About Us | Contact Us
View Cart
Archive for 'Access Management' Category

Forgotten But Not Gone: The Ex-Employee Risk

By Vigilize - Last updated: Friday, August 25, 2017

Failure to deprovision former employees presents a real risk to businesses. An article review. When terminating an employee you probably make sure that they turn in keys, access cards, and any other physical access credentials, but how sure are you that their electronic credentials have been revoked? A new study being highlighted by CIO Insight […]


Small Business Resource Page

By Dan Hadaway - Last updated: Friday, August 25, 2017

Dan has whittled all the noise to five resources a Small Business Owner should investigate (and utilize).


Former NIST Official Regrets Issuing Password Guidance

By Vigilize - Last updated: Monday, August 21, 2017

Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose password security suggestions became the basis for many organization’s own standards now says he regrets writing the […]


Nine Years Later, NIST Agrees With Dan!

By Vigilize - Last updated: Friday, May 19, 2017

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he spoke out against the “conventional wisdom” requiring frequent password changes, advocating instead other mitigating factors […]


With Windows Hello, Users May Be Trading Security For Convenience

By Jolley | Hadaway - Last updated: Tuesday, September 13, 2016

Better think twice . . . or spring for the enterprise edition . . . before you use Windows Hello as a “stronger” authentication method.


Alarming Recurring Finding

By Dan Hadaway - Last updated: Tuesday, March 8, 2016

“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and they send us files using their shiny new “Secure E-Mail System” and guess […]


Getting Started on Cybersecurity

By Dan Hadaway - Last updated: Thursday, July 9, 2015

Process Flow for Institutions . . . and why Dan loves the Cybersecurity Assessment Tool! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Real quick:  What should you do to get started on understanding the new Cybersecurity Assessment Tool (and its impact on future […]


Data Leakage Without a Cause

By Dan Hadaway - Last updated: Tuesday, February 24, 2015

If we are going to allow users to “harden” their endpoints, we had better be providing more robust “awareness training” about the risks that come with new assets.


The Other Side of the Password Debate

By Vigilize - Last updated: Friday, July 25, 2014

An interesting article that we do not entirely agree with.


A Simplified Approach to Vendor Management

By Dan Hadaway - Last updated: Thursday, October 10, 2013

For those of you who are wanting to come into lightening-speed compliance with Section 164.308(b)(1) of the HIPAA Security Ruling, start telling your vendors that they need to revise their agreements to include the following.