In today’s complex regulatory environment, organizations need to maintain compliance with numerous regulations. Two important cybersecurity-related compliance standards in the United States are the Federal Risk and Authorization Management Program (FedRAMP) and the Federal Information Security Management Act (FISMA). Although these two regulations do have similarities, they have several notable differences as well. This post will explore where FedRAMP and FISMA do, and don’t, overlap.

The PCAOB published fresh guidance last week about how auditors should handle evidence supplied by others to help the auditor assess financial statements, important performance or valuation metrics, and, well, all the other stuff that can go into an audit report these days.

Companies around the world have experienced tremendous changes. For publicly traded companies, those changes can bring new considerations into the frame for your Sarbanes-Oxley risk assessment. Shifts in strategy plans and a new remote, paperless way of operations could require major updates in your SOX compliance program. In this post we’ll discuss Sarbanes-Oxley in detail and outline a step-by-step method to perform the SOX risk assessment effectively.

In 1970, the world experienced its first “cyber attack” – What first started as a harmless joke, paved the way for a new wave of criminality - cybercrime. Since then, attacks have become more sophisticated with the use of malware, ransomware, and phishing attacks, among many others. In fact, according to Security Magazine, today’s hackers attack computers with Internet access every 39 seconds on average.

Vendor risk management (VRM) is the type of risk management practice assessing and mitigating business partners, third parties, or external vendors. This process is conducted before an entity enters into a business relationship and during the duration of the business contract with the vendor.

Vendor risk management (VRM) is rapidly emerging with ever-evolving cyber security strategies. As we hit the pandemic and try to manage critical operations in a remote work setup, each day, business entities challenge with the new security, privacy, and business continuity risks associated with their vendors.

Every day healthcare providers must undertake the nerve-racking task of complying with an increasing number of healthcare regulations. According to one report, the healthcare industry spends nearly $39 billion every year on the administrative burdens of regulatory compliance. Today healthcare organizations must comply with more than 600 regulatory requirements.

Someone in your organization gets an email with an attached document. The sender seems legitimate, but when they click on the link, it’s not what it claims to be. Soon your organization’s data is encrypted and you receive a message: pay a ransom to the attackers if you want the decryption key. You’ve just been the victim of a ransomware attack. Ransomware has become a major attack vector in 2021.

As we’ve all learned, often the hard way, amazing tech has introduced not-so-amazing risks: viruses, hacks, and leaks, to name a few. A data breach or cyber attack can happen at any moment, to individuals or businesses of any size – and attackers do not discriminate.