Main Menu
  • Filter:
image
Blog

How Secure Are Your Vendors?

The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being...

image
Blog

CMS May Want Their Money Back

The old adage ‘Money can make you do crazy things’ can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered...

image
Blog

What You Need to Know About Cyber Regulations

Everyone hears about cyber risk, but not everyone is aware that that the federal government is taking steps to help protect public companies and investors from malicious hackers. Recently, the...

image
Blog

Better, Faster, Cheaper? What Audit Clients Should Expect from Next Generation Audits

The auditing profession is understandably shaken by the impact of automation on audit services. A substantial portion of what we as auditors do now as auditors can and will be...

image
Blog

Will the FDA Strengthen Cybersecurity Requirements for Medical Devices?

Earlier this year, the FDA released guidance for Postmarket Management of Cybersecurity in Medical Devices. While many agree that the recommendations will help guide developers and manufacturers, these are still "non-binding"...

image
Blog

Four Steps to Managing Vendor Security

Target. Home Depot. Wendys. The stories of significant cyber breaches are in the headlines every day. Board members and CEOs are growing more and more concerned about cyber risk management...

image
Blog

Breaking Bank: Episode 3

Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure. However,...

image
Blog

Breaking Bank: Episode 2

Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected. We were introduced...

image
Blog

Cybersecurity: Are You the Gazelle at the Back of the Herd?

In response to the headline breaches plaguing organizations across the globe, there have been numerous solutions and recommendations that have gained popularity in the fight to combat cyber-crime. New security...

image
Blog

Cyber SOC – What Board Members Need to Know

The AICPA has issued its much awaited standard on cyber security. The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security. In the...

image
Blog

President Trump's Cybersecurity Executive Order: What You Need to Know

Last weekend’s global cyber-attack shocked a lot of us due to its size, scope and impact. As news broke of the attack around the globe, each story was more concerning...

image
Blog

Breaking Bank: Episode 1

I don’t know about you, but I’ve read a lot of content-filled, factually intense cybersecurity articles over the past few months. I’ve read so many that I begin hearing similar...

image
Blog

SOC for Cybersecurity: What Does this Mean for Your Business?

The American Institute of Certified Public Accountants (AICPA) finalized the guidance for Systems and Organization Controls (SOC) for Cybersecurity reporting this week. This guidance gives organizations guidelines on how to...

image
Blog

Teamwork Makes the Dream Work

I grew up in Birmingham, Alabama and throughout my childhood I played a lot of sports. I played anything from basketball, to soccer, to pickup games of kickball and baseball...

image
Blog

SSAE 18 and Your Company's SOC 1 Audit

For the purposes of this article, we’ll be entirely focused on SOC 1. Look for future blogs related to the impact of SSAE 18 on your SOC 2 and 3...

image
Blog

Audit Risk in Penetration Tests: What You Should Know

Cyber risk is prevalent in almost every business today. Any business which has a web page, keeps information online, or uses the cloud is at risk for a cyber breach....

image
Blog

R.I.P. VCRs: Lessons in Disruption for the Audit Industry

I was shocked to learn the last VCR rolled off the assembly line in July 2016. I remember my family buying our first VCR – the magic of being able...

image
Blog

Vendor Management: Ignore at Your Own Risk

In this busy, ever changing business world, management has so many things to worry about that some key business responsibilities often get overlooked. One key area that is front and...

image
Blog

FFIEC Cybersecurity Assessment Tool Frequently Asked Questions

This past month the FFIEC issued a statement to provide clarification on several questions the FFIEC recieved for the Cybersecurity Assessment Tool (CAT). Since the release of the CAT and...

image
Blog

GAO Audit: Can We Learn From Their Mistakes

The old saying “if it ain't broke, don’t fix it” immediately came to mind as I began to look at the audit report from the Government Accountability Office regarding Federal Agency...

image
Blog

Under the Surface Cyber Risk

Part of my role as a Cyber Risk Analyst is to help companies think through their cybersecurity threats. Like most threats, they lie under the surface and most of the time remain unseen...

image
Blog

Where is Your Data? Why Performing a Data Inventory is Integral for Companies in this Digital Age

There’s no denying that the days of printed documents are a distant speck in the rearview. Industries are becoming much more reliant on automated systems and processes versus the manual...

image
Blog

AICPA Exposes Guidance for Cybersecurity Risk Management Examinations

The American Institute of Certified Public Accountants (AICPA) recently released two exposure drafts on criteria for cybersecurity. The first Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk...

image
Blog

Alphabet Soup: Understanding the Qualifications of Risk Management Professionals

You’ve just gotten an email from a potential vendor looking to make a connection. In their signature, following their name is a list of five abbreviations, all intended to make...

image
Blog

How InTREx Changes Audits

On June 30th, 2016, the FDIC announced that the Information Technology Risk Examination (InTREx) Program would be replacing the existing Information Technology Risk Management Program (IT-RMP) effective July 1st, 2016....

image
Blog

4 Tips for Password Management

With the recent high-profile social media account hacks, it has become apparent that password management is a challenge for users that has not been adequately addressed. After all, if the...

image
Blog

Key Takeaways From the FFIEC Joint Statement on Cybersecurity

This past week the FFIEC issued a statement advising financial institutions to actively manage the risks associated with interbank messaging and wholesale payment networks. The FFIEC warned financial institutions to...

image
Infographic

Data is the New Currency

It’s not if a breach will occur, it’s when.  Where should you look for vulnerabilities?  What should you do?