Cyber security visibility, assurance and audit has never been more important – a perfect storm of increased risk and hampered delivery are weighing heavily on security audit teams.
Read More
The Financial Reporting Council (FRC) is responsible for corporate governance, reporting and audit in the UK and has been consulting on the role of technology in audit processes.
Read More
Traditionally, security audits have been imposed on organisations by third party assessors, either for regulatory or compliance purposes and may result in significant findings that indicate security vulnerabilities, issues or deficiencies that require attention. For many, audits are activities on their annual compliance roadmap, often causing frenetic activity before the assessment start date, then bated breath while the assessor scrutinises systems and controls. For external compliance, and based on where this approach originated, annual financial auditing is suitable; however, applying this approach to cybersecurity leaves businesses exposed to unnecessary information risk.
Read More
Cyber hygiene is a relatively new term to describe the basic security practices everyone should be doing to ensure their organisation remains safe from common security threats. Yet even these most basic security controls are often neglected or not implemented correctly, unduly leaving the business exposed to risks they could easily counter.
Read More
This blog post “CMMC – Monitoring Privileged Users” is the ninth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.
Read More
The pandemic is currently ravaging people’s lives and the economy across the world. Cyber security and audit professionals, and their roles, included.
Businesses are walking a narrower financial tightrope than ever before, balancing cost cutting, with human resources, lost business and diminished profits.
Read More
Cyber maturity assessments provide vital insights into an organisation’s ability to protect its information assets and defend itself against cyber threats. However, they are time consuming, labour intensive and often difficult to execute – particularly when most staff are working from home and site visits are restricted. This blog post explores the elements of the process that present the biggest challenges and how security audit technology can help you overcome them.
Read More
This blog post “CMMC – Cybersecurity Risk Management’’ is the eighth in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.
Read More
The need for assurance in supply chains and third parties is well-recognised in cyber security. It is common to exchange data – often sensitive – with third parties, and to rely on them for aspects of service delivery or the undertaking of key business functions.
Read More
How is the Australian Government doing in its efforts to defend itself from cyber threats? Are key strategies and advisories being implemented and operating effectively? The newly released ‘Commonwealth Cyber Security Posture in 2019 Report to Parliament’ (CCSP2019) provides information and visibility into the efforts of the Australian Cyber Security Centre (ACSC) and Attorney-General’s Department (AGD) as to the readiness of Commonwealth entities to respond to the country’s cyber threat environment.
Read More