IT Risk Blog | The official blog of risk3sixty


Articles, Posts, and Insights into IT Audit, Cyber Risk, IT Compliance, and Information Security

ISO 27001 Path to Certification: The Business Case for ISO 27001 Implementation (Whitepaper Part 1 of 3)

Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a result, Management and Leadership must take steps to proactively mature their information security posture. A great place to begin (or continue) maturing your security environment is through the implementation of a security framework such as ISO 27001. If you are[…]

Diversion Tactics: Using Vulnerable Windows Servers to Fool Hackers

Windows Servers are practically irresistible to hackers everywhere. This makes the lone Windows Server a perfect candidate for a honeypot. In this post we explore how to use a Windows Server to divert a hacker’s attention from what matters than by giving them what they think is an easy win!

Penetration Test Engagement Types: A Comprehensive Guide to Defending Against Real-World Attackers by Simulating Real-World Attacks (Whitepaper)

  Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a  result, Management and Leadership must take steps to proactively identify and resolve security vulnerabilities to protect company value. A great place to begin (or continue) maturing your security environment is through penetration test activities. Penetration tests can be a[…]

Pacesetters Awards: risk3sixty named Top 100 Fastest Growing Companies in Atlanta

  On April 25, 2019, join risk3sixty and other great Atlanta companies where the Atlanta Business Chronicle will release its annual ranking of Atlanta’s Fastest-Growing Private Companies (Pacesetters). To qualify, a company must be privately held; based in metro Atlanta area and not a subsidiary of another company; established first quarter 2016 or earlier (to judge[…]

Understanding Phishing and How to Stop the Scam

Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source. Low level[…]

Security Due Diligence: An Analysis of Security in the Sales Cycle for Companies Serving the Banking Sector (Whitepaper)

Studies performed by the Ponemon Institute linked 56-59% of security breaches to third parties. At the same time, companies are increasingly leveraging specialty service providers to perform critical business functions. Combined, third-party risk is being elevated to the board level and banks are scrambling to manage their vendor-related risks. The net result for service providers[…]

Cloud Companies Can Conquer GDPR with ISO 27018 Certification

Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?”  With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report?

Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report.  Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.