PCI Requirement 10 ā€“ Track and Monitor all Access to Network Resources and Cardholder Data

by Randy Bartels / May 31, 2023

ļ»æ Importance of Logging and Tracking If data was compromised at your organization, how would you determine the cause? PCI Requirement 10 focuses on a critical aspect of data protection: logging and tracking. Implementing logging mechanisms at your organization gives you the ability to track user activities, which is crucial in preventing, detecting, and minimizing the consequences of a data breach. Without logging and tracking, itā€™s even more difficult to…

Cloud Security: Business Continuity and Disaster Recovery Planning

by Sarah Harvey / July 12, 2023

Myths about the Cloud and BC/DR Plans When it comes to Business Continuity and Disaster Recovery Plans for cloud environments, we often hear this feedback: ā€œIā€™m in the cloud so I donā€™t have to worry about Business Continuity and Disaster Recovery Plans because my cloud provider does those for me.ā€ ā€œWe donā€™t need to test our Business Continuity and Disaster Recovery Plans, weā€™ve thought it all through.ā€ ā€œOur cloud service…

Auditor Insights: Day-to-Day Operations of Internal Audit

by Joseph Kirkpatrick / June 13, 2023

Internal audit provides a level of monitoring which is generally not available when working with a third-party auditor. If youā€™re going on a long road trip, how likely are you to hop in the car and start driving? Youā€™re not ā€“ most people will take the car to the shop for an oil change and overall inspection. If the road trip is the audit engagement, the practice of taking the…

5 Best Practices for Cloud Security

by Sarah Harvey / December 19, 2022

How has the cloud impacted your organizationā€™s security? Has it left you wondering ā€“ what consequences could we face if a malicious outsider gained access to our cloud environment? Would our clients stay loyal to us if our database was compromised? What can we do to implement cloud security? Our five best practices for cloud security, especially in Azure and AWS environments, include: Identity and Access Management (IAM) Multi-factor authentication…

Auditor Insights: Vulnerability Assessments vs. Penetration Testing

by Sean Rosado / April 5, 2023

Confusion About Vulnerability Assessments and Penetration Testing In my work as a penetration tester, I work with clients who are attempting to meet security and compliance objectives through penetration tests, vulnerability assessments, and other information security-related exercises. What Iā€™ve seen time and time again is organizations who are confused about the difference between vulnerability assessments and penetration testing. Iā€™m passionate about educating our clients on security exercises and determining what…