When's the Right Time for an Open Source Audit?

How much do you really know about your open source usage? Can you identify what open source components you’re using? How about which licenses are in play and whether you’re compliant? Do you have a good sense of how many open source security vulnerabilities are in your code base and how to remediate them? Chances are, if you’re like most organizations, you can’t answer all of these questions.


A Checklist for Preparing for Your Organization's Next PCI Audit

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI compliant. More than that, they must ensure they’re prepared for when auditors come knocking on their door.

OIG's Office 365 audit checklist and how to prepare for it.

Over 80 percent of all federal agencies use Microsoft Office 365, Azure, and collaboration products such as SharePoint, Yammer, and Teams to serve their thousands of employees and contractors. Office 365 has many benefits including enhanced security, mobility, and reporting, but how can you be sure that you're staying compliant and protecting information for an Office of Inspector General (OIG) audit?

Audit Checklist for Social Compliance

A social compliance audit, also known as a social audit, is an effective way to determine if an organization is complying with socially responsible principles. Social compliance refers to how a company protects the health and safety as well as the rights of its employees, the community, and the environment where it operates in addition to the lives and communities of workers in its distribution chain and its supply chain.


Using Data and Automation to Help Engineering Teams Avoid Coronavirus

Nothing seems to unite humans more than this widespread virus epidemic. COVID-19, the current coronavirus, is top of mind for everyone right now – and it’s something we wish we didn’t have to think about. As cases grow, people are already thinking about ways to keep themselves, coworkers, friends and family out of harm’s way. The easiest answer is to limit the amount of travel and human contact. But, as they say in show business, the show must go on.


NERC CIP Audits: Top 8 Dos and Don'ts

My time at NERC had me involved with quite a few projects over my seven-year career there. I was involved with CIP compliance audits, investigations, auditor training, and many advisory sessions. Typically, I was advising entities across North America on different tactics, techniques, and insight from best practices I have seen. I wanted to share a few of the dos and don’ts during my experience out in the field.

Using Big Data In Auditing And Analytics

In a business environment characterized by repeated slow growth, uncertainty, and disruption, organizations face bigger challenges than ever in creating sound risk management strategies.For many firms, analytics and auditing are crucial to maintaining an agile, profitable, and competitive framework.

Preparing for an ISO 27001 and 27002 Audit

Getting your certification for ISO 27001 is a complex and time-consuming endeavor. But for many organizations, it’s worth the effort. That’s because ISO 27001 is the international standard for Information Security Management System (ISMS). Being able to say you’re “ISO 27001 certified” tells stakeholders that your organization is serious about protecting the security and privacy of their information.

Introduction to the Automation Portal

The Automation Portal is an easy to implement self-service front end for your automation solutions. It offers a versatile interface without the lengthy list of prerequisites required by many other self-service portals available today. The Automation Portal ethos is to “keep things simple and flexible”. The portal has been designed to complement existing Automation platforms. The Automation Portal has been designed with System Center Orchestrator and Azure Automation in mind, however it equally complements any automation platform or scripting language that can read and write to the Automation Portal database.