Advice for Taking the CISA Exam (Updated)

Everything you need to know to pass with flying colors.

From isaca.org

As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients.

We have provided advice for taking […]

Everything you need to know to pass with flying colors.

From isaca.org

As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients.

We have provided advice for taking […]

An Insider’s Perspective on Choosing a Security and Compliance Partner That Is Right for Your Business

A few things to consider when choosing a consulting firm partner.

At risk3sixty, we interact with a lot of prospective customers who want us as a security consulting partner. Some firms ask great questions and have a clear understanding of what they are looking for. Others need a little more help […]

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits […]

How We Measure Candidates at risk3sixty

Business boils down to one thing: People

People are the most challenging (and rewarding) part of a successful business. And I mean the full lifecycle of employee experience. You have to do a great job recruiting, making hiring decisions, then training people better than anyone else, creating a culture where people want to stay, and if people leave – helping them succeed […]

How to Turn the Risk Committee Meeting into the Most Valuable Meeting on Your Calendar

Mention “Risk Committee” or “Enterprise Risk” to upper management and you will probably get an eye role. If you suggest a standing meeting about risk – it might get you fired. BUT – I believe the risk committee meeting can be the most valuable meeting on your calendar. Here’s how:

Why Risk Committee Meetings Are Important

Successful risk committee meetings are all about […]

Thoughts on Building an Information Security Program that Sticks

Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of directors.

The problem for most organizations trying to build an information security […]

Quality Work Does Not Mean Quality Service

“Managing the Professional Services Firm” by David Maister is considered to be “core canon” among consulting professionals. Though it was originally published over 25 years ago (1993) it has aged gracefully and almost all of its content is still relevant today.

One of our team’s favorite distinction, as pointed out by Maister, is […]

Developing an IT Audit & Security Plan for Microsoft Office 365

Our team was recently tasked with developing an audit plan for Microsoft Office 365. While there are plenty of tools available to assist organizations with performing ongoing audits of user privileges and object permissions in Microsoft Office 365, we were hard pressed to find any solid thought leadership on auditing Office 365 beyond user […]