About Us | Contact Us
View Cart
Archive for 'Controls' Category

Former NIST Official Regrets Issuing Password Guidance

By Vigilize - Last updated: Monday, August 21, 2017

Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose password security suggestions became the basis for many organization’s own standards now says he regrets writing the […]


Nine Years Later, NIST Agrees With Dan!

By Vigilize - Last updated: Friday, May 19, 2017

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he spoke out against the “conventional wisdom” requiring frequent password changes, advocating instead other mitigating factors […]


Ransomware: Should You Pay or Should You Go?

By Jolley | Hadaway - Last updated: Wednesday, May 3, 2017

When it comes to paying a ransomware demand, there’s no one-size-fits-all policy…


FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ

By Vigilize - Last updated: Wednesday, October 26, 2016

Questions from vendor management to mitigating controls covered in the new document. An article review.   The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and it’s certainly worth taking a look at as many of their answers are eye-opening! Many have wondered […]


Alarming Recurring Finding

By Dan Hadaway - Last updated: Tuesday, March 8, 2016

“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and they send us files using their shiny new “Secure E-Mail System” and guess […]


Tactics Behind CareFirst Hack

By Vigilize - Last updated: Thursday, May 28, 2015

An article review. Taking a turn at the breach steering wheel In May 2014, CareFirst BlueCross BlueShield learned that one of their information systems had been infected with malware, so they got rid of it. Or so they thought. The malware was never fully eradicated, leading to a substantial hacking incident a few weeks later. […]


The Password Manifesto Revisited

By Dan Hadaway - Last updated: Tuesday, May 19, 2015

Dan’s reminding us that the manifesto, Sometimes Say Never, has the word “sometimes” in it.


Over Sensationalized Internet Security Marketing

By Vigilize - Last updated: Monday, April 27, 2015

An article review. Beware of buzzwords Our friend and associate Joe Cychosz sent us this article a few days ago, and we thought it was worth sharing. This brief article highlights an alarming trend within the InfoSec world, where security vendors are hyping and spinning their offerings to the point of untruth! Now this may […]


Awareness Is Not a Verb!

By Dan Hadaway - Last updated: Wednesday, March 11, 2015

But “test” is an action verb! and your approach could “Turn Awareness Inward.” Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . “With all we have going on, our auditors are not letting us abandon the Awareness Training Thing.  They aren’t treating it as a “one-off.”  We […]


The Adoption of Information Security

By Dan Hadaway - Last updated: Tuesday, February 17, 2015

Should we see Information Security as a normal technology adoption and, if so, do we want to be laggards if we’re in an unregulated industry?