Home/2018

How We Measure Candidates at risk3sixty

Business boils down to one thing: People

People are the most challenging (and rewarding) part of a successful business. And I mean the full lifecycle of employee experience. You have to do a great job recruiting, making hiring decisions, then training people better than anyone else, creating a culture where people want to stay, and if people leave – helping them succeed […]

By |2020-06-24T18:22:12+00:00December 20th, 2018|Culture|0 Comments

Analyzing Your Attack Surface Like A Hacker

When most people think of hacking, they think of what Hollywood portrays. In a dark basement, a hooded, perhaps tattooed outcast rapidly types nonsensical keystrokes at a flashy computer monitor for several seconds before snidely muttering, “I’m in.”

By that representation, the hacking process seems pretty straightforward: find a vulnerability, exploit it and ride off into the sunset with a bunch of […]

By |2020-01-17T21:17:55+00:00October 8th, 2018|Cyber Risk Management, IT Audit & Compliance|0 Comments

What is the Difference between SOC 2 Type I and SOC 2 Type II?

If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process.

Step 1: Readiness Assessment

A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC 2 audit by identifying your current controls as […]

By |2020-01-17T21:20:09+00:00September 10th, 2018|SOC Reporting|1 Comment

Understanding Different Types of Penetration Testing Engagements

There is understandably quite a bit of confusion in the market place when it comes to offensive security engagements. Consultants use a number of terms and phrases that often times overlap with one another quite a bit, but often times fail to differentiate effectively. For example:

  1. Vulnerability assessment
  2. Vulnerability research
  3. Penetration test
  4. Security Audit
  5. Red teaming
  6. Social engineering
  7. Phishing Campaigns

With so […]

By |2020-01-17T21:20:10+00:00August 27th, 2018|IT Audit & Compliance|0 Comments

How to Interview for Grit

I just finished the book “GRIT: The Power of Passion and Perseverance” by Angela Duckworth. Duckworth is a professor at the University of Pennsylvania and has studied Grit in the context of success for over a decade.

The results of her studies: Grit matters.

Instinctively, when I speak with leaders of organizations they know that […]

By |2020-01-25T12:36:01+00:00June 18th, 2018|CISO Discussions, Culture|0 Comments

New Guidance Clarifies GDPR’s Data Protection Impact Assessment (DPIA) Requirements

The Data Protection Impact Assessment (DPIA) is a significant new burden on data controllers under GDPR.  As many have noted, GDPR does not clearly outline when a DPIA is required, instead referring to processing “likely to result in a high risk to the rights and freedoms of natural persons.”

Article 35(4) charges supervisory authorities with developing a list of processing operations […]

How to Turn the Risk Committee Meeting into the Most Valuable Meeting on Your Calendar

Mention “Risk Committee” or “Enterprise Risk” to upper management and you will probably get an eye role. If you suggest a standing meeting about risk – it might get you fired. BUT – I believe the risk committee meeting can be the most valuable meeting on your calendar. Here’s how:

Why Risk Committee Meetings Are Important

Successful risk committee meetings are all about […]