The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
In the ever-evolving cybersecurity landscape, organizations continuously seek more robust methods to protect their digital assets. Traditional red team engagements, while effective, often lack the strategic depth needed to simulate real-world adversarial behavior. Enter TIDE – Threat Intelligence Directed Engagements – an innovative approach pioneered by Linford & Company, which integrates Game Theory and threat [...]
In modern software development, Continuous Integration and Continuous Deployment (CI/CD) pipelines are crucial for delivering high-quality software quickly and efficiently. However, these pipelines can become vulnerable points in the development lifecycle if not properly secured. Implementing robust security controls within the CI/CD pipeline is essential to managing the change process securely. Let’s explore the key [...]
It’s nearly impossible to read tech news today without encountering discussions about the cloud—and for good reason. Cloud computing has become an essential part of the modern technology landscape, making it hard to imagine a world without it. The ability to provision and manage networks, storage, and servers with just a few keystrokes is not [...]
It’s been discussed elsewhere what the Cloud Security Alliance is and what their CSA Security Trust Assurance and Risk (STAR) program entails. To summarize, the CSA STAR program provides a Cloud-focused alternative to the more traditional audits. It’s based on the CSA Cloud Controls Matrix (CCM) and offers multiple levels of certification/attestation and a flexible [...]
There are so many tools being released these days and for the most part, they aren’t cheap. But there is good news, the Cybersecurity & Infrastructure Security Agency (CISA) has assembled a group of free cybersecurity services and tools that most businesses can access. And no, you don’t have to be military affiliated. The goal [...]
In recent years, as the digital landscape has evolved with the growth of cloud-based environments and tools, SOC 2 Type 2 (also written as Type II) reports have emerged as a basis of trust and assurance for organizations and their stakeholders. But what exactly constitutes a SOC 2 Type 2 report, and why is it [...]
The HIPAA Security Rule places so much emphasis on the importance of risk analysis that it is positioned as the first requirement of HIPAA compliance. Yet, as we conduct HIPAA compliance gap assessments for organizations, it is rare to find that a formal IT Risk Assessment has been completed, and rarer still to find that [...]
In previous articles, we’ve covered what HITRUST® is and how to get HITRUST certified, but one very frequent question is, “What’s the difference between HIPAA vs HITRUST?” While they both relate to information security, and HITRUST initially began as part of HIPAA, they’re very different concepts. Let’s dive in. What Is the Difference Between HIPAA [...]
A backdoor was recently discovered in a critical open-source utility used by the two major Linux distributions which, had it gone undetected, could have caused immense damage. The people or entity behind the backdoor patiently waited years to create the right circumstances before inserting the vulnerability. Larger questions have been raised about securing software supply [...]
"*" indicates required fields
