As we discussed in an earlier post, the primary requirement for a SOC 2 audit is when a company provides services to a third party. As per the AICPA, the SOC 2 consists of the following Trust Services Principles (TSPs): Security (also known as Common Criteria) Availability Processing Integrity Confidentiality Privacy The scope for each…
Category: General
All the general articles will go here.
The 48 assessment questions to ask before Cloud Migration
According to an IDG report, 73% of all the companies use Cloud to run at least a portion of their application, and of the rest, 17% plan to move to the cloud in some form or the other in the next 12 months. But why there’s such a surge to move in the cloud? From…
A layman’s guide to ISO 27001 vs SOC 1 vs SOC 2 vs SOC 2 vs SOC 3 compliance
In case you are following my previous posts (link 1, link 2), you must be aware that I have been reading and posting a lot of thoughts on different ISO frameworks. But reading about these frameworks reminds me of a quote by Socrates – The more I know, the more I realize I know nothing….
The Fallacy of ‘Zero-Trust’ model. Is that even a thing?
In 2010, John Kindervag of Forrester Research piqued a new concept, the ‘Zero Trust’ model. In the traditional information security model, there are essentially 2 zones – the trusted zone which is regarded as ‘secure’ and the untrusted zone as ‘insecure’. The zero trust model essentially says not to trust anyone on the network –…
A Beginner’s Guide to ISO ISMS Standards
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee….
A Beginner’s Guide to Information Security Frameworks
Checklists turn out…to be among the basic tools of the quality and productivity revolution in aviation, engineering, construction – in virtually every field combining high risk and complexity. Checklists seem lowly and simplistic, but they help fill in for the gaps in our brains and between our brains. – Atul Gawande Just as Checklists solve…
Lessons learnt from combining COBIT 5 & ITIL
In Summer’18, I worked at PayPal and had the first-hand experience of working with COBIT 51 . Though it’s been ~7 years that I have been working in the GRC space and worked on numerous projects that involved COBIT 5 guidance and principles, never once I had the opportunity to initiate a project, understand what…
14 Must-know Tips and Formulas from ‘Excel 2016: Advanced Formulas and Functions’ [Part 2]
This is the second part of the advanced Excel series. The first part of the series can be accessed by clicking here. Array Formulas and Functions To convert the normal formulas to Array formulas, press ‘Ctrl+Shift+Enter. The formulas will be surrounded by Parantheses {}, which signifies that the it has been converted to an array…
33 Must-know Tips and Formulas from ‘Excel 2016: Advanced Formulas and Functions’ [Part 1]
I recently completed this training on Lynda.com, and found the following tips and formulas to be useful. I have summed up ~4 hours of learning in these 33 bullets. Formula and Function Tips and Shortcuts Displaying and highlighting formulas Use ‘Ctrl+~’ to show all the formulas in the excel Another method is to use ‘Show…
Why do we need Governance Frameworks, SOC 2 Audits, & Compliance?
Yesterday I met my previous roommate who’s a Computer Science nerd and recently completed his internship at one of the best tech companies in the Valley. We met after a long time and soon after discussing how we’ve been, he asked about my work. I told him – “I am currently working on the Governance…