Developing an IT Audit & Security Plan for Microsoft Office 365

Our team was recently tasked with developing an audit plan for Microsoft Office 365. While there are plenty of tools available to assist organizations with performing ongoing audits of user privileges and object permissions in Microsoft Office 365, we were hard pressed to find any solid thought leadership on auditing Office 365 beyond user and[…]

Managing Changes in the Manufacturing Environment

Engineers face unique problems when it comes to making changes to equipment on the manufacturing floor. Not only are there large (and expensive) components which have to be precisely installed and tested, but from a programming perspective, engineers also have to manage the PLC (Programmable Logic Controller). The PLC, like source code, contains the specific[…]

Change Management: How to verify population completeness

As a brand-new auditor I remember receiving giant text or excel files full of data I couldn’t decipher. Inside the file would be hundreds (or more likely thousands) of line items. I was too naive and not confident enough to question what the client had provided – so I accepted it without asking a single[…]

SCRUM Development Explained in 10 Minutes

Scrum is a software development framework for managing source code development. Scrum breaks down large projects into more manageable chunks that can be developed and tested individually. Breaking larger projects into component projects aids in the efficiency and quality of product development by setting short term goals that ultimately add value to the larger product. As[…]

Change Management: Externally Initiated Changes & Control Environment

As previously discussed, there are three key change management life cycles that exist within most organizations: 1. Internally Initiated Changes – Changes that are internally initiated and controlled (i.e., periodic software updates, scheduled patches, request from employees, etc.) 2. Externally Initiated Changes – Changes that are initiated from entities outside the company – typically by[…]

Change Management: Internally Initiated Changes & Control Environment

The Change Management Process (a.k.a CMLC) is one of the most vital processes for any IT Auditor or Security professional to understand when assessing an organization’s risk universe. In general, there are three key change management life cycles that exist within most organizations: 1. Internally Initiated Changes – Changes that are internally initiated and controlled (i.e.,[…]