Home/2015/March

Mobile App Security: User Data Collection and Privacy Concerns

A new study by Carnegie Mellon University finds that many mobile apps collect location data on users almost constantly allowing app creators to track user behavior. This is just one of many data elements mobile phones are collecting on their users raising security concerns for individuals and for the Companies whose employees have smart phones.

This presents more […]

By |2020-01-17T21:26:29+00:00March 30th, 2015|Privacy Compliance|0 Comments

The Next Big Security Concern: The Internet of things and harvesting your private conversations

Samsung Smart TV Terms and Conditions

People often ask what “the next big thing” around IT security will come about next. In years past we’ve seen the rise of “big data”, “the cloud”, “cybersecurity”, and so on – but what’s next? I personally think one of the biggest unsolved problems in tech is the security of the […]

By |2020-01-17T21:26:29+00:00March 26th, 2015|Privacy Compliance|0 Comments

Help Our Community Grow (and Free Whitepaper on Data Breaches)

We want to thank those of you have continued to visit our blog over the last several months. The conversations, emails, and comments have been awesome. We are proud of the community we are building and we need your help to make it grow!

Why should you help us grow this community?

This is your community. The more individuals that become part of the r3s […]

By |2020-01-17T21:26:29+00:00March 19th, 2015|IT Audit & Compliance|0 Comments

How to Design the Perfect Audit Information Request List (and status tracker)

Any consultant or auditor will tell you that the most difficult part of the job is getting the right information from clients. That is why designing an effective information request list (a.k.a. PBC List) is so important. Oddly enough – it is also a skill that is never formally “taught” to new associates. So here’s a beginner’s (or advanced!) guide to […]

By |2020-01-17T21:26:29+00:00March 16th, 2015|IT Audit & Compliance|11 Comments

Cyclical Redundancy Check – An explanation for the layman

During a recent audit, I ran into something interesting while reviewing a script as part of a control related to data integrity. The script performed a simple ETL function (Extract Transform & Load) on tables of data sent and retrieved over a secure FTP connection from their customer’s server.

As I wallowed in geek heaven, deconstructing the code and the intricacies of […]

By |2020-01-17T21:26:29+00:00March 12th, 2015|Cyber Risk Management|0 Comments

The Principle of Least Privilege

When performing IT audits, the Principle of Least Privilege is a term you may hear thrown around quite a bit, but how many novice auditors new to IT audit actually understand what is implied by this within an IT environment? From my experience, not many.

The most common place I see the term surface is when assessing firewalls, but the same principle […]