IT Risk Blog | The official blog of risk3sixty


Articles, Posts, and Insights into IT Audit, Cyber Risk, IT Compliance, and Information Security

Business Continuity Planning: It Takes a Village

  Business Continuity Planning (BCP) and Disaster Recovery are essential tools for organizations of any size and maturity level; but what may not be apparent is the appropriate amount of resources required to ensure organizations are prepared with an effective BCP. All too often, the task of constructing and maintaining the organizations Business Continuity Plan[…]

Vulnerability Management Makes it Harder to for Hackers to Exploit Your Systems

From a penetration tester’s perspective, there are a few things that quickly indicate an organization’s maturity (and the likelihood our team will be able to exploit their environment). If any of these exist, the chance we will be able to successfully breach their environment increases: Indicators a Hacker Can Breach Your Systems Aging Infrastructure One[…]

ISO 27001 Path to Certification: The Business Case for ISO 27001 Implementation (Whitepaper Part 1 of 3)

Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a result, Management and Leadership must take steps to proactively mature their information security posture. A great place to begin (or continue) maturing your security environment is through the implementation of a security framework such as ISO 27001. If you are[…]

Diversion Tactics: Using Vulnerable Windows Servers to Fool Hackers

Windows Servers are practically irresistible to hackers everywhere. This makes the lone Windows Server a perfect candidate for a honeypot. In this post we explore how to use a Windows Server to divert a hacker’s attention from what matters than by giving them what they think is an easy win!

Penetration Test Engagement Types: A Comprehensive Guide to Defending Against Real-World Attackers by Simulating Real-World Attacks (Whitepaper)

  Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a  result, Management and Leadership must take steps to proactively identify and resolve security vulnerabilities to protect company value. A great place to begin (or continue) maturing your security environment is through penetration test activities. Penetration tests can be a[…]

Pacesetters Awards: risk3sixty named Top 100 Fastest Growing Companies in Atlanta

  On April 25, 2019, join risk3sixty and other great Atlanta companies where the Atlanta Business Chronicle will release its annual ranking of Atlanta’s Fastest-Growing Private Companies (Pacesetters). To qualify, a company must be privately held; based in metro Atlanta area and not a subsidiary of another company; established first quarter 2016 or earlier (to judge[…]

Understanding Phishing and How to Stop the Scam

Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source. Low level[…]