SOC 2 Academy: Additional Points of Focus for Logical Access

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.1 While not requirements, points of focus are meant to serve as references to assist organizations when they are designing, implementing, operating, and evaluating controls over security, availability, confidentiality, processing integrity, and privacy. When it comes to implementing logical access controls, there are some additional points of focus that will help organizations ensure that their information security systems remain secure. Let’s take a look at how these additional…

Remote Auditing vs. Onsite Assessments: What Do I Want?

by Sarah Harvey / June 14, 2023

There’s a lot to consider when choosing an audit partner. What does their audit process look like? What kind of services do they offer? How will they help you reach your audit objectives? How much do they charge? Will they perform a remote audit or an onsite assessment? While these are all valid concerns, organizations also have to consider their own intentions behind pursing compliance: is it required to partner…

Are Your Remote Employees Working Securely?

by Sarah Harvey / June 15, 2023

Employees are often considered an organization’s weakest link, but remote employees create additional risks that businesses must be cognizant of. As more and more businesses opt to hire remote employees, they need to prepare for and stay ahead of these risks. What would happen if a remote employee used public WiFi and a malicious hacker gaining access to your organization’s sensitive files? What would be the impact if your remote…

SOC 2 Academy: Protection Through Logical Access

by Joseph Kirkpatrick / May 31, 2023

Common Criteria 6.1 When a service organization undergoes a SOC 2 audit, auditor will look to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 6.1 says, “The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.” What will an auditor look for when assessing…

Why is Ransomware Successful?

by Sarah Harvey / June 14, 2023

What is Ransomware? Ransomware is the attack method that you’ve seen over and over again in the headlines and, unfortunately, it's not going away. Global outbreaks like WannaCrypt, Petya/NotPetya, and BadRabbit have made ransomware a household name. The FBI reports that over 4,000 ransomware attacks occur daily. With its sophistication and frequency of attacks, it makes people think – why is ransomware successful? How can it be stopped? Let's discuss…