Learning from MGM’s Mistakes: How a Quality Audit Can Help

by Tori Thurmond / September 15th, 2023

A $33 billion company breached because of a 10-minute phone call, and, according to vx-underground, all the hackers had to do was a simple search on LinkedIn.   You’ve probably heard about the MGM breach that happened earlier this week, but did you know that the attack was a result of social engineering? A notorious hacking group, ALPHV (aka BlackCat), searched one of MGM’s employees on LinkedIn, called MGM’s help desk,…

Using the Online Audit Manager to Complete Multiple Audits

by Abigail Raley / September 5th, 2023

When completing multiple audits, it’s easy to become overwhelmed. You want to make sure that you’re taking the necessary steps to succeed, but you find yourself answering the same questions across multiple audits, using compliance tools that aren’t actually helpful, and working with multiple firms to meet all of your security and compliance needs. You want a quality audit across multiple frameworks, for yourself or your clients’ peace of mind.…

Conducting Incident Response Plan Table Top Exercises

by Tori Thurmond / July 10th, 2023

So, your Incident Response Plan looks good on paper – it’s been mapped, planned, and documented. But has it been tested? Will it actually work? According to the 2022 IBM Cost of a Data Breach Report, organizations that had an incident response (IR) team in place and tested their incident response plan had an average of $2.66 million lower breach cost than organizations without an IR team and that didn't…

Notes from the Field: CIS Control 6 – Access Control Management 

by Greg Halpin / June 22nd, 2023

Greg Halpin continues the Center for Internet Security (CIS) Controls series by discussing the sixth CIS control. To refresh your memory, the CIS Controls are 18 critical information security controls that all organizations and information security professionals should understand and implement to protect their networks, systems, and data from attackers.    The CIS overview for Access Control Management is - Use processes and tools to create, assign, manage, and revoke access…

Notes from the Field: CIS Control 2 – Inventory and Control of Software Assets 

by Greg Halpin / May 5th, 2023

Many of the clients I work with are startup companies that have amazing technologies and services but don't have mature information security programs in place. They often don't know which information security framework to follow or how to implement them. Some frameworks are either too vague or too long and detailed to be useful. That's why I recommend the CIS Controls to my clients to help them get started on…