The 5 Steps of Risk Management

by KirkpatrickPrice / February 26, 2024

Business risks are inevitable: some are chosen deliberately, and others are inherent. Starting a business involves selling products, hiring employees, gathering information, and creating systems. While these steps are crucial for success, they also carry risks. How can a business thrive if it fails to balance risk-taking with risk mitigation? Below, we define and explore the role and steps of risk management. (more…)

How to Complete a PCI Audit in 7 Steps

by Hannah Grace Holladay / February 23, 2024

To protect the security of cardholder data, the PCI Security Standards Council requires organizations that work with payment cards to maintain compliance with the PCI DSS. If you’re an entity that stores, processes, or transmits cardholder data, it’s imperative to regularly conduct a PCI audit to ensure compliance. Below, we will define common PCI requirements and discuss the seven steps of conducting a PCI audit. What Is a PCI Audit?…

Notes from the Field: CIS Control 14 – Security Awareness and Skills Training 

by Greg Halpin / March 7, 2024

Security awareness training is something I see companies doing either very well or not at all. It's unfortunate for the companies that don't do much, as a little training goes a very long way. Security awareness training is an investment that more than pays for itself. The more your employees are trained against potential threats and attacks, the safer your company and customer data. The less trained they are, the…

SOC 2 Type 1 vs Type 2: What’s the Difference?

by Joseph Kirkpatrick / February 14, 2024

What is a SOC 2 Audit? A SOC 2 audit is an audit of a service organization’s non-financial reporting controls as they relate to the Trust Services Criteria – the security, availability, processing integrity, confidentiality, and privacy of a system. A SOC 2 audit report provides user entities with reasonable assurance and peace of mind that the non-financial reporting controls at a service organization are suitably designed, in place, and appropriately…

15 Information Security Policies Every Business Should Have

by Tori Thurmond / February 6, 2024

When a business suffers a data breach or any other information security failure, it’s best practice to launch a root-cause investigation. We want to know what happened, how it happened, and how it could have been prevented. Whatever the ultimate conclusion of the investigation, among the causes, you will usually find either: Inadequate information security policies A failure to properly implement existing information security policies Information security policies are how…