Notes from the Field: CIS Control 14 – Security Awareness and Skills Training 

by Greg Halpin / March 7, 2024

Security awareness training is something I see companies doing either very well or not at all. It's unfortunate for the companies that don't do much, as a little training goes a very long way. Security awareness training is an investment that more than pays for itself. The more your employees are trained against potential threats and attacks, the safer your company and customer data. The less trained they are, the…

SOC 2 Type 1 vs Type 2: What’s the Difference?

by Joseph Kirkpatrick / February 14, 2024

What is a SOC 2 Audit? A SOC 2 audit is an audit of a service organization’s non-financial reporting controls as they relate to the Trust Services Criteria – the security, availability, processing integrity, confidentiality, and privacy of a system. A SOC 2 audit report provides user entities with reasonable assurance and peace of mind that the non-financial reporting controls at a service organization are suitably designed, in place, and appropriately…

15 Information Security Policies Every Business Should Have

by Tori Thurmond / February 6, 2024

When a business suffers a data breach or any other information security failure, it’s best practice to launch a root-cause investigation. We want to know what happened, how it happened, and how it could have been prevented. Whatever the ultimate conclusion of the investigation, among the causes, you will usually find either: Inadequate information security policies A failure to properly implement existing information security policies Information security policies are how…

SOC 1 Type 1 vs Type 2: What’s the Difference?

by Joseph Kirkpatrick / February 5, 2024

You know you need to complete a SOC 1 audit but aren't sure if you need a SOC 1 Type I or a SOC 1 Type II. What sets them apart and which makes the most sense for your organization's needs? Don't let the complexities of SOC reports overwhelm you! Below, we explore the importance of a SOC 1 audit report and compare the SOC 1 Type I vs Type…

Understanding the 3 FISMA Compliance Levels: Low, Moderate, and High

by Tori Thurmond / January 31, 2024

What is FISMA? The Federal Information Security Management Act (FISMA) is a piece of United States legislation, enacted as part of the Electronic Government Act of 2002. FISMA’s intent is to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. FISMA is the law; NIST Special Publication 800-53, Security Controls for Federal Information Systems and Organizations, is the standard that…