by
Joseph Kirkpatrick / February 7, 2023
What is an Assertion? One of the things that management must provide to the auditor as part of a SOC 1 engagement is an assertion. What does that mean? What is an assertion? In our everyday life, an assertion is a confident statement of fact or belief. In the world of auditing, assertions are still confident statements of fact or belief, but with a twist. Assertions are claims made by…
by
Sarah Harvey / December 19, 2022
Last month, researchers discovered a new weakness found in the WPA2 protocol (Wi-Fi Protected Access 2), the security method which protects all modern Wi-Fi networks, known as the KRACK security flaw. Although there is no evidence at this time that the KRACK vulnerability was maliciously exploited, this still raises many concerns for both personal and enterprise wireless devices. What is the KRACK Security Flaw? The KRACK security flaw, which stands…
by
Sarah Harvey / February 7, 2023
Critical Documentation You hear us repeat it over and over again: if it’s not written down, it’s not happening. Documentation is a critical component of any organization. Policies and procedures are vital to your business operability, business continuity, consistency within your organization, training new employees, controlling risk, meeting regulatory compliance requirements, meeting client requirements, and so much more. Policies and procedures demonstrate how you conduct your business. What is a…
by
Sarah Harvey / June 15, 2023
Regardless of the size of your business or the industry you’re in, an information security program is a critical component of any organization. A good information security program consists of a comprehensive set of information security policies and procedures, which is the cornerstone to any security initiative in your organization. Whether you’re responsible for protected health information (PHI), personally identifiable information (PII), or any other proprietary information, having a fully…
by
Sarah Harvey / June 13, 2023
We find that most organizations tend to focus on becoming compliant rather than being secure. And while meeting client requirements and industry regulations is very important, it does not necessarily guarantee that your organization is secure. If your entire information security program is based on “What must we do to be compliant?”, you’re probably missing some major holes in your security infrastructure. So, what is the key to finding the…
