About Us | Contact Us
View Cart
Archive for 'Compliance' Category

Nine Years Later, NIST Agrees With Dan!

By Vigilize - Last updated: Friday, May 19, 2017

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he spoke out against the “conventional wisdom” requiring frequent password changes, advocating instead other mitigating factors […]


Ten Must-Reads For Information Security Awareness

By Vigilize - Last updated: Thursday, April 20, 2017

These titles should be on every professional’s list. An article review. If there’s one thing you can take away from the most recent installment of our annual T7 article, it’s that the threats we face when securing IT assets are a diverse and constantly evolving lot. That’s why staying current is one of the most […]


Four and Four – Questions to Simplify Vendor Management

By Dan Hadaway - Last updated: Thursday, April 6, 2017

Two sets of questions that can help start your vendor due diligence adventure. A quick Dan’s New Leaf Post, meant to inspire thought about IT Governance . . . . When you’re just starting to address the issue of vendor management, it can seem like a daunting task.  And how do you explain to your vendor […]


Proposed Bill Would Make Cybersecurity Disclosure The Board’s Responsibility

By Vigilize - Last updated: Tuesday, March 28, 2017

The Cybersecurity Disclosure Act of 2017 Would Make The Board Report on Its Own Expertise An article review. For those of you wondering if you should be adding a Cybersecurity expert to your board of directories, you may be getting out in advance of law.  We at infotex have been invited to consult with several bank boards, […]


New York to Impose New Cybersecurity Regulations

By Vigilize - Last updated: Tuesday, March 14, 2017

The controversial new regulations are the first in the nation, and may not be the last… An article review. On March 1 New York State became the first in the nation to impose its own cybersecurity regulations on banking institutions. Though banking institutions have 180 days to come into compliance, there are complaints that the […]


Financial Statement Review in Vendor Management

By Dan Hadaway - Last updated: Monday, March 13, 2017

What are the expectations for Financial Statement Review? For banks and credit unions. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I’m often asked, “what should we be doing when it comes to financial statement review during vendor management.” Let me start off by […]


Digital Security Standard Compliance: Is It Enough?

By Jolley | Hadaway - Last updated: Friday, February 24, 2017

While the credit card industry-backed program has good aspects, it should not replace the SOC-2. With the number of different security standards–and ways to test those standards–out there, it can be difficult to stay on top of just what is required, compliance wise, for a specific situation. Case in point, we recently had a client with […]


Information Overload 2017

By Dan Hadaway - Last updated: Wednesday, November 23, 2016

2017 – Ten Guidance Releases and the Solution . . . A sidebar from our 2017 M-7 Article! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . We felt our M-7 article should inventory the new guidance you’ll need to get your arms around in 2017.  However, when […]


FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ

By Vigilize - Last updated: Wednesday, October 26, 2016

Questions from vendor management to mitigating controls covered in the new document. An article review.   The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and it’s certainly worth taking a look at as many of their answers are eye-opening! Many have wondered […]


When Ransomware Hits, Concerns Go Beyond Payment

By Jolley | Hadaway - Last updated: Friday, August 26, 2016

Without further investigation, there’s no guarantee that data was merely encrypted… When ransomware strikes it’s likely many organizations will focus on whether the encryption used can be broken, and whether it makes more sense to simply pay to unlock the affected machines. While concerns about payment are likely the most pressing concern that you will […]