What You Need to Know About OSSTMM

by Hannah Grace Holladay / December 21, 2023

What is the Open Source Security Testing Methodology Manual (OSSTMM)? The Open Source Security Testing Methodology Manual, or OSSTMM, is a peer-reviewed methodology for security testing, maintained by the Institute for Security and Open Methodologies (ISECOM). The manual is updated every six months or so, to remain relevant to the current state of security testing. ISECOM's main goal with the OSSTMM is to offer a scientific method for accurately understanding…

The Top 5 Reasons Why an Internal Audit is Important

by Hannah Grace Holladay / December 20, 2023

People often ask: is an internal audit necessary? What if we're a smaller organization, should we be spending our already limited resources on an internal audit program? If your clients depend on you to provide efficient, compliant, and secure services, then the answer is a resounding "yes". Internal auditing is an important function of any information security and compliance program and is a valuable tool for effectively and appropriately managing…

Getting Executives on Board with Information Security Needs

by Hannah Grace Holladay / December 19, 2023

One of the most challenging parts of an audit can be getting the support you need to do it right. For any information security audit, assessment, or testing that our firm performs, it’s incredibly important that C-level executives and stakeholders understand and support the organization’s information security needs. Without their support, how can any policies or procedures be implemented? Who will approve funding? Who will assist in building an information…

The Ultimate SOC 2 Compliance Checklist

by Hannah Grace Holladay / January 8, 2024

Starting a SOC 2 audit can be overwhelming.  You know you need a SOC 2 audit, but don’t know what to expect or how to get started. The SOC 2 Compliance Checklist below will prepare you for what your auditors look for and how to confidently begin your SOC 2 compliance journey. What is a SOC 2 Compliance Audit? A SOC 2 audit attests that the system or service you…

Notes from the Field: CIS Control 13 – Network Monitoring and Defense

by Greg Halpin / December 15, 2023

“How would you know if your network or systems have been compromised?” That’s the question I often ask clients when discussing their networking monitoring and defense tools. An IT manager of a small company I worked with recently was honest and said he wasn’t sure. He was so busy putting out different fires every day, he didn’t know where to begin. The IT team consisted of four people, and he…