Home/Tag: The Human Element

What We Learned About Each Other While Running 100 Miles Together

Every year our team runs a 100-mile relay race through North Georgia (for charity). Along the way, we learn a lot about ourselves and a lot about each other.

Back in October, I wrote a blog post about why our team does hard stuff together. I wrote that post because our team has a standing tradition of doing things like over-night […]

By |2020-01-23T19:21:47+00:00December 30th, 2019|Culture, News and Events|0 Comments

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom.

Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:

ISO 27001 A9.4.2: Where required by the access […]

ISO 27001: Understanding Security Roles and Responsibilities and Why They Are Vital to the Success of Your Security Program

When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can  read our whitepaper on the ISO […]

Five Ways to make the Board of Directors and Executives Very Happy

Unless you are part of senior management the closest most of us come to the Board of Directors (BODs) or executives is reading their Ivy League bios on the company website. But a good consultant knows the way to your bosses heart is by making the BODs very happy. The good news is making the big-whigs happy isn’t that hard – you […]

I Hate My Auditor: Building Better Client Relationships

Image courtesy of Kiplinger.com

I never tell anyone that I am an “auditor”. Usually the word “auditor” conjures up images of the IRS knocking at your door asking for money. Besides, “auditor” hardly scratches the surface of what any good IT auditor does for his company.

For me, I market myself as a consultant. Most […]

By |2020-01-17T21:26:56+00:00February 23rd, 2015|Cyber Risk Management, IT Audit & Compliance|4 Comments

Key Characteristics of an Effective Information Systems Auditor

geeks IT Geeks don’t always make for good auditors…

I like most my time spent blogging on R3S to focus on Information Technology and Security. As an Information Systems auditor, my IT/IS knowledge definitely makes me stand out against many of my peers in public accounting. With that being said, today I’d like to […]

By |2020-01-17T21:27:00+00:00February 12th, 2015|Cyber Risk Management, IT Audit & Compliance|4 Comments

Free Information Security Training Materials (Exam and Acknowledgment Forms Included)

A recent study by Symantec revealed that “together human errors and system problems account for 64 percent of data breaches”. This further reinforces the point I made in my last post that it is vital that companies train their employees.

To help drive that point home we have created a free information security training […]

Designing an Effective Information Security Training

The most vulnerable asset in any company isn’t the network or the application – it is the people. People, being the imperfect beings we are, may forget passwords, forget to lock computers, or fall victim to social engineering hacks. Studies repeatedly show that adults willingly open malicious emails, give away personal information over the […]

I.T. Auditors are Worthless: How to Establish Credibility with the I.T. Guy (or Gal)

“I.T. Auditors don’t know anything about I.T.” – Anonymous Client

On the first day of almost every project I have ever been involved with I have had to overcome the perception that as an “Auditor” (I prefer Consultant because I’m usually there to do a lot more than just audit) I lack any understanding of technology. From a client’s […]

By |2020-01-17T21:27:15+00:00January 19th, 2015|IT Audit & Compliance|6 Comments