IT Risk Blog | The official blog of risk3sixty


Articles, Posts, and Insights into IT Audit, Cyber Risk, IT Compliance, and Information Security

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report?

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report.  Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.

Beyond Vulnerability Scans: Mitigating and Monitoring for Malware Leveraging C2 Systems

Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is[…]

Securing Enterprise Networks with Port-Based Network Access Control

One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls. Shutting down unused ports is the traditional mitigation. Still[…]

Simplified Guidance on Developing a Cyber Security Baseline for the CIO and CTO

Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.

How We Measure Candidates at risk3sixty

  Business boils down to one thing: People People are the most challenging (and rewarding) part of a successful business. And I mean the full lifecycle of employee experience. You have to do a great job recruiting, making hiring decisions, then training people better than anyone else, creating a culture where people want to stay,[…]

Analyzing Your Attack Surface Like A Hacker

When most people think of hacking, they think of what Hollywood portrays. In a dark basement, a hooded, perhaps tattooed outcast rapidly types nonsensical keystrokes at a flashy computer monitor for several seconds before snidely muttering, “I’m in.” By that representation, the hacking process seems pretty straightforward: find a vulnerability, exploit it and ride off[…]

What is the Difference between SOC 2 Type I and SOC 2 Type II?

If your clients or prospects have requested a SOC 2 report, obtaining a SOC 2 report typically follows a three step process. Step 1: Readiness Assessment A readiness assessment helps your organization prepare for a SOC 2 audit. Used for internal purposes, this assessment provides your organization with a roadmap to prepare for a SOC[…]

Mapping California Consumer Privacy Act (CCPA) with GDPR (Whitepaper)

Many organizations are bracing for the recent wave of Privacy regulations announced this year. In May, GDPR became enforceable, then in June California passed the California Consumer Privacy Act (effective starting 2020).  These landmark regulations provide new privacy requirements for businesses collecting and/or processing data. The purpose of this whitepaper is to compare requirements under[…]