Since the cards might feel a little stacked against the auditor at the cybersecurity table, let’s define a few Aces in the hand that you can use when you’re auditing cybersecurity and communicate helpful root causes and risks.
Latest Content From MISTI
Tackling GDPR means knowing where all your data reside, even if they're outside of your direct control. Here we take a look at how you can tackle this initiative even if you're a bit late given the time of year and when the regulation goes into effect.
Picking up where we left off in part one of this two-part series, here we discuss strategies to determine if findings really need RCA and tips for discussing RCA with the audit client.
SMBs can’t just throw up their hands at cybersecurity, despite a probable dearth of resources. Since most aren't likely to magically receive a multimillion dollar cybersecurity budget windfall, we've provided our top 6 tips for how to manage security on a limited budget.
Phishing attacks aren't going anywhere any time soon. In fact, these scams have only grown in popularity among attackers. This helpful article dispels the four common phishing myths to help employees and outside partners be even more adept at identifying these crimes.
If done well and communicated properly, reporting the root cause can be the glue your report needs to tie findings to the overall health of the company and create significant change for the business. This article provides some strategies to use in writing and communicating root cause in audit findings.
Security testing must be about more than finding vulnerabilities and remediating them. In this feature article we take a look at four proven ways that you can improve your security testing outcomes.
Drawing flowcharts can be time-consuming, but internal auditors can gain a wealth of information during and after preparing them. By following these suggestions the benefits will far exceed the costs.
When it comes to old or no-longer-useful corporate data, you can't just hit "delete." Effective electronic data disposal and destruction requires a much more pragmatic and centralized approach.
For security metrics to be relevant to the board of directors, security teams must tell the story of how those metrics are supporting business goals. How to accomplish this is no easy task.
In this interview featuring Bob Hirth, Chairman at COSO, he sheds light on the recent updates made to the COSO ERM framework, discusses what those changes mean for internal auditors, and advises on how to best leverage the framework.
What do running and your career in information technology/information security have in common? At first glance, not a whole lot. But with a couple of quick examples, I think we will find some similarities.