WordPress Website Security Hardening Checklist (Whitepaper)

WordPress websites make up over 20% of all the websites on the internet. If you have a WordPress website that’s both a blessing and a curse. WordPress’s popularity means that there is a whole community dedicated to making enhancements and ensuring it is secure. It also means that there are plenty of people willing and[…]

Five Ways to make the Board of Directors and Executives Very Happy

Unless you are part of senior management the closest most of us come to the Board of Directors (BODs) or executives is reading their Ivy League bios on the company website. But a good consultant knows the way to your bosses heart is by making the BODs very happy. The good news is making the big-whigs[…]

Top 10 IT Risk Frameworks and Resources

I have an entire folder full of risk frameworks that I draw from for inspiration when I’m performing a risk assessment or internal audit project. Here’s a few links that I hope you find helpful. If you have something useful not listed below please share in the comments! NIST Cybersecurity Framework Here NIST Cloud Computing[…]

Managing India’s Growing IT Presence

For the past two weeks I have been in Mumbai, India (Bombay) working on an IT security project. The trend of U.S based companies doing business in India is an ever growing phenomena, but comes with its own set of logistical and technology issues that must be carefully balanced with monetary savings. Here are some of[…]

Application Risk Management

Many large and medium sized businesses have the interesting problem of understanding and inventorying the various applications in use across diverse regions and departments. Without this clear understanding of how these applications are being used, who owns them, what type of data is stored inside, and the management of each application, CIOs and management’s ability[…]

How to Design the Perfect Audit Information Request List (and status tracker)

Any consultant or auditor will tell you that the most difficult part of the job is getting the right information from clients. That is why designing an effective information request list (a.k.a. PBC List) is so important. Oddly enough – it is also a skill that is never formally “taught” to new associates. So here’s[…]

Creating an IT Risk Dashboard in Excel

One of the most valuable tools in my “IT Audit Arsenal” is the ability to easily identify and communicate risk patterns with a Risk Dashboard. A Risk Dashboard helps drive decisions (like what projects you take on, where company risk resides) and has become an easy way to communicate status and progress reports to the[…]

Active Directory Management Tools

I always enjoy seeing the different tools used across different IT shops. In fact, one of the most common questions clients ask is what other companies are using to perform various functions in AD. So, today I figured I’d continue on with the Active Directory theme (started by Christian’s post regarding AD Admin accounts on Monday)[…]