5 Strategies to Keep You From Wasting Time on Security Questionnaires

by Sarah Harvey / June 15, 2023

If you’re a start-up trying to win new clients, the dreaded security questionnaires are coming your way. Or, let’s say you’re a midsize business who’s been in business for years that’s bidding on an enterprise-level prospect – a security questionnaire request is in your future. Even we, as an information security auditing firm, are frequently asked about the security of our Online Audit Manager. The questions may seem irrelevant, repetitive,…

7 Reasons Why You Need a Manual Penetration Test

by Sarah Harvey / December 16, 2022

Undergoing a penetration test can be a lengthy process. But pen testing - especially manual penetration testing - can save your organization hundreds of hours and thousands of dollars in the long run. Automated scanners can seem more cost-effective upfront, but they often don't cover the same depth of scope that manual security testing can. Here are 7 reasons why your organization should consider undergoing a manual security and penetration…

Getting the Most Out of Your Information Security and Cybersecurity Programs in 2019

by Sarah Harvey / June 15, 2023

As organizations plan their information security and cybersecurity efforts for 2019, we often hear a lot of confusion and frustration about things like frameworks modifying their requirements, the cost of audits and assessments rising, scopes getting bigger, and testing seeming to get more difficult. The threats will do nothing but persist in 2019. You need to do more to protect your organization. When prices or scope or frequency increases, here’s…

Was the Audit Worth It?

by Sarah Harvey / June 14, 2023

Information security audits strengthen business operations, yet many organizations are fearful of the process. We understand organizations’ hesitance to spend the time, money, and resources on information security – but the threats are only going to get more pervasive and more sophisticated. When a company chooses to invest in information security, it’s evidence of their commitment to providing assurance to clients, prospects, regulators, and business partners. But before they choose…

Was the Gap Analysis Worth It?

by Sarah Harvey / June 14, 2023

What is a Gap Analysis? When an organization pursues an audit for the first time, we strongly recommend starting with a gap analysis. Why? The truth is: we don’t want you to fail the audit. We want to help you prepare for the audit so that you can meet your challenging compliance goals, and we want to educate you on what you’re getting into when you pursue an information security…