15 Information Security Policies Every Business Should Have

by Tori Thurmond / February 6, 2024

When a business suffers a data breach or any other information security failure, it’s best practice to launch a root-cause investigation. We want to know what happened, how it happened, and how it could have been prevented. Whatever the ultimate conclusion of the investigation, among the causes, you will usually find either: Inadequate information security policies A failure to properly implement existing information security policies Information security policies are how…

SOC 1 Type 1 vs Type 2: What’s the Difference?

by Joseph Kirkpatrick / February 5, 2024

You know you need to complete a SOC 1 audit but aren't sure if you need a SOC 1 Type I or a SOC 1 Type II. What sets them apart and which makes the most sense for your organization's needs? Don't let the complexities of SOC reports overwhelm you! Below, we explore the importance of a SOC 1 audit report and compare the SOC 1 Type I vs Type…

Understanding the 3 FISMA Compliance Levels: Low, Moderate, and High

by Tori Thurmond / January 31, 2024

What is FISMA? The Federal Information Security Management Act (FISMA) is a piece of United States legislation, enacted as part of the Electronic Government Act of 2002. FISMA’s intent is to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. FISMA is the law; NIST Special Publication 800-53, Security Controls for Federal Information Systems and Organizations, is the standard that…

Why Should Your Employees Sign a Policy Acknowledgment Form?

by Tori Thurmond / January 17, 2024

What does it mean for your employees to acknowledge your employee policies and procedures? To comply with information security standards, it’s required that all employees have expressed acknowledgment of the policies in place within your organization, specifically through a policy acknowledgment form for things like your information security policies and employee handbook. Having policy acknowledgment forms is an important piece of the puzzle when it comes to policy development and…

How to Manage AWS Access Keys and AWS Identities Securely

by Hannah Grace Holladay / January 30, 2024

Information security in the cloud depends on properly managing secrets, including AWS access keys. Authorized users and code must authenticate to use cloud resources. Authentication relies on shared secrets, but shared credentials may create security vulnerabilities, especially when shared naively by embedding them in application code.  Embedding AWS access keys in code seems an efficient solution when, for example, your code needs to interact with the S3 API to store…