COBIT 5, Creating an Audit Program and Enabling Compliance

COBIT 5, Creating an Audit Program and Enabling Compliance

Last year I wrote an article that discussed using COBIT 5 to audit cyber controls, in this instance the Australian Signals Directorate (ASD) Top 4. At the time of writing this article I had the privilege of being an expert reviewer on a draft ISACA white paper on creating an audit program. This white paper [...]

What You Need to Know: Navigating EU Data Protection Changes – EU-US Privacy Shield and EU General Data Protection Regulation

What You Need to Know: Navigating EU Data Protection Changes – EU-US Privacy Shield and EU General Data Protection Regulation

If you’re an organization with trans-Atlantic presence that transmits and stores European citizen data (e.g. employee payroll & HR data, client & prospect data) in the U.S. you will want to pay attention. What we will discuss was administered under the European Union’s Data Protection Directive and a previous EU-U.S. agreement called Safe Harbor.  We [...]

How to Track Actors Behind Keyloggers Using Embedded Credentials

How to Track Actors Behind Keyloggers Using Embedded Credentials

Mo’ key loggers, mo’ problems This past year Unit 42 has seen a resurgence of keylogger activity and it seems like every week a new research blog comes out talking about one of four popular families: KeyBase, iSpy,HawkEye, or PredatorPain. These blogs usually delve into the technical workings of the threats, discuss their relationship to each other, [...]