Blog

Notes from the Field: Center for Internet Security Control 7 – Continuous Vulnerability Management

by Greg Halpin / July 10, 2023

This is the seventh in a series of posts expert auditor Greg Halpin is writing on the Center for Internet Security (CIS) Controls (Version 8) discussing vulnerability management. As a reminder, the CIS Controls are 18 critical information security controls that all organizations and information security professionals should be familiar with and implement to protect their networks and data. In this post Greg discusses what he sees in his work…

Logical Access Fundamentals for Enhanced Security: A Webinar Recap

by Tori Thurmond / March 21, 2024

Logical access is an essential aspect of any organization’s security. You need to make sure that the right people have access to what they need but at the same time, you need to prevent unauthorized personnel from accessing sensitive information. Finding the appropriate balance can be difficult and confusing if you’re not working with security experts. That’s why one of our experienced auditors, Ron Hallford, hosted a webinar dedicated to…

Notes from the Field: CIS Control 6 – Access Control Management

by Greg Halpin / June 22, 2023

Greg Halpin continues the Center for Internet Security (CIS) Controls series by discussing the sixth CIS control. To refresh your memory, the CIS Controls are 18 critical information security controls that all organizations and information security professionals should understand and implement to protect their networks, systems, and data from attackers. The CIS overview for Access Control Management is - Use processes and tools to create, assign, manage, and revoke access…

Notes from the Field: CIS Control 5 – Account Management

by Greg Halpin / June 13, 2023

Continuing the series on the Center for Internet Security (CIS) Controls, auditor Greg Halpin will explore the fifth CIS Control about account management and how he sees his clients implementing these requirements in the field. As a reminder, the CIS controls are 18 information security controls that all organizations and information security professionals should be familiar with and implement to protect their networks from attackers. The CIS overview for Account…

Ask an Auditor Anything: Recap of a Live Q&A Session

by Tori Thurmond / March 21, 2024

The truth is that compliance is hard. We know that getting ready for an audit and remaining complainant is a year-round effort that can feel overwhelming. Our clients often ask us what they can be doing to prepare for their next audit, how to stay on top of the ever-evolving industry, and how to tackle new cybersecurity trends. That’s why we decided to host a live Q&A session with our…

Notes from the Field: Center for Internet Security Control 7 – Continuous Vulnerability Management

Logical Access Fundamentals for Enhanced Security: A Webinar Recap

Notes from the Field: CIS Control 6 – Access Control Management

Notes from the Field: CIS Control 5 – Account Management

Ask an Auditor Anything: Recap of a Live Q&A Session

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.