If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word "audit" in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits of that [...]
And how they are still relevant today. On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and Maersk [...]
Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
Mention "Risk Committee" or "Enterprise Risk" to upper management and you will probably get an eye role. If you suggest a standing meeting about risk - it might get you fired. BUT - I believe the risk committee meeting can be the most valuable meeting on your calendar. Here's how: Why Risk Committee Meetings Are Important Successful risk committee meetings are [...]
This past week I sat for the (ISC)2 CISSP exam and passed on my first attempt! With the entire preparation and test taking experience still fresh on my mind, I felt I should take time to document my experience and study approach similar to when I sat for the CISA exam last year. What is the CISSP Exam like? The CISSP [...]
The set of controls and conditions IT auditors look for during assessments of Wireless Access Points (WAPs) tends to vary auditor to auditor. In some cases, the IT auditor may make great suggestions for controls I have not seen many organizations put into place while in other cases, the auditor might point out the absence of seemingly weak controls that leaves [...]
Sigcheck is a light weight Windows command-line utility that does an amazing job at scanning the digital certificate stores on your system for anything irregular and not part of the official Microsoft Trusted Root Certificate list. Additionally, the utility will also check the digital signatures of files and identify all unsigned files in a directory while simultaneously running them against [...]
As companies continue to shift data and resources to electronic formats, a trend growing faster year over year, information and cyber risks shift to the top of management's priority list. This means that management must dedicate more resources - resources that don't exist - to the management information risk. This shortage of human resources combined with an exponentially growing digital attack surface means companies must [...]
I recently participated in a CIO round-table to discuss mechanisms in which management teams assess information technology risks. Almost all of the CIOs said they were performing regular risk assessments, but they also expressed a lot of concern that the assessments were performed consistently or with high quality. The major concern between the CIOs was that they didn't have a realistic view [...]
Penetration testing has become another hot, and often misused term in the marketplace, joining the ranks of other buzz words such as “Cybersecurity”, “Hacker” and “The Cloud”. Often times, organizations confuse penetration testing with vulnerability scans or security posture assessments (a.k.a risk assessment). While penetration testing does include utilizing vulnerability scans and overlaps with security posture assessments, penetration testing encompasses a [...]