When developing business continuity plans, businesses should understand that they actually need two documents: an incident response plan and a disaster recovery plan. Having an incident response plan means your organization is prepared for possible information security incidents such as a data breach, a system outage, or a security breach.
In today’s complex regulatory environment, organizations need to maintain compliance with numerous regulations. Two important cybersecurity-related compliance standards in the United States are the Federal Risk and Authorization Management Program (FedRAMP) and the Federal Information Security Management Act (FISMA). Although these two regulations do have similarities, they have several notable differences as well. This post will explore where FedRAMP and FISMA do, and don’t, overlap.
The PCAOB published fresh guidance last week about how auditors should handle evidence supplied by others to help the auditor assess financial statements, important performance or valuation metrics, and, well, all the other stuff that can go into an audit report these days.
Companies around the world have experienced tremendous changes. For publicly traded companies, those changes can bring new considerations into the frame for your Sarbanes-Oxley risk assessment. Shifts in strategy plans and a new remote, paperless way of operations could require major updates in your SOX compliance program. In this post we’ll discuss Sarbanes-Oxley in detail and outline a step-by-step method to perform the SOX risk assessment effectively.
Nothing beats a good horror story… especially not when you talk about software development and security. I mean, what could possibly go wrong when you develop software???
The journey for someone to the role of Chief Information Security Officer (CISO) isn’t often straightforward. Take Sandy Dunn, for example. Per SailPoint, Sandy started as a paper delivery kid at 10 years old. She then worked her way through software sales, insurance, and even horses before becoming the CISO of a health insurance provider in Idaho. All these “entry-level” jobs share one thing in common.
Grooming is a method of establishing a connection with a person to perpetrate a crime against them. Grooming is becoming more common in fraud, both online as well as in interpersonal interactions. What’s more, scammers are getting more sophisticated in their techniques. There is a mistaken belief that scammers are forceful, arrogant, and therefore easy to spot, but many play a long game, carefully and patiently grooming the victim before asking for money.
With each passing year, our digital lives grow in size and complexity. We open new accounts and place more value on the ones we log into and use every day. The trend has led to a rise in digital estate plans – a handover that ensures your friends and family members can take over your most precious accounts after you’ve gone.
A few hours ago, an npm package with more than 7 million weekly downloads was compromised. It appears an ATO (account takeover) occurred in which the author’s account was hijacked either due to a password leakage or a brute force attempt (GitHub discussion).
Almost everybody in this world uses the Internet. Some use it for work, some for education, some to stay connected with the world and their loved ones, some for shopping, and some use it to browse the world wide web in their leisure time. DNS Hijacking or DNS redirection attacks are a widespread security threat many DNS servers face in today’s modern digital world.
