About Us | Contact Us
View Cart
Archive for 'Security Tools' Category

Object Access Limitations

By Matt Jolley - Last updated: Monday, March 5, 2018

Object Access Limitations. . . While offering some visibility, there are limitations to object access monitoring. If your organization has to comply with industry regulations such as GLBA, HIPAA, or Sarbanes Oxley, you know that maintaining data security and privacy are important, and one of the ways you can accomplish that is with object access […]

The Difference Between Patch and Vulnerability Management

By Vigilize - Last updated: Thursday, January 18, 2018

The first in our guest author series, this article by Eric Kroeger and Jason Mikolanis explains the difference between patch and vulnerability management.

New York to Impose New Cybersecurity Regulations

By Vigilize - Last updated: Tuesday, March 14, 2017

The controversial new regulations are the first in the nation, and may not be the last… An article review. On March 1 New York State became the first in the nation to impose its own cybersecurity regulations on banking institutions. Though banking institutions have 180 days to come into compliance, there are complaints that the […]

FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ

By Vigilize - Last updated: Wednesday, October 26, 2016

Questions from vendor management to mitigating controls covered in the new document. An article review.   The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and it’s certainly worth taking a look at as many of their answers are eye-opening! Many have wondered […]

One Step Closer to Secure Mobile Devices

By Chelsea Bill - Last updated: Tuesday, July 24, 2012

If you think you have a good patch management and verification program in place, think again! Sure, you’re supplementing WSUS with Nessus scans or some other third party patch verification process. But are you scanning your mobile devices?

FFIEC Implements New InfoBase Technology

By Vigilize - Last updated: Friday, May 4, 2012

The Federal Financial Institutions Examination Council (FFIEC) has announced that the organization has upgraded the functions and features of the InfoBase for the FFIEC Information Technology Examination Handbook (IT Handbook). The IT Handbook consists of 11 booklets covering a variety of technology and technology-related risk management guidance for financial institutions and examiners.

Third Party Patch Management

By Sean Waugh - Last updated: Wednesday, May 2, 2012

Vulnerabilities come in all shapes and sizes and while operating system patch management has largely been simplified with tools like WSUS, there is still a high degree of risk due to many popular third party applications and the lack of any centralized patching mechanism for maintaining those installations.  Vendors such as Adobe and Mozilla regularly release updates for their software packages, but managing those updates has been an arduous task for many system administrators.  Until recently, the only centralized option was to create your own MSI packages and deploy them via group policy or SCCM.

DNSChanger Malware

By Vigilize - Last updated: Monday, March 5, 2012

In November 2011, the FBI replaced rogue DNS servers with clean servers to prevent millions of Internet users infected with the DNSChanger malware from losing Internet connectivity when the members of a ring where arrested during Operation Ghost Click. However, the court order allowing the FBI to provide the clean servers is set to expire on March 8, 2012. Computers that are infected with the DNSChanger malware may lose Internet connectivity when these FBI servers are taken offline.

Web Application Security Reviews

By Vigilize - Last updated: Sunday, January 1, 2012

One audit test we perform that sets us apart from many audit firms is a review of code, content, and infrastructure using the OWASP Top Ten Vulnerabilities as a framework.

Are You the Weakest Link?

By Vigilize - Last updated: Thursday, October 14, 2010

I just got off the phone with Dan after he spent the last couple of days at the Indiana Bankers Association’s IT Security Conference. He said it went great! Lots of good information and wonderful speakers. Long story short: I’m a multi-tasker. So, while discussing the conference, I needed something to do to fill that multi-tasking gap (I couldn’t work on the IT Audit report and listen to him at the same time). This is what I did…