Blog

7 Reasons Why You Need a Manual Penetration Test

by Sarah Harvey / December 16, 2022

Undergoing a penetration test can be a lengthy process. But pen testing - especially manual penetration testing - can save your organization hundreds of hours and thousands of dollars in the long run. Automated scanners can seem more cost-effective upfront, but they often don't cover the same depth of scope that manual security testing can. Here are 7 reasons why your organization should consider undergoing a manual security and penetration…

Getting the Most Out of Your Information Security and Cybersecurity Programs in 2019

by Sarah Harvey / June 15, 2023

As organizations plan their information security and cybersecurity efforts for 2019, we often hear a lot of confusion and frustration about things like frameworks modifying their requirements, the cost of audits and assessments rising, scopes getting bigger, and testing seeming to get more difficult. The threats will do nothing but persist in 2019. You need to do more to protect your organization. When prices or scope or frequency increases, here’s…

SOC 2 Academy: How Fraud Can Impact Risk

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.3 When a service organization undergoes a SOC 2 audit, auditors will be looking to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.3 (CC3.3) states, “The entity considers the potential for fraud in assessing risks to the achievement of objectives.” This means that organizations must consider how fraud can impact risk. What does an organization need…

SOC 2 Academy: Risks from Business Partners

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 While organizations must consider the risks to their operations, finances, and reputation caused by threats inside their organization, they must also consider outside risks from business partners and third-party vendors. During a SOC 2 audit, organizations will have to demonstrate that they consider the risks from business partners and third-party vendors in order to comply with the SOC 2 common criteria 3.2, which states, “The entity identifies…

SOC 2 Academy: Assessing the Significance of Risks

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 3.2 During a SOC 2 audit, auditors will validate that organizations comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 3.2 states, “The entity identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed." When an auditor is assessing an organization’s compliance with this, they will observe…

7 Reasons Why You Need a Manual Penetration Test

Getting the Most Out of Your Information Security and Cybersecurity Programs in 2019

SOC 2 Academy: How Fraud Can Impact Risk

SOC 2 Academy: Risks from Business Partners

SOC 2 Academy: Assessing the Significance of Risks

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.