Every year our team runs a 100-mile relay race through North Georgia (for charity). Along the way, we learn a lot about ourselves and a lot about each other.
Back in October, I wrote a blog post about why our team does hard stuff together. I wrote that post because our team has a standing tradition of doing things like over-night […]
How to keep the keys to the kingdom from escaping the kingdom.
Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:
ISO 27001 A9.4.2: Where required by the access […]
ISO 27001: Understanding Security Roles and Responsibilities and Why They Are Vital to the Success of Your Security Program
When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can read our whitepaper on the ISO […]
Unless you are part of senior management the closest most of us come to the Board of Directors (BODs) or executives is reading their Ivy League bios on the company website. But a good consultant knows the way to your bosses heart is by making the BODs very happy. The good news is making the big-whigs happy isn’t that hard – you […]
Image courtesy of Kiplinger.com
I never tell anyone that I am an “auditor”. Usually the word “auditor” conjures up images of the IRS knocking at your door asking for money. Besides, “auditor” hardly scratches the surface of what any good IT auditor does for his company.
For me, I market myself as a consultant. Most […]
IT Geeks don’t always make for good auditors…
I like most my time spent blogging on R3S to focus on Information Technology and Security. As an Information Systems auditor, my IT/IS knowledge definitely makes me stand out against many of my peers in public accounting. With that being said, today I’d like to […]
A recent study by Symantec revealed that “together human errors and system problems account for 64 percent of data breaches”. This further reinforces the point I made in my last post that it is vital that companies train their employees.
To help drive that point home we have created a free information security training […]
The most vulnerable asset in any company isn’t the network or the application – it is the people. People, being the imperfect beings we are, may forget passwords, forget to lock computers, or fall victim to social engineering hacks. Studies repeatedly show that adults willingly open malicious emails, give away personal information over the […]
“I.T. Auditors don’t know anything about I.T.” – Anonymous Client
On the first day of almost every project I have ever been involved with I have had to overcome the perception that as an “Auditor” (I prefer Consultant because I’m usually there to do a lot more than just audit) I lack any understanding of technology. From a client’s […]