Personal Cybersecurity Safeguard Checklist (Whitepaper)

In a world where society increasingly relies on information technology and the internet to pay our bills, secure credit, and pursue education endeavors and our careers, it has become more important than ever to educate ourselves on the risks associated with using information technology and take proactive measures in protecting our identity, personal information, electronic[…]

Five Ways to make the Board of Directors and Executives Very Happy

Unless you are part of senior management the closest most of us come to the Board of Directors (BODs) or executives is reading their Ivy League bios on the company website. But a good consultant knows the way to your bosses heart is by making the BODs very happy. The good news is making the big-whigs[…]

I Hate My Auditor: Building Better Client Relationships

I never tell anyone that I am an “auditor”. Usually the word “auditor” conjures up images of the IRS knocking at your door asking for money. Besides, “auditor” hardly scratches the surface of what any good IT auditor does for his company. For me, I market myself as a consultant. Most of my time goes[…]

Key Characteristics of an Effective Information Systems Auditor

I like most my time spent blogging on R3S to focus on Information Technology and Security. As an Information Systems auditor, my IT/IS knowledge definitely makes me stand out against many of my peers in public accounting. With that being said, today I’d like to shift gears a bit and explore what I think it[…]

Free Information Security Training Materials (Exam and Acknowledgment Forms Included)

A recent study by Symantec revealed that “together human errors and system problems account for 64 percent of data breaches”. This further reinforces the point I made in my last post that it is vital that companies train their employees. To help drive that point home we have created a free information security training package[…]

Designing an Effective Information Security Training

The most vulnerable asset in any company isn’t the network or the application – it is the people. People, being the imperfect beings we are, may forget passwords, forget to lock computers, or fall victim to social engineering hacks. Studies repeatedly show that adults willingly open malicious emails, give away personal information over the phone, and[…]

I.T. Auditors are Worthless: How to Establish Credibility with the I.T. Guy (or Gal)

“I.T. Auditors don’t know anything about I.T.” – Anonymous Client On the first day of almost every project I have ever been involved with I have had to overcome the perception that as an “Auditor” (I prefer Consultant because I’m usually there to do a lot more than just audit) I lack any understanding of technology. From a[…]

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically the passwords will be cryptographically hashed. Hashing a password is the process of taking a string of any length (the password in[…]