Blog - Business Valuation Zone

What’s New With ISO 27002? What You Need to Know About the ISO 27001 Control Set Update

Audit Board

JUNE 15, 2022

Every five years, the International Organization for Standards (ISO) and the International Electrotechnical Commission (IEC) review standards to confirm they are up to date. In February 2022, they reviewed and revised ISO/IEC 27002:2013 and released its successor in ISO/IEC 27002:2022. .

Compliance

Compliance Start-ups Technology

Security vs Compliance: Where Do They Align?

Audit Board

APRIL 25, 2022

ISO Compliance . The International Organization for Standardization (ISO) is a Geneva-based NGO which has published some of the most well-known standards in the world. ISO has released about 22,000 standards, including ISO 27001 , their standard for developing information security management systems (ISMS).

Compliance

Compliance Technology

Six Best Practices When Preparing for Third-Party Audits

Audit Board

JUNE 22, 2023

Depending on your business’s size, industry, and compliance needs, it will be subject to third-party audits. Businesses will typically choose to undergo a third-party audit with the goal of achieving or maintaining a security certification, such as SOC 2 (I and II), ISO, or PCI DSS.

Compliance

8 Keys to Success When Performing Gap and Readiness Assessments

Audit Board

DECEMBER 14, 2022

A readiness assessment helps compliance teams understand the areas of the business already operating as intended — as well as identify deficiencies to allow time for remediation ahead of a formal, third-party audit. . The NIST and ISO frameworks are commonly regarded by the IT security industry as “best practice” baseline frameworks.

Compliance

Compliance Technology Marketability

How to Effectively Manage Cyber Risk to Reduce Cyber Liability Insurance Costs

Audit Board

JULY 25, 2022

You can use a combination of software/technologies, internal assessments, and physical audits to perform this step. Compliance frameworks like NIST CSF, ISO 27001, and CIS controls offer guidelines and best practices on how to effectively manage security around sensitive and confidential data. .

Compliance

Compliance Technology Finance

Essentials of IT Risk Management: Protect Your Organization from Cyber Threats

Audit Board

AUGUST 1, 2023

Streamlining IT Operations IT risk assessments and risk management practices can reveal insights about an organization and teams in a way that other audits might not. Reporting and Results As they say in audit, “if it wasn’t documented, it didn’t happen.” The same principle applies to IT Risk Management.

Technology

Technology Start-ups Compliance Marketability

Fundamentals of NIST Cybersecurity Framework (CSF) Controls

Audit Board

SEPTEMBER 6, 2023

Where does the NIST CSF fit among other security standards, like ISO 27001? What are the Differences Between NIST and ISO? Three differences between the NIST CSF and ISO 27001 involve certification, maturity scales, and cost. Is compliance with the CSF a regulatory requirement? We’ll cover all that and more!

Compliance

Compliance Start-ups Technology

Conducting Cybersecurity Risk Assessments Guide: The Complete Introduction

Audit Board

JANUARY 12, 2023

Common cybersecurity frameworks and their specific requirements around risk management, including SOC 2 , ISO 27001, PCI 4.0 , NIST CSF, and more. Testing or audits have NOT been performed or if performed results indicate inadequate controls. Key considerations when building meaningful cybersecurity risk reporting. Adequate (3).

Compliance

Compliance Start-ups Asset-based Approach Specific Risk

Cybersecurity Risk Management Best Practices

Audit Board

OCTOBER 2, 2023

Some of the most popular cybersecurity frameworks that are available for companies to use are: the NIST Cybersecurity Framework (CSF), the ISO 27000 Family of standards, and the SOC 2 Trust Services Criteria. SOC 2 attestation requires businesses to contract with a third-party CPA firm and complete an audit.

Technology

Technology Start-ups Data Analysis Compliance

Compliance Audit Basics: Definition, Types, and What to Expect

Audit Board

JUNE 8, 2023

Compliance audits are a broad topic that can affect many organizations across different parts of an organization. There can be different kinds of compliance audits being performed at any given point in time, and at first glance the world of compliance is full of opacity and acronyms. What Is a Compliance Audit?

Compliance

Compliance Start-ups Technology Accounting Firms

SOC 2 Framework Guide: The Complete Introduction

Audit Board

OCTOBER 6, 2022

Relationships to other standards and documents including ISO 27001, COSO Internal Control – Integrated Framework, and SOC 1 and 3. ISO 27001, which is used for generally the same purpose, is used by organizations with customers based outside the US. . Evidence will be required during the SOC 2 external audit.

Compliance

Compliance Start-ups

Vendor Risk Management Best Practices

Audit Board

SEPTEMBER 14, 2023

Having a third-party that is willing and able to comply with necessary standards, like GDPR, HIPAA, and PCI is invaluable, and can save your company a lot of headache during an audit or assessment. It’s helpful to make lists of mandatory controls that vendors must have in place to meet your organization’s obligations and mandates.

Compliance

Compliance Start-ups Accounting Firms Technology

How Audit, Risk, and Compliance at MDA Gain Cross-Organizational Visibility

Audit Board

NOVEMBER 8, 2022

In our Spotlight on Success series, MDA’s Scott Page (Director, Internal Audit), Melissa Cass (Director, Business Operations), and Uriah McCann (Director, Cybersecurity) share their gains in efficiency, visibility, and collaboration from centralizing audit, risk, and compliance activities and documentation in AuditBoard’s connected risk platform.

Compliance

Compliance Technology

Prioritize Continuous Monitoring of Your IT Risk and Compliance Posture

Audit Board

AUGUST 2, 2023

Compliance , audit, and risk teams aren’t seamlessly communicating due to operational silos that lead to decentralized data and disaggregated reporting, making data-driven decisions impossible. Within the last two years alone, PCI has been updated, ISO 27001, 27002, NIST has been updated, along with [the U.S.

Compliance

Compliance Technology Banking Marketability

Business Valuation Zone

What’s New With ISO 27002? What You Need to Know About the ISO 27001 Control Set Update

Security vs Compliance: Where Do They Align?

Trending Sources

Six Best Practices When Preparing for Third-Party Audits

8 Keys to Success When Performing Gap and Readiness Assessments

How to Effectively Manage Cyber Risk to Reduce Cyber Liability Insurance Costs

Essentials of IT Risk Management: Protect Your Organization from Cyber Threats

Fundamentals of NIST Cybersecurity Framework (CSF) Controls

Conducting Cybersecurity Risk Assessments Guide: The Complete Introduction

Cybersecurity Risk Management Best Practices

Compliance Audit Basics: Definition, Types, and What to Expect

SOC 2 Framework Guide: The Complete Introduction

Vendor Risk Management Best Practices

How Audit, Risk, and Compliance at MDA Gain Cross-Organizational Visibility

Prioritize Continuous Monitoring of Your IT Risk and Compliance Posture

Stay Connected