Security Within Your Development, Staging, and Production Environments

by Sarah Harvey / June 14, 2023

When information security, data security, and cybersecurity measures aren’t followed in development, staging, and production environments, the consequences can be detrimental. We’ve seen that time and time again. Last year, a bug bounty discovered a data breach at Imperva – a leading provider of firewall services. How did it happen? An unauthorized user stole an administrative API key from a production AWS account. What was the mistake behind Uber’s 2016…

The 2020 Iowa Caucus Coding Errors: A Failed Attempt to Modernize Elections

by Sarah Harvey / November 14, 2023

In a day and age where mobile apps are heavily relied on for business, social interaction, and everyday activities, we have to ask: is there really a place for mobile apps in our election system? Or, more importantly, do we emphasize the security of mobile apps enough to allow them to play such a critical role in our elections? The Iowa caucus coding errors revealed at the 2020 Iowa caucuses…

Top Mistakes C-Level Execs Make When It Comes to Security and Compliance

by Sarah Harvey / February 20, 2023

How Can C-Levels Overcome Compliance Challenges? The growth and maturity of the security function will only rise as far as its leader’s capacity. Cyber and compliance threats are advancing, threatening our organizations’ financial and human resources. Because of this, business leaders must learn how to overcome the potential mistakes they make when it comes to information security and compliance and develop our leaders to face the potential mistakes we make…

Encrypted Backups: What They Are and How to Use Them

by Sarah Harvey / June 14, 2023

Today’s cyber landscape is riddled with advancing threats. From simple phishing attacks to intricate DoS attacks, businesses must ensure that the data they collect, use, store, and transmit is properly and thoroughly secured. After all, the data that companies hold is one of their greatest asset, so being aware of the consequences associated with losing that data is essential. For this reason, we believe that it’s imperative that organizations encrypt…

business people walking

Combining SOC 1 and SOC 2 Audits

by Sarah Harvey / June 13, 2023

We get a lot of questions about SOC 1 and SOC 2 audits. What’s the difference between the two? Should your company do both? Are you able to consolidate multiple audits into one project? KirkpatrickPrice has developed the Online Audit Manager to make it easier to combine multiple audits into one project. Let’s talk through why and how you would take on the project of a combined SOC 1 and…