Jessica Kiel

Historically, an IT compliance audit involved a physical component. An auditor would visit your company headquarters, test the weight of the server room doors, look for security cameras, and verify badge readers. But what happens when your company is 100% remote? If there are no physical doors to lock and no office buildings to secure, [...]

Have you ever been through an audit and realized you are struggling to locate the latest version of a policy or your risk assessment? That minor delay for searching turned into time spent backtracking and duplicating efforts. It could have been a smooth review, but it spiraled into a scramble that could have been avoided [...]

A few years ago, during a SOC 2 audit for a mid-sized SaaS company, we noticed a gap: their patch management program looked solid on paper, but the execution was flawed. The client had a policy that mentioned monthly updates, a ticketing system for patch deployment, and even a patch management report that was presented [...]

It’s 2 a.m., and the team is on a call. A security vulnerability has just been flagged in the production system. Hackers are actively exploiting this flaw worldwide. The pressure is on: the system needs an emergency patch—now. Testing? There’s no time. Waiting for standard approvals? Not an option. But as the team scrambles, the [...]

In the quickly evolving landscape of technology, maintaining the security and functionality of physical servers is imperative. Patch management is a critical component of this maintenance that involves updating server software to fix vulnerabilities, improve performance, and determine compatibility with other systems. Despite its importance, patch management is often loaded with risks that, if not [...]

As security breaches (such as these HIPAA security breaches) become more common and costly, it is important to understand ways to prevent breaches. Recently, we came across a scenario where a company was not using a vulnerability scanner to scan their development environment for secret credentials, thus making the secret credentials not so secret. The [...]

Risk has become a popular topic and the questions that come with that is how does one address risk and then continue to monitor those risks. In other words, you have created your risk matrix, but what is next? This article will address those questions by explaining the linkage between risks and controls. The four [...]

The task of internal audit planning can be overwhelming and involve many individuals. Sometimes it is difficult to even know where to begin. In this article, we will break down a few of the common questions when it comes to an internal audit, elaborate on the key steps to the internal audit planning phase, and [...]