By:
Ryan Buckner
December 19th, 2024
These days, every organization has a security program to protect themselves from escalating attacks with growing sophistication. And while much of the focus centers on defending against outsider threats, an equally important component of any security effort is safeguarding against insider threats through effective employee awareness.
By:
Nate Kocan
December 17th, 2024
When committing to a SOC 2 examination—or any compliance initiative—one of the first questions that gets asked regards the necessary budget and time commitments. While this will vary among different organizations—depending on a few different factors—there’s also variance in the effort required to both prepare for that first examination and that spent on the ones in the following years.
By:
KRISTEN WILBUR
December 16th, 2024
Having seen the introduction of the EU AI Act, ISO 42001 (which regards certifications of artificial intelligence management systems), and the Digital Operational Resilience Act (DORA), 2024 was a busy year for international compliance directives and standards.
FedRAMP | Penetration Testing | Red Team Assessments
By:
Clint Mueller
December 16th, 2024
Since the beginning of 2024, FedRAMP Revision 5 has mandated that organizations not only perform traditional penetration tests, but also undergo comprehensive red team engagements. This new requirement reflects a broader emphasis on assessing not just technical vulnerabilities, but also the effectiveness of an organization’s overall security posture, including it’s response to sophisticated and realistic threats. Over the past year, we’ve conducted many red team exercises, each tailored to different organizational environments and threat landscapes. These engagements have varied significantly in scope and complexity, offering us a wealth of insights into both our successes and the challenges we’ve faced.
By:
Schellman
December 11th, 2024
TAMPA, Fla.--(BUSINESS WIRE)-- Schellman & Company, LLC, a leading provider of attestation and compliance services and top 50 CPA firm, is pleased to announce the carve-out acquisition of the Third-Party Risk Management (TPRM) practice from Connor Consulting. This deal marks another significant milestone in Schellman’s strategic growth through acquisitions and its dedication to delivering tailored, independent compliance and governance assessments.
By:
Salvatore Butera
December 10th, 2024
Across the current digital economy, more and more are going passwordless—with tech conglomerates like Apple, Microsoft, and Google leading the way, organizations are pivoting to other cybersecurity solutions to better secure information and simplify workflows. But replacing passwords with alternatives successfully also means accounting for extended related factors—including those that could impact your PCI DSS compliance.
ISO Certifications | Artificial Intelligence
By:
Danny Manimbo
December 9th, 2024
Since the release of ISO 42001 in late December 2023, it’s been a year of discovery and education regarding this new flagship artificial intelligence (AI) standard in terms of determining its applicability, use case(s), and benefits to organizations. For those who have since determined ISO 42001 is the right framework for them, the next step has been to prepare for certification, and that involves more than a few steps.
By:
Doug Stonier
December 6th, 2024
When deciding to take on a new compliance initiative, one question that often gets asked is whether or not work done for prior assessments can be leveraged to save time or money. For those who have pursued FedRAMP Authorization and now wish to go through IRAP—both frameworks that must be adhered to as a means to do business with two different governments—the good news is that your experience with FedRAMP will provide a solid foundation for IRAP.