function of time, vision, service, and money. What do we provide? How do we intend to provide it? What takes precedence - the opportunity now or the infrastructure to support things tomorrow? How do we do what we do in a way that makes sense with the resources we have? I’ve found that compliance tends to be one…

How Cloud Computing is Changing Small Business

by Sarah Harvey / December 20, 2022

Is your small business considering migrating to the cloud? Has your large business seen more and more competition from small businesses? Cloud computing is essential for businesses of all sizes, but small businesses have seen an endless amount of benefits from cloud computing, including financial, operational, and security benefits. Let’s discuss how each of these items related to cloud computing is changing small business. Affordable Investment There’s been an enormous…

business people walking

Are You a Data Controller or a Data Processor? (GDPR)

by Mark Hinely / October 11, 2023

The most frequently asked question I’ve received related to GDPR compliance has to do with data processing roles: is my organization a data controller or data processor? Determining your organization’s data role can be challenging because of textual and practical ambiguity, but identifying your role is the starting point for determining which GDPR requirements your organization must follow. The responsibilities of data controllers are different than responsibilities of data processors.…