Home/Tag: Risk Management

Are Penetration Tests Worth the Risk?

I have had several conversations with executives recently about the role of penetration testing and whether or not penetration testing is worth the risk? There seems to be two schools of thought on this issue. One side argues that pen testing is inherently more risky than the risk it's trying to mitigate, the other side calls it necessary for security hardening. Here [...]

By |2020-01-17T21:22:00+00:00October 27th, 2015|Cyber Risk Management|3 Comments

Bridge the Gap Between Internal Audit & Enterprise Risk Management – Identify Business Drivers (PART 4)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 | Part 4 Business Drivers are typically defined by executive management with guidance from the board of directors. From an internal audit or ERM perspective, though we do not define business drivers, [...]

Target 2013 Breach: Understanding the Need for Secure Network Segmentation

A recent post from Cyber Security Investigative Reporter, Brian Krebs, does a great job of reminding IT and Information Security professionals everywhere why proper Network Segmentation is so important. The post, “Inside Target Corp., Days after 2013 Breach” goes into detail about how once criminals infiltrated Target’s corporate network, they were able to run free within the network/domain, easily gaining access [...]

By |2020-01-17T21:22:04+00:00October 1st, 2015|Cyber Risk Management|2 Comments

Bridge the Gap Between Internal Audit & Enterprise Risk Management – ERM Framework (PART 3)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 In Part 2 of this series I discussed what an ERM Dashboard might look like, but that still leaves out the details when it comes to creating one for yourself. [...]

By |2020-01-17T21:22:05+00:00September 28th, 2015|Cyber Risk Management, IT Audit & Compliance|0 Comments

Bridge the Gap Between Internal Audit & Enterprise Risk Management – Begin With the End in Mind (PART 2)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 Begin with the End in Mind Our goal with an ERM system is to be able to track the health of the company by linking processes, controls, and risks to business [...]

By |2020-01-17T21:22:07+00:00September 25th, 2015|Cyber Risk Management, IT Audit & Compliance|2 Comments

Bridge the Gap Between Internal Audit & Enterprise Risk Management (Part 1)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 Last week I had the pleasure of listening Larry Harrington speak at an IIA conference in Atlanta. One point Larry brought up was the role Internal Audit (IA) can and [...]

By |2020-01-17T21:22:13+00:00September 23rd, 2015|Cyber Risk Management, IT Audit & Compliance|0 Comments

Deploying a HIPAA Compliant Encryption Policy

HIPAA, or the Health Insurance Portability and Accountability Act, presents a fairly robust set of standards and rules that any organization within the United States handing PHI (Personal Health Information) are compelled by law to address. On the surface, many of HIPAA’s rules appear strait forward, but as I quickly learned while performing a recent AT601 Compliance Attestation, things are not [...]

Lessons Learned from a Cybersecurity Review

The past week presented me with a neat opportunity. I was asked to assess a so called “Cybersecurity” plan of action for a small organization which has a strong internet presence but little internal expertise in the way of IT operations and security. When I was initially approached about my expertise on cybersecurity and willingness to review the external assessment for [...]

Top 10 IT Risk Frameworks and Resources

I have an entire folder full of risk frameworks that I draw from for inspiration when I'm performing a risk assessment or internal audit project. Here's a few links that I hope you find helpful. If you have something useful not listed below please share in the comments! NIST Cybersecurity Framework Here NIST Cloud Computing Framework Here NIST Computer Security Framework [...]

By |2020-01-17T21:26:28+00:00May 7th, 2015|Cyber Risk Management|3 Comments

5 Easy Steps to Securing your PC or Mac!

True IT guys seem to be few and far between in the world of public accounting, but I have noticed more and more of us starting to get sucked into the wonderful world of audit spreadsheets, AICPA guidelines and risk frameworks! After spending the past year roaming the halls of the Atlanta Grant Thornton office, I still stick out a bit [...]

By |2020-01-17T21:26:28+00:00April 23rd, 2015|Cyber Risk Management|1 Comment