Category: IT Audit and Compliance

Password Security

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names, and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically, the passwords will be cryptographically hashed. Hashing a password takes a string of any length (the password

Read More

4 Habits to Adopt for Highly Effective Compliance Audits

How can you help ensure the successful and timely completion of your compliance audit? This article provides insights into what we’ve found successful compliance auditees do during the audit process. Regardless of the company’s size or maturity of their GRC function, a common thread in the successful on-time completion of

Read More
Managing Compliance M&A

Managing Your Compliance Controls Activities Throughout M&A

How can you ensure that your security and compliance controls will continue to operate effectively during mergers and acquisitions? Here are a few tips to aid you in what to expect and ways to manage your changing environment! Design and Own Your SOC 2 Controls Mergers and acquisitions (M&A) are

Read More
Asset Management Blog

How Asset Management Became a Top Priority

When discussing the ever-changing landscape that is asset management, we have to start from the beginning. Asset management has always been important to IT departments, and it understandably garnered more attention as workforces became increasingly mobile. They needed to know how much of the budget was being consumed by IT

Read More

HITRUST Nuances and How to Use Them to Your Advantage

The HITRUST CSF contains several attributes that differentiate it from other information security frameworks.  Here are three tips on how to handle them! The HITRUST Business Case Many consider the HITRUST CSF to be one of the top cybersecurity frameworks for organizations to adopt. Although it was initially designed as

Read More
Audit Blog

How to Provide Audit Evidence

So, you’ve been tasked with providing evidence for an audit. You may be wondering what your auditor is even looking for. Let’s take a look behind the scenes at why the auditor is asking for certain things, and how you can provide audit evidence to make your life (and your

Read More
GRC Program Blog

Implementing Continuity in Your GRC Program

Every company must deal with governance, risk, and compliance. Often abbreviated as GRC, this business function is responsible for ensuring that major risks are addressed, required compliance initiatives have been investigated, and the organizational structure supports these objectives. GRC Program Continuity Events Continuity events are typically thought of as natural

Read More
Information Security Blog

Landing a Job in Information Security

How can you start a career in information security?  Here are 4 tips to land your first job! The Key is to Stand Out The information security field boasts one of the fastest-growing job industries in the United States. Couple that with a worsening cybersecurity skills shortage, and it seems

Read More

Advice for Taking the CISA Exam in the COVID-era

Everything you need to know to pass with flying colors. Studying for the CISA exam can be tough, but it is also a great opportunity to understand the world of information security auditing as it applies to a variety of frameworks, such as PCI DSS, ISO 27001, and SOC 2

Read More