Blog

Top 10 Ways to Prepare for Your SOC 1 Audit

by Tori Thurmond / May 20, 2024

If your customers rely on you to protect consumer information, chances are you may be asked to produce a SOC 1 audit report. A SOC 1 audit reports on the controls at an organization that are relevant to, or may affect, a client’s financial statements. This reporting framework is designed to demonstrate that an organization has proper internal controls and processes in place to address information security and compliance risks.…

An Earth Day Reminder: How to Take Care of Your Security Environment

by Tori Thurmond / April 22, 2024

Happy Earth Day! I hope you get to spend some time outside today to take in mother nature in all of her glory, but while I have you here, I want to discuss a different type of environment: your security environment. Just as with the environment around us, we have to take care of our organization’s security environment to keep our data healthy, happy, and, most importantly, secure. There’s are…

Threat Informed Defense (Part 1): Threat Simulation [A Webinar Recap]

by Tori Thurmond / May 20, 2024

Cyber threats pose significant risk to organizations worldwide, ranging from financial loss to reputational damage to operational disruptions. These ever-evolving threats can be intimidating, but with the right preparation, organizations can proactively mitigate risks and fortify their overall cybersecurity posture. One way to offensively protect your organization from the treat landscape is through threat simulation. This week, our VP of Pen Testing, Jason Rowland, kicked off our three-part Threat…

9 Best Practices for Using AWS CloudTrail in 2024

by Hannah Grace Holladay / April 16, 2024

Every user action can and should be tracked. On cloud platforms like AWS, user actions and service events interact with the platform’s management interfaces, whether with the web console or the API, which allows most things that happen in your cloud environment to be logged. The transparency provided by comprehensive logging is one of the cloud’s most consequential security and compliance benefits. Using logs allows you to record all processing…

Notes from the Field: CIS Control 16 – Application Software Security

by Greg Halpin / April 3, 2024

Recently, I’ve been working with a small Software as a Services (SaaS) company, and it quickly became clear they didn't have much in place by way of security. They didn't have a documented policy. They didn't do code reviews. New code releases were deployed on the fly. They didn't do secure scans of code or the web application. They didn't have a web application firewall (WAF). The application database was…

Top 10 Ways to Prepare for Your SOC 1 Audit

An Earth Day Reminder: How to Take Care of Your Security Environment

Threat Informed Defense (Part 1): Threat Simulation [A Webinar Recap]

9 Best Practices for Using AWS CloudTrail in 2024

Notes from the Field: CIS Control 16 – Application Software Security

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.