Conducting Incident Response Plan Table Top Exercises

by Tori Thurmond / July 10, 2023

So, your Incident Response Plan looks good on paper – it’s been mapped, planned, and documented. But has it been tested? Will it actually work? According to the 2022 IBM Cost of a Data Breach Report, organizations that had an incident response (IR) team in place and tested their incident response plan had an average of $2.66 million lower breach cost than organizations without an IR team and that didn't…

Notes from the Field: CIS Control 6 – Access Control Management 

by Greg Halpin / June 22, 2023

Greg Halpin continues the Center for Internet Security (CIS) Controls series by discussing the sixth CIS control. To refresh your memory, the CIS Controls are 18 critical information security controls that all organizations and information security professionals should understand and implement to protect their networks, systems, and data from attackers.    The CIS overview for Access Control Management is - Use processes and tools to create, assign, manage, and revoke access…

Notes from the Field: CIS Control 2 – Inventory and Control of Software Assets 

by Greg Halpin / June 22, 2023

Many of the clients I work with are startup companies that have amazing technologies and services but don't have mature information security programs in place. They often don't know which information security framework to follow or how to implement them. Some frameworks are either too vague or too long and detailed to be useful. That's why I recommend the CIS Controls to my clients to help them get started on…

5 Elements of a Quality Audit

by Tori Thurmond / February 5, 2024

You deserve an audit that accurately reflects the quality of your organization. We know that you deliver quality to your clients every day, and you need to work with an auditing firm that will deliver the same to you. However, knowing exactly what to look for to ensure a quality audit can be overwhelming. With some of the bigger firms claiming to have the best and fastest platform, it can…

Reviewing Your Information Security Program for 2023

by Tori Thurmond / June 15, 2023

2023 may feel like it’s flying by already but there’s still time to make sure your information security program can overcome the current threat landscape. Each year, we often hear a lot of confusion and frustration about frameworks modifying their requirements, the cost of audits rising, the cost of pen tests rising, scopes getting larger, and testing being more difficult. There’s a reason for this – the threats are advancing.…