Tag: Controls Audit

BAI Security Audit

Data Security Lessons To Learn Right Now

Data Security Lessons To Learn Right Now Much has been said about the recent Ashley Madison (AM) hack attack, and even more was said about the subsequent data dump of highly sensitive customer information. Are there lessons to be learned from AM? To some extent—the consequences would have been worse had card data not been encrypted. But in the wake of last week’s court ruling that gives the U.S. Federal Trade Commission (FTC) the authority to sue companies for failing to maintain adequate cyber security, it’s obvious that business needs to pay more attention to their security controls. The FTC Is Watching The court decision came in response to the FTC’s lawsuit against Wyndham Worldwide Corporation for digital security failures—storing payment

Read More »


On April 30th, 2013 the National Institute of Standards and Technology (NIST) issued their latest version of essential guidance: Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations.  Led by Ron Ross, a NIST fellow and the project leader, a team of computer scientists spent the past two years developing this latest 457 page revision. One of the Essential Themes of the New Guidance Mr. Ross indicated that a key theme in the new guidance is the “reintroduction of the notion of assurance, or trustworthiness of information systems.”  The bottom line is that organizations will now be under higher scrutiny in terms of how effective they are at identifying vulnerabilities and security weaknesses in systems, which

Read More »