Auditor Insights Archives

Notes from the Field: Center for Internet Security Control 7 – Continuous Vulnerability Management

by Greg Halpin / July 10, 2023

This is the seventh in a series of posts expert auditor Greg Halpin is writing on the Center for Internet Security (CIS) Controls (Version 8) discussing vulnerability management. As a reminder, the CIS Controls are 18 critical information security controls that all organizations and information security professionals should be familiar with and implement to protect their networks and data. In this post Greg discusses what he sees in his work…

Notes from the Field: CIS Control 6 – Access Control Management

by Greg Halpin / June 22, 2023

Greg Halpin continues the Center for Internet Security (CIS) Controls series by discussing the sixth CIS control. To refresh your memory, the CIS Controls are 18 critical information security controls that all organizations and information security professionals should understand and implement to protect their networks, systems, and data from attackers. The CIS overview for Access Control Management is - Use processes and tools to create, assign, manage, and revoke access…

Notes from the Field: CIS Control 5 – Account Management

by Greg Halpin / June 13, 2023

Continuing the series on the Center for Internet Security (CIS) Controls, auditor Greg Halpin will explore the fifth CIS Control about account management and how he sees his clients implementing these requirements in the field. As a reminder, the CIS controls are 18 information security controls that all organizations and information security professionals should be familiar with and implement to protect their networks from attackers. The CIS overview for Account…

Expert Insight: A Few Quick Tips Regarding Logical Access

by Lorna Willard / June 7, 2023

Data security is often seen as a burden, not a business-driving tactic. However, in today’s world with the proliferation of IT, the internet, the cloud, and risk associated with these systems and data, properly securing your data is essential to the success of your organization. Logical access is a key factor to data security that could easily be neglected, leaving your organization vulnerable to the growing threats of today’s security…

Notes from the Field: CIS Control 4 – Secure Configuration of Enterprise Assets and Software

by Greg Halpin / May 31, 2023

Next up in our series on the Center for Internet Security (CIS) Controls auditor, Greg Halpin will dive into Control 04- Secure Configuration of Enterprise Assets and Software. As a reminder, the CIS Controls are 18 information security controls that all organizations and information security professionals should be familiar with and implement to protect their networks and data from attackers. The CIS overview for Secure Configuration of Enterprise Assets and…

Blog