Search

For many Audit functions, digitalization starts with RPA - a technology that has left the wings and entered center stage. In addition to leveraging RPA to realize efficiency gains, cost savings, and improved visibility, Internal Audit functions must consider the impact of RPA on controls and business processes. From an audit perspective, there are changes in process risk definitions post automation, changes to job roles and access security, application change management considerations, strategy, and governance of the RPA environment, etc. In this webinar, leading experts from Focal Point and Auxis will outline the key trends in digitalization, the role Internal Audit can play, and how to get started on the path to RPA.

Under the Cybersecurity Maturity Model Certification (CMMC), all DoD contractors are required to be evaluated on the maturity and reliability of their cybersecurity infrastructure, earning certifications ranging from Level 1 (basic cyber hygiene) to Level 5 (advanced security). The five CMMC certification levels are tiered, so the requirements and processes for each level builds upon the previous. Future DoD contracts will indicate the certification level required to bid, and only companies certified to the level specified or higher will be allowed to submit a proposal for those contracts.

Chris Jurs, VP of our Data Privacy practice, and Donel Martinez, a Director in our Risk Consulting group, discuss practical ways organizations can leverage the NIST Privacy Framework to build an enterprise-wide privacy strategy. This conversations is designed for privacy, audit, and compliance professionals.

2020 has been a major year for the California Consumer Privacy Act (CCPA). After two years of anticipation, the CCPA went into effect on January 1, 2020 and then enforcement for the law began six months later on July 1, 2020. The Attorney General also submitted the final proposed regulations for the CCPA to the Office of Administrative Law (OAL) on June 1, which were approved and went into effect two months later on August 14, 2020.

Under the Cybersecurity Maturity Model Certification (CMMC), all DoD contractors are required to be evaluated on the maturity and reliability of their cybersecurity infrastructure, earning certifications ranging from Level 1 (basic cyber hygiene) to Level 5 (advanced security). The five CMMC certification levels are tiered, so the requirements and processes for each level builds upon the previous. Future DoD contracts will indicate the certification level required to bid, and only companies certified to the level specified or higher will be allowed to submit a proposal for those contracts.

A practical look at MageCart attacks (and other similar attack methods) and the controls and tools to identify and stop them...

Whether you're looking to refresh your pen testing routine or to integrate a new type of test (maybe application testing or a device testing), buying a pen test doesn't have to be painful. In this webinar, Jeremy Archer, Managing Director of our Cyber Defense practice, sits down with sales leader Scott Maxwell to discuss how to shop for a pen test. Jeremy and Scott have worked with a wide range of business leaders - from audit directors to CISOs - and have designed this conversation to connect with everyone, whether you're buying your first pen test or your fiftieth.

Each year, roughly $600 billion is lost because of cyberattacks. In a push to protect the U.S. defense supply chain from both foreign and domestic cyber threats and security risks, the Department of Defense (DoD) created the Cybersecurity Maturity Model Certification (CMMC). This new unified standard will ensure the more than 300,000 companies in the Defense Industrial Base (DIB) supply chain have adequate practices and processes in place to protect sensitive defense information.

Updated October 19: On September 30, 2020, the California Attorney General signed AB 1281 into law extending the exemption on employee rights until January 1, 2022. In October 2019, the California legislature passed Assembly Bill 25, an amendment that exempts employers from complying with certain CCPA requirements when it comes to the data of employees and job applicants. AB 25 was set to sunset on January 1, 2021, after which employee personal information would be granted the same rights and protections as consumer personal information as set forth by the CCPA. In the rush to comply with the CCPA this year, many businesses took advantage of this amendment and put these employee data requirements on the backburner. However, this deadline was recently extended until January 1, 2022.  Companies will be able to continue to delay compliance efforts with this exemption for another year, as the California Attorney General recently signed Assembly Bill 1281 into law, extending the exemption on employee rights until January 1, 2022. Employee information under the CCPA covers a large swath of data and significant individual rights, so despite having another year to prepare, organizations should not delay compliance efforts for employee information too long. Keep reading to ensure your organization understands all the CCPA’s requirements for employee personal information and is prepared to comply before they go into effect.