Home/Tag: IT Audit

COVID-19 and ISO 27001: What Coronavirus Means for Your Certification Audit

Many organizations have been impacted by office closures during the COVID-19 pandemic. Here’s how to maintain your ISO 27001 certification during the crisis.

Many organizations are facing the challenge of maintaining their ISO 27001 certification schedule during the Coronavirus (COVID-19) pandemic. This includes scheduling (or rescheduling) on-site audits in a time when most organizations aren’t sure when they will be able to […]

Advice for Taking the CISA Exam (Updated)

Everything you need to know to pass with flying colors.

From isaca.org

As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients.

We have provided advice for taking […]

Everything you need to know to pass with flying colors.

From isaca.org

As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients.

We have provided advice for taking […]

By |2020-02-03T15:26:16+00:00February 3rd, 2020|IT Audit & Compliance|0 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.
 
People often regard information security policy as a “check-the-box” compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, […]

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits […]

Simplify Compliance by Creating One Set of Controls to Manage Risk (Unified Control Framework)

Heavily regulated companies spend a lot of time mapping and creating new business processes to meet compliance requirements. This is especially frustrating for businesses that face multiple compliance requirements.

We see this often in the financial technology (FinTech) and healthcare technology (HIT) space. Companies like these have an almost unmanageable number of regulatory frameworks to navigate. (SOC 2, ISO 27001, GLBA, HIPAA, […]

Securing Corporate Wireless Access Points (WAPs)

WAPEnclosure

The set of controls and conditions IT auditors look for during assessments of Wireless Access Points (WAPs) tends to vary auditor to auditor.

In some cases, the IT auditor may make great suggestions for controls I have not seen many organizations put into place while in other cases, the auditor might point out the […]

How to Check for Dangerous Certificates and Unsigned Windows OS Files

Sigcheck is a light weight Windows command-line utility that does an amazing job at scanning the digital certificate stores on your system for anything irregular and not part of the official Microsoft Trusted Root Certificate list.

Additionally, the utility will also check the digital signatures of files and identify all unsigned files in a directory while simultaneously running […]

By |2020-01-17T21:21:26+00:00February 16th, 2016|Cyber Risk Management, IT Audit & Compliance|8 Comments

Developing & Implementing a Data Classification Policy

Properly classifying and labeling information assets is fundamental to a successful information security program, yet many organizations fail to implement one. Without proper asset classification, the organization exposes itself to additional risk of data breaches, accidental loss/release of sensitive information, losses in efficiency or additional costs associated with securing data that may not require it (hardware-based encryption doesn’t come cheap!).

It is […]