Big Reputation: How Vulnerability Management Could Save Your Rep

by Hannah Grace Holladay / November 13, 2023

Can I ask you a Question…? Does your organization have a vulnerability management program in place? Do you trust that it’s strong enough to protect what is most important to you? Have you ever thought about what Taylor Swift could teach you about security best practices? Musical superstar Taylor Swift is appearing in all corners of the internet recently. Whether you or someone you know managed to snag tickets to…

The Keys to a Successful Audit

by Tori Thurmond / January 10, 2024

An auditor can be seen as a nit-picky, negative, overly involved outsider coming into your environment, asking questions and looking for any control that’s insufficient. This mindset causes organizations to fear auditing and auditors, when in reality, an audit is a healthy habit and auditors are trained to help you better understand and protect your assets. Audits don’t need to be so intimidating. Instead, a successful, quality audit should include…

Auditor Insights: Where to Start with GDPR Compliance

by Mark Hinely / February 7, 2024

As GDPR becomes a more and more prevalent data privacy law, we want to give organizations four actions to start with when working towards GDPR compliance. These areas should help organizations understand what kind of personal data of data subjects that they have, where it goes, and what role (data controller or data processor) they fit into under GDPR. I chose the areas of data mapping, contract management, documentation review,…

Notes from the Field: Center for Internet Security Control 11 – Data Recovery 

by Greg Halpin / October 30, 2023

The client I was working with had undergone a management shakeup over the previous year. The CIO left and was replaced by someone who brought in several new managers. The result was a lot of IT and DevOps staff turnover. Many skilled staff who knew how everything worked at the company left amid the uncertainty. There were not enough senior people left to train all of the new hires. Without…

The Bleach Breach: How a Quality SOC 2 Audit Could Have Helped Clorox

by Tori Thurmond / October 12, 2023

Another day, another breach. There have been quite a few cybersecurity events breaking the news involving major companies lately—one of the notable events involving Clorox.   Back in August, the multibillion-dollar corporation discovered unauthorized activity in some of their IT systems. The organization enabled their business continuity plan (BCP), but was forced into processes that affected their production capacity. The product shortages resulted in the organization losing money each and every…