Every company must deal with governance, risk, and compliance. Often abbreviated as GRC, this business function is responsible for ensuring that major risks are addressed, required compliance initiatives have been [...]
A GRC tool can help an organization manage its governance, risk, and compliance program. But why use a GRC tool instead of managing your GRC program manually? GRC tools can [...]
If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word "audit" in the same [...]
And how they are still relevant today. On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to [...]
Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
Mention "Risk Committee" or "Enterprise Risk" to upper management and you will probably get an eye role. If you suggest a standing meeting about risk - it might get you [...]
This past week I sat for the (ISC)2 CISSP exam and passed on my first attempt! With the entire preparation and test taking experience still fresh on my mind, I [...]
The first thing I try to explain to new auditors (or clients going through an audit for the first time) is what techniques IT auditors use to audit. Most people [...]
This past December I took the ISACA CISA exam and I’m pleased to announce that last week, I got my confirmation letter stating that I passed in the top 10 [...]
What is a Malicious File Execution Vulnerability?Malicious file execution vulnerabilities (also called File Inclusion Vulnerabilities) is a vulnerability that occurs due to user input or uploads to websites not being [...]