Risk Management Archives

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word "audit" in the same [...]

By Jack Nguyen|2020-01-23T16:04:08+00:00December 2nd, 2019|ISO 27001 Compliance, IT Audit and Compliance, Regulatory Compliance|0 Comments

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today. On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to [...]

By Asher Andree|2020-08-25T16:53:45+00:00November 25th, 2019|Cyber Risk Management, Penetration Testing|1 Comment

Simplified Guidance on Developing a Cyber Security Baseline for the CIO and CTO

Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.

By Shane Peden|2020-01-17T21:17:54+00:00December 31st, 2018|CISO Discussions, Cyber Risk Management|0 Comments

How to Turn the Risk Committee Meeting into the Most Valuable Meeting on Your Calendar

Mention "Risk Committee" or "Enterprise Risk" to upper management and you will probably get an eye role. If you suggest a standing meeting about risk - it might get you [...]

By Christian Hyatt|2020-08-04T16:04:30+00:00April 23rd, 2018|CISO Discussions, Cyber Risk Management, IT Audit and Compliance|0 Comments

Advice for Studying and Passing the CISSP Exam

This past week I sat for the (ISC)2 CISSP exam and passed on my first attempt! With the entire preparation and test taking experience still fresh on my mind, I [...]

By Shane Peden|2020-08-04T15:54:44+00:00June 10th, 2016|Cyber Risk Management, IT Audit and Compliance|5 Comments

IT Audit Techniques – Inquiry, Observation, Inspection

The first thing I try to explain to new auditors (or clients going through an audit for the first time) is what techniques IT auditors use to audit. Most people [...]

By Shane Peden|2020-08-27T17:37:03+00:00April 13th, 2015|IT Audit and Compliance|1 Comment

Advice for Taking the CISA Exam

This past December I took the ISACA CISA exam and I’m pleased to announce that last week, I got my confirmation letter stating that I passed in the top 10 [...]

By Shane Peden|2020-12-03T21:00:40+00:00January 22nd, 2015|IT Audit and Compliance|29 Comments

Pen Testing: Malicious File Execution

What is a Malicious File Execution Vulnerability?Malicious file execution vulnerabilities (also called File Inclusion Vulnerabilities) is a vulnerability that occurs due to user input or uploads to websites not being [...]

By Shane Peden|2020-08-27T16:45:01+00:00January 8th, 2015|Cyber Risk Management|5 Comments

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names and passwords, the passwords themselves aren’t usually sitting out in [...]

By Shane Peden|2020-08-27T17:35:28+00:00November 13th, 2014|Cyber Risk Management, ISO 27001 Compliance, IT Audit and Compliance, SOC Reporting|0 Comments

What is a Stateful Firewall

Stateful refers to the “state” of the connection between the outside internet and the internal network. A stateful firewall keeps track of the connections in a session table. When a [...]

By Shane Peden|2020-12-03T20:53:51+00:00November 6th, 2014|Cyber Risk Management|2 Comments