Notes from the Field: CIS Control 3 – Data Protection

by Greg Halpin / May 19, 2023

Your data is one of the most valuable aspects of your organization.  Are you protecting it properly? Continuing our series on the Center for Internet Security (CIS) Controls, auditor Greg Halpin will explore the third CIS Control about data protection and how he sees his clients implementing these requirements in the field.  As a reminder, the CIS controls are 18 information security controls that all organizations and information security professionals…

Notes from the Field: CIS Control 2 – Inventory and Control of Software Assets 

by Greg Halpin / June 22, 2023

Many of the clients I work with are startup companies that have amazing technologies and services but don't have mature information security programs in place. They often don't know which information security framework to follow or how to implement them. Some frameworks are either too vague or too long and detailed to be useful. That's why I recommend the CIS Controls to my clients to help them get started on…

Expert Insight: The Changes You Need to be Aware of for PCI DSS 4.0 

by Chaz Lively / October 4, 2023

Looking ahead to the looming PCI changes can feel intimidating, but when taken one step at a time, they may be more manageable than you think. There’s still some time before your organization has to completely adopt the PCI DSS 4.0 changes, but if you can start working toward the goal of switching over, your transition can be much smoother.    Here are a few of the big-picture changes that…

Nobody Wants the Same Valentine’s Card

by Joseph Kirkpatrick / June 14, 2023

In the words of Jim Gaffigan, "I hope you like what some other guy wrote." When you receive a Valentine's Day card, have you ever thought about how many people got that same card? It's meaningless when the canned text applies to you and everyone else in the world. Instead, it's nice to get a heartfelt message that is uniquely written for you. An audit report is a love letter…

Is a “Clean” Audit Report Worth It?

by Joseph Kirkpatrick / June 14, 2023

It's become more commonplace to see companies touting their "clean" audit report. It might be a company that has finished their first audit and they're celebrating their success. Whether it's a SOC 1 audit report that focuses on Internal Control over Financial Reporting, or a SOC 2 audit report that focuses on the Security, Availability, Processing Integrity, Confidentiality and Privacy Trust Services Criteria, it feels good to get that report…