News and Insights

As many are aware, the PCI Council (the organization that publishes the PCI Data Security Standard), has been working on the next iteration of the PCI DSS, version 4.0.  This version will replace the current version, 3.2.1.  As version 3.2…

Over the last decade, data analytics has helped many internal audit organizations greatly improve the quality, depth, and coverage of their work all while keeping operating costs relatively flat.  Analytics can be utilized during the planning process by assessing risk…

The Dangers of Cattle in a Containerized Environment The growth of popularity of containerized, micro-services environments has arguably pushed us into a new age of computerization. Once we used to set up physical computers in physical data centers and configure…

In our previous post, we outlined how an Internal Audit department could utilize an analytical approach for their audits, the challenges encountered with starting an analytics program, and how the Cadence Analytical Framework could be leveraged in getting your analytics…

My best friend ran a car dealership for years and he observed that customers almost never bought a car without thoroughly inspecting and driving the vehicle. This makes sense. When making a purchase as large and expensive as a car,…

CSRF allows a malicious user to bypass the same origin policy and cause the victim of the attack to unknowingly perform the attackers desired action. CSRF was previously number seven in OWASP’s Top 10 vulnerabilities in 2017. It has since…

Whether you have been asked for a SOC 2 report or issued your first or recurring report – the verdict is clear. While providing a means of assessing and addressing risks related to the AICPA Trust Services Criteria for Security,…