The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
In today’s day and age, most organizations rely on vendors for portions of the services they provide or to assist with the security and integrity of their technology and data. Managing the relationships with these vendors is important, in addition to monitoring the ongoing performance of the services provided by these vendors. When pursuing a […]
Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO/IEC 27001:2022 certification.
With no shortage of regulations around data security and privacy, it’s no wonder that determining which regulations must be complied with and whether your company has compliance gaps can be a daunting task. Regulatory compliance is mandatory, but can be overwhelming. Where should you start? Perform a Risk Assessment Risk assessments are valuable tools for […]
In a post-COVID-shutdown world, hybrid and remote work has skyrocketed. Employee usage of personal devices, such as smartphones and tablets, for company work, is now commonplace and expected by employees. In many instances, employees can take advantage of the functionality of new smartphones to increase efficiency and productivity. Employees are happy because they get to […]
With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.
In the quickly evolving landscape of technology, maintaining the security and functionality of physical servers is imperative. Patch management is a critical component of this maintenance that involves updating server software to fix vulnerabilities, improve performance, and determine compatibility with other systems. Despite its importance, patch management is often loaded with risks that, if not […]
In the ever-evolving cybersecurity landscape, organizations continuously seek more robust methods to protect their digital assets. Traditional red team engagements, while effective, often lack the strategic depth needed to simulate real-world adversarial behavior. Enter TIDE – Threat Intelligence Directed Engagements – an innovative approach pioneered by Linford & Company, which integrates Game Theory and threat […]
In modern software development, Continuous Integration and Continuous Deployment (CI/CD) pipelines are crucial for delivering high-quality software quickly and efficiently. However, these pipelines can become vulnerable points in the development lifecycle if not properly secured. Implementing robust security controls within the CI/CD pipeline is essential to managing the change process securely. Let’s explore the key […]
It’s nearly impossible to read tech news today without encountering discussions about the cloud—and for good reason. Cloud computing has become an essential part of the modern technology landscape, making it hard to imagine a world without it. The ability to provision and manage networks, storage, and servers with just a few keystrokes is not […]
It’s been discussed elsewhere what the Cloud Security Alliance is and what their CSA Security Trust Assurance and Risk (STAR) program entails. To summarize, the CSA STAR program provides a Cloud-focused alternative to the more traditional audits. It’s based on the CSA Cloud Controls Matrix (CCM) and offers multiple levels of certification/attestation and a flexible path to those achievements. […]
