business people walking

Auditor Insights: Business Continuity and Disaster Recovery Plans for the Cloud

by Joseph Kirkpatrick / December 16, 2022

Most business owners understand the importance of Business Continuity and Disaster Recovery Plans. These documented sets of policies and procedures can be a lifeline to organizations following a disaster because they determine loss of operations, reputation, and revenue. But how does the cloud impact Business Continuity and Disaster Recovery Plans? Myths about Business Continuity and Disaster Recovery Plans for the Cloud When it comes to Business Continuity and Disaster Recovery…

[24]7.ai Cyber Incident: How Your Vendors Can Impact Your Security

by Sarah Harvey / December 16, 2022

Vendor Compliance Management: What Happened? On April 4th, [24]7.ai, a customer support software company, announced a cyber incident ā€œpotentially affecting the online customer payment information of a small number of our client companies,ā€ that occurred between September 26 and October 12, 2017. This cyber incident specifically occurred in [24]7.aiā€™s chat tool. Never heard of [24]7.ai? We hadnā€™t either, but their well-known clients gave this breach national attention. Sears, Delta Air…

GDPR Readiness: Whose Data is Covered by GDPR?

by Sarah Harvey / July 12, 2023

Data FAQs for GDPR Ready to learn what constitutes a data subject and personal data under GDPR? Mark Hinely joins us in this webinar to discuss! ļ»æ Who is a Data Subject? The definition of a data subject under GDPR is one of the most confusing aspects of the law. Thereā€™s no formal definition, inconsistent terms within the law, no formal guidance from Article 29 Working Party, and the supervisory…

What is PCI Requirement 10.7 and What is an Audit Trail History?

by Randy Bartels / April 12, 2023

ļ»æļ»æ PCI Compliance and Audit Trail History Now that youā€™ve implemented logging, what do you to them? PCI Requirement 10.7 asks that you retain audit trail history for at least one year, with a minimum of three months immediately available for analysis. A year is the recommended length of time because it may take a few months to notice a compromise. A yearā€™s worth of audit trail history can be…

PCI Requirement 10.2.4 ā€“ Invalid Logical Access Attempts

by Randy Bartels / May 31, 2023

ļ»æļ»æ Is There a Log of That? Invalid logical access attempts are often an indication of a malicious user attempting to access something they donā€™t have permission to. This is why PCI Requirement 10.2.4 requires that organizations implement automated audit trails to reconstruct invalid logical access attempts. Misspell your password? There should be a log of that. Someone tries to view a file that they donā€™t have permission to? There…