How to Read a HITRUST Validated Assessment

Understanding the results of a HITRUST engagement and how to use them. During your vendor due diligence process, a vendor sends you their HITRUST report. What exactly does this report tell you? How can you use this information to properly evaluate the vendor? In this blog, we will give a brief overview of the HITRUST CSF framework and then dive into [...]

By |2020-03-02T20:20:49+00:00March 4th, 2020|IT Audit & Compliance|0 Comments

An Opportunity to Serve

“Life’s most persistent and urgent question is, what are you doing for others?” - Martin Luther King, Jr. At risk3sixty, each team member is equipped with exceptional benefits and support to be a security craftsman and serve our clients. Starting in 2020, risk3sixty began exploring opportunities to serve not only our clients, but also those in need in our community! We [...]

By |2020-03-02T20:28:15+00:00March 2nd, 2020|Culture|0 Comments

Annual Security Training – Phase 1: Design

Are you looking for insight into the best method of establishing a security training environment within your organization? This is a recurring need across all organizations and one which we aim to guide you through as we work through this series, titled “Annual Security Training – Design, Develop, and Deliver”. If you’re wondering why you should focus resources on developing security [...]

By |2020-02-17T15:53:25+00:00February 17th, 2020|IT Audit & Compliance, Uncategorized|0 Comments

The Road to Better Password Cracking (Part 1)

Or: how I learned to stop worrying and love AWS GPU clusters. Photo by Alberto Frías on Unsplash Passwords are terrible. And I don’t mean just your Netflix password or your home Wi-Fi password. I’m talking about passwords as an idea. Passwords are existentially terrible. The reason passwords are terrible is simple: they’re meant to be easy for humans. We must [...]

By |2020-02-11T18:07:38+00:00February 10th, 2020|Penetration Testing|0 Comments

Advice for Taking the CISA Exam (Updated)

Everything you need to know to pass with flying colors. From isaca.org As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients. We have provided advice for taking the CISA exam in a previous blog in 2015. The [...]

By |2020-02-03T15:26:16+00:00February 3rd, 2020|IT Audit & Compliance|0 Comments

Sudo: Its History and How to Abuse It

A quick explanation of one of the most influential and misconfigured computing utilities. A classic view into some of the tools use by pentesters at risk3sixty. You’re a hacker.   Okay, maybe you aren’t, but let’s say you are. You finally got into a server you’ve been attacking for weeks, but you’re stuck. The credentials you logged in with [...]

By |2020-01-24T14:00:12+00:00January 27th, 2020|CISO Discussions, Penetration Testing|0 Comments

Annual Security Training – Design, Develop and Deliver

Have you struggled to establish a security training environment within your organization? Or explaining the “whys” to those in senior leadership to gain traction and support for implementing your vision? This is a common problem for companies of all sizes and ages and may be easier to solve than you think. This series will break down how to design, develop, and [...]

By |2020-01-20T19:36:18+00:00January 17th, 2020|IT Audit & Compliance|0 Comments

An Insider’s Perspective on Choosing a Security and Compliance Partner That Is Right for Your Business

A few things to consider when choosing a consulting firm partner. At risk3sixty, we interact with a lot of prospective customers who want us as a security consulting partner. Some firms ask great questions and have a clear understanding of what they are looking for. Others need a little more help figuring things out.   Security, privacy, and compliance are complex [...]

By |2020-01-23T19:20:21+00:00January 13th, 2020|CISO Discussions, IT Audit & Compliance|0 Comments

Performing Effective User Access Reviews

Correcting mistakes that arise in the day-to-day management of access control.   Organizations can take many steps to manage access, such as adopting documented registration and de-registration processes, maintaining a list of service accounts, and segmenting networks. While all are effective ways of managing access, they occasionally fail.   For example, a step may be missed in the on-boarding process. A [...]

What We Learned About Each Other While Running 100 Miles Together

Every year our team runs a 100-mile relay race through North Georgia (for charity). Along the way, we learn a lot about ourselves and a lot about each other. Back in October, I wrote a blog post about why our team does hard stuff together. I wrote that post because our team has a standing tradition of doing things like [...]

By |2020-01-23T19:21:47+00:00December 30th, 2019|Culture, News and Events|0 Comments