Information Security Archives

Advice for Taking the CISA Exam (Updated)

Everything you need to know to pass with flying colors.

From isaca.org

As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients.

We have provided advice for taking […]

Everything you need to know to pass with flying colors.

From isaca.org

As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients.

We have provided advice for taking […]

Jack Nguyen2020-02-03T15:26:16+00:00IT Audit & Compliance|0 Comments

An Insider’s Perspective on Choosing a Security and Compliance Partner That Is Right for Your Business

A few things to consider when choosing a consulting firm partner.

At risk3sixty, we interact with a lot of prospective customers who want us as a security consulting partner. Some firms ask great questions and have a clear understanding of what they are looking for. Others need a little more help […]

Christian Hyatt2020-01-23T19:20:21+00:00CISO Discussions, IT Audit & Compliance|0 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.

People often regard information security policy as a “check-the-box” compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, […]

Kendall Morris2020-01-24T13:42:36+00:00CISO Discussions, Cyber Risk Management, ISO 27001 Compliance, IT Audit & Compliance, SOC Reporting|1 Comment

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs.

The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs. As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements. One such area involves the governance of an ISO 27701 […]

Philip Brudney2020-01-23T19:24:19+00:00ISO 27001 Compliance, Privacy Compliance|0 Comments

Understanding Phishing and How to Stop the Scam

Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source.

Low level methods can accomplish this simply by creating […]

E J2020-01-17T21:17:43+00:00Cyber Risk Management|0 Comments

Securing Enterprise Networks with Port-Based Network Access Control

One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls.

Shutting down unused ports is the traditional mitigation. Still this […]

Shane Peden2020-01-17T21:17:50+00:00Cyber Risk Management, IT Audit & Compliance|0 Comments

Thoughts on Building an Information Security Program that Sticks

Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of directors.

The problem for most organizations trying to build an information security […]

Christian Hyatt2020-01-17T21:43:09+00:00CISO Discussions, Cyber Risk Management, ISO 27001 Compliance, NIST 800 Series|0 Comments

Petya Ransomware & Mitigation Steps

They Petya Ransomeware outbreak is the second such global attack in the last couple of month. The malware is spreading using same Microsoft Windows vulnerability that was exploited by the recent WannaCry ransomware event.

Symantec confirmed that Petya uses the “Eternal Blue” exploit. Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but […]

Christian Hyatt2020-01-17T21:20:51+00:00Cyber Risk Management|0 Comments

The Future of IoT Security

Required Reading:
1) IoT Growing Faster Than the Ability to Defend it
2) DDoS on DYN Impacts Twitter, Spotify, Reddit

Until recently the security concerns associated with IoT devices have been mostly speculative. It’s easy to ignore how a webcam or a inexpensive gadget might be a cyber-security concern. Most people don’t think in terms of […]

Christian Hyatt2020-01-17T21:21:20+00:00Cyber Risk Management|0 Comments

Securing Corporate Wireless Access Points (WAPs)

The set of controls and conditions IT auditors look for during assessments of Wireless Access Points (WAPs) tends to vary auditor to auditor.

In some cases, the IT auditor may make great suggestions for controls I have not seen many organizations put into place while in other cases, the auditor might point out the […]

Shane Peden2020-01-17T21:21:25+00:00Cyber Risk Management, ISO 27001 Compliance, IT Audit & Compliance, SOC Reporting|2 Comments