Data Security for Generative AI: A Webinar Recap

by Tori Thurmond / August 1st, 2023

Can AI and security coexist?   This month, KirkpatrickPrice joined forces with Walter Haydock, the Founder and CEO of StackAware, to have a conversation about that question.  What’s the deal with AI? There’s no denying that AI is a hot topic right now. You’ve probably heard about some really great things AI tools can do and maybe a few risks or concerns as well.  Artificial Intelligence has been around for a…

The 7 Steps of Incident Response 

by Bob Welch / July 28th, 2023

In today’s ever evolving threat landscape, you must have a plan in place for how your organization will face threats and respond to them when an attack occurs. Unfortunately, incidents are a matter of when not if, so having a response plan is the best way to guarantee your organization survives after an incident occurs.  When an incident occurs, it may feel like you have a million steps to take…

Notes from the Field: Center for Internet Security Control 08 – Audit Log Management 

by Greg Halpin / July 19th, 2023

During a recent SOC 2 Gap Assessment with a medical billing company, the IT Manager and I discussed the logging and alerting tools the organization had in place. He explained that the company uses the default logging settings and capabilities of the operating systems, applications, and network gear. However, they didn't configure any alerts. The IT team reviewed logs when there was a problem but did not conduct regular reviews.…

Conducting Incident Response Plan Table Top Exercises

by Tori Thurmond / July 10th, 2023

So, your Incident Response Plan looks good on paper – it’s been mapped, planned, and documented. But has it been tested? Will it actually work? According to the 2022 IBM Cost of a Data Breach Report, organizations that had an incident response (IR) team in place and tested their incident response plan had an average of $2.66 million lower breach cost than organizations without an IR team and that didn't…

Notes from the Field: Center for Internet Security Control 7 – Continuous Vulnerability Management

by Greg Halpin / July 6th, 2023

This is the seventh in a series of posts expert auditor Greg Halpin is writing on the Center for Internet Security (CIS) Controls (Version 8) discussing vulnerability management.  As a reminder, the CIS Controls are 18 critical information security controls that all organizations and information security professionals should be familiar with and implement to protect their networks and data. In this post Greg discusses what he sees in his work…