Organizations continue to face an ever-growing number of cybersecurity threats. As threats become more sophisticated and advanced, it is critical to protect the network and sensitive data. Two tools that can aid in safeguarding your network and data are an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS). They both play important roles […]

On March 11, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) introduced a new form for secure software development attestations. After working closely with various industry groups, a standard form was released to make certain software companies working with the federal government use basic secure development methods […]

I was recently working with an organization where I saw firsthand how complicated access management can become without a proper role-based access control (RBAC) method. The organization had been assigning granular permission assignments to users in a very manual way. When a new employee was onboarded, they would often clone the permissions of a similar […]

On July 25, 2024, the White House Office of Management and Budget (OMB) released M-24-15, “Modernizing the Federal Risk and Authorization Management Program (FedRAMP)” which outlined four strategic goals, one of which related to FedRAMP authorizations: “Rapidly increase the size of the FedRAMP Marketplace by evolving and offering additional FedRAMP Authorization Paths.” As part of […]

The AICPA Auditing Standards Board issued Statement of Quality Management Standards (SQMS) No. 1 in June 2022 for CPA firms having an accounting or auditing practice, with an effective date of December 15, 2025.  SQMS No. 1 supersedes Statement on Quality Control Standards No. 8, A Firm’s System of Quality Management. As a reader of […]

Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. In 2024, several high-profile data breaches exposed sensitive information, highlighting the ongoing struggle to protect PII, PCI, and PHI. In March, AT&T was breached, compromising data from 7.6 […]

With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.

To the untrained eye, terminations may seem like a straightforward process; in reality, managing this process is more like herding cats. The offboarding process varies from company to company, involves multiple departments, relies on strong lines of communication, and requires accountability from the parties involved. At a high level, the termination process consists of the […]

Artificial intelligence (AI) is no longer a term; it plays a crucial role in driving innovation across many industries. However, effectively utilizing AI requires managing the risks associated with it. This is where ISO/IEC 42001:2023 steps in—a standard crafted to aid organizations in handling AI-related risks and guaranteeing the security, ethics, and reliability of their […]

Many organizations do a tabletop test each year of their Incident Response (IR) or Business Continuity/Disaster Recovery (BC/DR) plan to evaluate its effectiveness and make sure it’s current. While tabletop is generally the weakest form of testing and has some significant limitations, there are some things that can be done to make it a better […]