Category: Blog

Blog

The GDPR in 2019: Enforcement and Penalties around…

If 2018 was the year of GDPR implementation, then 2019 is the year of GDPR enforcement. Data Protection Authorities (DPAs) in Germany have started their audits, and France’s DPA, the CNIL, levied its first major fine earlier this year. The GDPR upped the stakes for data protection around the globe. Since its implemen…
Blog

Upgrading Your Internal Controls for a Hybrid Envi…

Governance, Risk and Compliance (GRC) has become a key component of IT and business environments in every industry - and these environments are expanding rapidly. With the widespread adoption of cloud-based solutions, many organizations now operate with a hybrid environment that mixes cloud and on-premise technologies.…
Blog

How to Use Privacy KRIs to Predict Future Risks

GDPR enforcement has kicked off, and the CCPA countdown has begun. With the threat of significant penalties for non-compliance looming, many organizations are placing a greater focus on data privacy. But is “checking the box” on compliance the only (or best) way to evaluate the effectiveness of your program?  …
Blog

A New Tool for Finding Malicious JavaScript and Se…

September 2019 Update: This JavaScript Security extension has been published by Burp Suite! You can install it directly within Burp, via the BApp Store feature in the Burp Extender tool. Why compromise just one website when you can compromise a whole bunch of them all at once? I'm sure that's what attackers were thinki…
Blog

8 Areas to Include in SAP Access Control Testing

Information Technology General Controls (ITGC) are the basic controls that can be applied to IT systems such as applications, operating systems, databases, and supporting IT infrastructure. The objective of ITGCs is to ensure the integrity of the data and processes the systems support. Your SAP ERP applications cross a…
Blog

Let’s Get Cracking: A Beginner’s Guide…

The Focal Point Attack & Penetration team performs many internal penetration tests that culminate in a compromise of Windows Active Directory domains and access to the password hashes of all domain users. Like many teams that provide pen testing services, we have a high-powered GPU-based password-cracking rig that …
Blog

5 Things to Consider before Upgrading from SAP GRC…

SAP released a new version of Access Control in March 2018. It became generally available in September 2018, and in January 2019, support pack 3 was issued. In this release, SAP added some new functionality and improved some of the existing functionality. These updates include integration with cloud platforms, enhanced…
Blog

Top Trends in Third-Party Risk Management for 2019

You’re a CEO. You’re standing in a room with the CEOs of your two top competitors. You look to your left, and you look to your right. Odds are, two of the three of you will suffer a security breach as a result of a third party. According to recent research from the Ponemon Institute, which surveyed more than 1,000 …
Blog

Implementing SailPoint’s IdentityIQ for an Indus…

An industry leading energy transmission and distribution company, delivering electricity and natural gas to an expanding consumer base and serving approximately 302,000 electric customers and 80,000 natural gas customers throughout its service area, which covers one of the most populated geographical areas of the north…