How to Effectively Communicate Your Security and Compliance Story to Prospective Clients and Business Partners

I read an article last week about Wal-Mart forcing some of their vendors off Amazon’s cloud. Wal-Mart has an incredible amount of leverage over their vendors so my guess is that most SaaS providers probably went along with Wal-Mart’s request. This type of thing isn’t uncommon in the world of vendor management. I have personally[…]

What SOC 2 Updates to COSO 2013 Mean for You (Whitepaper)

Beginning December 15, 2018, (with optional adoption beginning April 2017) all SOC 2 reports will be required to utilize the updated Trust Services Criteria. The updated trust services criteria are an update to align with the seventeen COSO 2013 framework principles. Key Updates + Updates to SOC 2 Criteria to align with 17 COSO 2013[…]

Wannacry Ransomware & Mitigation Steps

A major cyberattack took place this past week. The attack impacted organizations in over 100 counties including the British National Health Service, FedEx, Spanish telecom company, Telefónica, and multiple universities in Asia. The culprit is the Wannacry ransomware worm. The worm is most commonly introduced through infected email. When the user clicks on the infected[…]

How a Better IT Risk Assessment May Change Your Thoughts on the Traditional Gap Analysis

Does your company perform a risk assessment? If you said yes, what did you mean by “risk assessment”? I ask because often when people say “risk assessment” they are thinking “gap analysis”. As an IT auditor sometimes our instinct is to select our favorite security framework (probably ISO 27001 or NIST 800-53) and begin identifying gaps in the control[…]

Developing an IT Audit & Security Plan for Microsoft Office 365

Our team was recently tasked with developing an audit plan for Microsoft Office 365. While there are plenty of tools available to assist organizations with performing ongoing audits of user privileges and object permissions in Microsoft Office 365, we were hard pressed to find any solid thought leadership on auditing Office 365 beyond user and[…]

Prominent Fortune 500 Technology Executive and Entrepreneur, Robin Bienfait, Joins risk3sixty LLC Advisory Board

Our team is very excited to announce that Robin Bienfait has joined the risk3sixty advisory board. Background Two years ago we had the pleasure of meeting Robin at Geogia Tech where she was giving a presentation on technology, innovation. and leadership. Since then we have exchanged many ideas about the future of entrepreneurship, technology, information[…]

Symantec, Illegitimate Certificates & Why We Should Care

In 2015, Symantec was caught issuing improperly signed cryptographic certifications which could be used to break HTTPS and put internet users at risk. Some of the improperly issued certificates were issued to Google owned domains, which if used maliciously, could allow for impersonation of HTTPS protected Google websites. Understandably, Google was very upset and responded[…]

We Started a Business – Our IT Audit Blog is Still Going Strong

This update is long overdue, but we started a business! After two years of blog posts we decided to take the leap and make risk3sixty a full fledged consulting company. Specifically, focusing on world-class IT Audit, Cyber Risk, and Compliance PMO services. After talking to many of our clients and colleagues we realized the world[…]