How Does AWS Audit Manager Streamline Cloud Security Audits?

by Hannah Grace Holladay / February 15, 2023

Audits are essential for businesses that need to demonstrate compliance with regulatory frameworks and standards, but they are often time-consuming and disruptive. Businesses must ensure relevant controls are implemented and gather evidence to demonstrate implementation to auditors. Evidence gathering is among the most time-consuming and error-prone aspects of auditing, but it is, fortunately, an aspect that can be automated to some degree.  AWS Audit Manager is an evidence collection automation…

Notes from the Field: CIS Control 01 – Inventory and Control of Enterprise Assets

by Greg Halpin / June 14, 2023

The Center for Internet Security released Version 8 of its CIS Controls document in May 2021. If you are not familiar with the Center for Internet Security, it's a non-profit organization dedicated to making "the connected world a safer place..." The Controls document includes 18 information security controls that all organizations and information security professionals should understand and implement to protect their data, networks, systems, and other resources.  The clients I work with often…

What Are CIS Benchmarks and How Do They Help Businesses with Security Compliance?

by Hannah Grace Holladay / February 15, 2023

CIS Benchmarks are collections of recommendations and best practices for securely configuring servers, networks, software, and other IT systems. Developed by the Center for Internet Security, the benchmarks provide guidance businesses can use to implement secure systems, assess their current level of security, and achieve regulatory compliance.  Given the number and complexity of IT services and systems, it is challenging for businesses to develop policies and implement procedures that maintain…

6 Ways Employees Expose Businesses to Security and Compliance Risks

by Hannah Grace Holladay / April 12, 2023

Business managers and IT professionals are inclined to attribute employee-caused security failures to malice, ignorance, or laziness. After all, the business has security policies and procedures. Employees know about them or, at the very least, have signed a declaration affirming they know about them. The IT team has implemented secure systems.  And yet, employees often circumvent these systems and ignore information security policies, exposing the business to cybersecurity attacks and…

Are Patch Management Failures Putting Your Company At Risk?

by Hannah Grace Holladay / February 14, 2023

Regular software updates and rigorous patch management processes are essential to maintaining security and compliance. Even the most careful proprietary and open source software development introduces bugs. Some of those bugs create security vulnerabilities, and cybercriminals are always looking for opportunities to infiltrate business IT resources and steal sensitive data.  A report from Arctic Wolf, a security operations vendor, shows the scale of the problem. Exposure of a known vulnerability…