A backdoor was recently discovered in a critical open-source utility used by the two major Linux distributions which, had it gone undetected, could have caused immense damage. The people or entity behind the backdoor patiently waited years to create the right circumstances before inserting the vulnerability. Larger questions have been raised about securing software supply […]

At Linford & Company, we fully understand that there are all sizes of companies that complete the kind of audits we do, which include SOC 1 (f. SSAE 16), SOC 2, HIPAA and royalty audits.

In November 2021, the Department of Defense (DoD) announced Cybersecurity Maturity Model Certification (CMMC) 2.0, a program meant to assess an organization’s cybersecurity program maturity. The CMMC program is designed to achieve the following goals: “Safeguard sensitive information to enable and protect the warfighter” “Enforce Defense Industrial Base (DIB) cybersecurity standards to meet evolving threats” […]

Any time we make “first contact” with someone who needs a HITRUST assessment there are always 3 overarching questions, “What is this going to cost?”, “How hard is this going to be?”, and the question I will be covering in this article – “How long is this going to take?” In the past, before the […]

A common concern being expressed by the general public and the United States government is the state of cybersecurity and the strength of the country’s ability to protect itself against a cybersecurity attack from within and without the United States. In response to this concern, the Department of Defence (DOD) has been working on the […]

How do companies keep track of who’s supposed to see what information? What if a disgruntled ex-employee still had access to sensitive files? Or a hacker could easily impersonate the CEO? Identity and Access Management (IAM) is the answer, ensuring the right people (and only the right people) get access to the right systems and […]

Large Language Models (LLMs) and Generative AI are cutting-edge technologies in the field of artificial intelligence that are rapidly evolving in the business landscape. LLMs are a subset of Generative AI, focusing specifically on language-related tasks. While related, LLMs refer to AI systems capable of understanding and generating human-like text based on large datasets. Generative […]

I’m sure you have heard the saying “trust, but verify” which has been a common theme in the audit world. The new saying for cybersecurity goes “never trust, always verify,” and that is the core of zero trust security. One of our clients was in the process of setting up a new environment for their […]

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control-Integrated Framework and the AICPA Trust Services Criteria are two control frameworks that are used to assess and improve the effectiveness of internal controls. While the COSO Principles are more general in nature, the AICPA Trust Services Criteria are more specific to outsourced service […]

During SOC readiness assessments, we are often asked about the key controls surrounding the security of assets in the cloud. Cloud patch management is a critical part of maintaining security, and the controls around this process will be reviewed in any cloud computing audit, like a SOC report. This article will provide guidance on creating […]