About Us | Contact Us
View Cart
Archive for 'Compliance' Category

Former NIST Official Regrets Issuing Password Guidance

By Vigilize - Last updated: Monday, August 21, 2017

Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose password security suggestions became the basis for many organization’s own standards now says he regrets writing the […]


What’s New in Incident Response

By Jolley | Hadaway - Last updated: Tuesday, July 11, 2017

As threats evolve, so must your plans to respond to them… A Jolley|Hadaway Article. There have been a number of changes to the threat landscape organizations face in recent years, and if your organization’s plans to respond to those threats haven’t changed with them you may be wondering how to get started. From ransomware to […]


Nine Years Later, NIST Agrees With Dan!

By Vigilize - Last updated: Friday, May 19, 2017

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he spoke out against the “conventional wisdom” requiring frequent password changes, advocating instead other mitigating factors […]


Ten Must-Reads For Information Security Awareness

By Vigilize - Last updated: Thursday, April 20, 2017

These titles should be on every professional’s list. An article review. If there’s one thing you can take away from the most recent installment of our annual T7 article, it’s that the threats we face when securing IT assets are a diverse and constantly evolving lot. That’s why staying current is one of the most […]


Four and Four – Questions to Simplify Vendor Management

By Dan Hadaway - Last updated: Thursday, April 6, 2017

Two sets of questions that can help start your vendor due diligence adventure. A quick Dan’s New Leaf Post, meant to inspire thought about IT Governance . . . . When you’re just starting to address the issue of vendor management, it can seem like a daunting task.  And how do you explain to your vendor […]


Proposed Bill Would Make Cybersecurity Disclosure The Board’s Responsibility

By Vigilize - Last updated: Tuesday, March 28, 2017

The Cybersecurity Disclosure Act of 2017 Would Make The Board Report on Its Own Expertise An article review. For those of you wondering if you should be adding a Cybersecurity expert to your board of directories, you may be getting out in advance of law.  We at infotex have been invited to consult with several bank boards, […]


New York to Impose New Cybersecurity Regulations

By Vigilize - Last updated: Tuesday, March 14, 2017

The controversial new regulations are the first in the nation, and may not be the last… An article review. On March 1 New York State became the first in the nation to impose its own cybersecurity regulations on banking institutions. Though banking institutions have 180 days to come into compliance, there are complaints that the […]


Financial Statement Review in Vendor Management

By Dan Hadaway - Last updated: Monday, March 13, 2017

What are the expectations for Financial Statement Review? For banks and credit unions. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I’m often asked, “what should we be doing when it comes to financial statement review during vendor management.” Let me start off by […]


Digital Security Standard Compliance: Is It Enough?

By Jolley | Hadaway - Last updated: Friday, February 24, 2017

While the credit card industry-backed program has good aspects, it should not replace the SOC-2. With the number of different security standards–and ways to test those standards–out there, it can be difficult to stay on top of just what is required, compliance wise, for a specific situation. Case in point, we recently had a client with […]


Information Overload 2017

By Dan Hadaway - Last updated: Wednesday, November 23, 2016

2017 – Ten Guidance Releases and the Solution . . . A sidebar from our 2017 M-7 Article! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . We felt our M-7 article should inventory the new guidance you’ll need to get your arms around in 2017.  However, when […]