Network Security Audit Checklist

Written by
Published 08/04/2020

Every company that uses computers and the Internet should be concerned about information security and particularly, network security. The number of threats each company faces is growing every day.   Whether it’s SPAM, malware, spyware, phishing or virus threats or users who walk out the door with proprietary information or sensitive data, the threat and risks are potentially damaging and costly for that company. To prevent issues from occurring, regular network security checks should be performed, no less than once a year.  The more complex a network is, the more complicated the security audit will be, but regardless, it’s extremely important whether you’re a large or a small company.   A network security checklist helps to facilitate that.    What Is A Network Security Audit?  A Network Security Audit is an audit of all your network systems to make sure that potential security risks are…

Categorized in:

How to Comply with the Sarbanes-Oxley (SOX) Act

Written by
Published 07/28/2020

Compliance with the Sarbanes-Oxley Act of 2002 is a legally mandated must for all U.S. public companies and some other entities, as well. But meeting the requirements of  this important law can be incredibly difficult. Preparing for a SOX compliance audit requires so much work that companies often designate entire teams full-time to the task. The law is that complex. Each of its 11 sections delivers a different mandate covering oversight, auditor independence, corporate responsibility, financial statements, annual reports, and more. At the heart of it all is security.  Noncompliance is not an option. The federal Securities and Exchange Commission (SEC) enforces SOX with steep penalties: up to tens of millions in fines for the organization and 20 years in…

Categorized in:

Experience ZenGRC at Black Hat 2020

Written by
Published 07/27/2020

Experience ZenGRC at Black Hat 2020 Reciprocity is excited to be a sponsor of Black Hat USA 2020! This year the event is virtual, but no less exciting. Stop by our booth to learn more about ZenGRC, our award-winning GRC software. Along with videos and downloadable content, our staff will be available to demo how you can simplify your infosec risk and compliance security program with these key product benefits: Minimized manual effort Shortened, simplified audit cycles Built-in risk management Increased visibility and reporting Direct integrations with critical third-party apps Of course we think ZenGRC is great, but don’t take it from us: ZenGRC wins gold in the SoftwareReviews awards for GRC (July, 2020) Reviews by members of the Info-Tech…

Categorized in:

What are the COSO Control Objectives?

Written by
Published 07/16/2020

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework goes back to the year 1992.  The industry was looking for an internal control framework, and the COSO Internal Control Framework was the answer. There are three COSO compliance disciplines, five internal control components, and 17 principles focused on internal controls. The COSO Framework cube is a visual representation of how all the components work together and relate to each other. The COSO model defines internal controls as processes that are influenced by an organization’s employees, management, and board of directors. The ultimate goal of the COSO Framework is to provide assurance that objectives have been achieved in the critical areas of operations, reporting, and compliance. The COSO framework…

Tags:
Categorized in:

6 Benefits of Internal Auditing

Written by
Published 07/14/2020

If you want confidence that your organization is meeting its core business goals, you need internal audits. If you want to save your organization time and money and keep everything running like a well-oiled machine, internal audits will help you get there. If you want to protect your enterprise against fraud and prevent fraudulent practices, internal audits are key. If you want to reduce risks to your operations, finances, cybersecurity, and other areas of concern, internal audits will tell you what you need to do and how to do it. If you want to make sure you’re following the laws, regulations, and standards that apply to your organization—and reduce your costs and hassle when external auditors test your compliance—you’ll want…

PCI Audit Interview Questions

Written by
Published 07/09/2020

The Payment Card Industry Data Security Standards (PCI DSS) defines the framework for protecting cardholder data. The framework was developed by the Payment Card Industry Security Standards Council (PCI SSC) and enables organizations to assess how well they are protecting cardholder data, training staff, and conducting PCI DSS audits.  PCI compliance and accepting credit cards go hand in hand. PCI DSS is a good baseline for any cybersecurity and information security program, regardless if they take credit cards. The PCI security standards council bases PCI DSS compliance on industry best practices and enables Qualified Security Assessors (QSA) to grant organizations PCI compliant status.  Most wonder, what does a typical PCI auditor interview look like? If you are choosing someone who…

Tags:
Categorized in:

July 2020: Compliance Certification Roundup

Written by
Published 07/02/2020

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our July 2020 roundup of compliance news from around the United States, and around the world. PCI Certification  PCI certification and compliance are two different, but related, designations. PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA). PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council. In June, the Qatar International Islamic Bank, Doha, Qatar, was awarded Payment Card Industry Data Security Standard v 3.2.1 (PCI-DSS) by SISA, a cybersecurity firm headquartered in Bangalore, India. Read more. In June, Invoiced, Austin, Texas,…

ISO 27001 Requirements Checklist: Steps and Tips for Implementation

Written by
Published 07/01/2020

ISO 27001 enables organizations of any size to manage the security of assets such as employee information, financial information, intellectual property, employee details, and third-party information.  ISO 27001 is primarily known for providing requirements for an information security management system (ISMS) and is part of a much larger set of information security standards.  An ISMS is a standards-based approach to managing sensitive information to make sure it stays secure. The core of an ISMS is rooted in the people, processes, and technology through a governed risk management program.  Many organizations follow ISO 27001 standards, while others instead seek to obtain an ISO 27001 certification. It is important to note that certification is evaluated and granted by an independent third party…

Tags:
Categorized in:

Strategies for Digital Risk Protection

Written by
Published 06/23/2020

No lock has ever been invented that was completely secure. If an intruder really wants to get in, they usually can find a way. And yet, most of us wouldn’t leave the door to our home, office, or automobile open or unlocked overnight. Security isn’t perfect, but it can act as a deterrent, helping to keep us and our belongings safe. The same is true in the digital realm. Cybercriminals work around the clock to infiltrate our home and business networks. And often—too often—they succeed. Sometimes, yes, the threat actor is a lone hacker with only a modicum of knowledge or experience looking for a way to make money fast. But organized crime and nation-states are increasingly turning to cybercrime…

How to Adjust Business Continuity Plans for COVID-19

Written by
Published 06/18/2020

Your business continuity planning (BCP) and disaster recovery (DR) and response plans may not suffice for the COVID-19 pandemic—or for any pandemic. Let’s face it: Many organizations found themselves woefully unprepared to deal with the effects of the novel coronavirus’s rapid, devastating spread. Many are still struggling. One reason for their problems: They had not included pandemic planning in their BCP/DR planning process, and so had no back-up plan to deal with a widespread, serious health care emergency. As a result, many were unprepared for public health and business operations disruptions including Absenteeism due to illness of employees or their family members Increases in sick leave payments A rapid shift to a telecommuting business model Losses of service providers and…

Categorized in: