About Us | Contact Us
View Cart
Author Archive

FFIEC Statement on Outsourced Cloud Computing

By Vigilize - Last updated: Wednesday, July 11, 2012

The Federal Financial Institutions Examination Council (FFIEC) has issued a statement on outsourced cloud computing activities. The statement discusses key risk considerations associated with outsourced cloud computing activities and identifies applicable risk mitigation considerations.

Using SDelete

By Vigilize - Last updated: Tuesday, July 10, 2012

SDelete allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. It is a command line utility that takes a number of options. SDelete accepts wild card characters as part of the directory or file specifier. Instructions on how to use SDelete.

Bust Exposes PCI Challenges

By Vigilize - Last updated: Monday, July 9, 2012

Experts say that the international takedown that resulted in 24 arrests for credit card fraud illustrates problems inherent in the Payment Card Industry Data Security Standard (PCI DSS).

Court Ruling Could Be Boon to Cyberheist Victims

By Vigilize - Last updated: Friday, July 6, 2012

A decision handed down by a federal appeals court this week may make it easier for small business owners victimized by cyberheists to successfully recover stolen funds by suing their bank.

Don’t Get Smished!

By Vigilize - Last updated: Thursday, July 5, 2012

We have all heard about phishing, or at least I hope so. But, how many have heard about smishing? Smishing is another form of social engineering attack that uses SMS (text messaging) and mobile devices instead of the telephone (voice) to glean nonpublic information from unsuspecting individuals.

A Cure for BYOD?

By Vigilize - Last updated: Friday, June 29, 2012

Using mobile devices in the workforce has grown in popularity. However, some organizations haven’t jumped to purchasing those devices. Some employees, either out of need or convenience, have used an alternate route in that they bring their own device (BYOD) to work. This brings up some security concerns. To address this, AT&T says it has the answer for corporations that want to let employees access work applications from personal phones without becoming a security threat.

Mobile Security White Paper for BYOD and/or Issued Devices

By Vigilize - Last updated: Tuesday, June 19, 2012

The auditors at infotex have created a set of non-technical controls (ie: policies and procedures) governing the use of mobile devices. This white paper (Mobile Security White Paper: Non-technical Controls) discusses considerations that should be addressed in creating such controls. The Era of Mobile Devices

Understanding SOC Reports (For Beginners)

By Vigilize - Last updated: Thursday, June 14, 2012

As part of our certifications through ISACA (CISA, CISM and CRISC), we regularly flip through the ISACA Journal dog-earring the pertinent articles and other learning materials available to us through this organization. In looking at one of the prior issues the other day, I again ran across a very insightful article titled Understanding the New SOC Reports. Since we are in the examination program just like financial institutions, we also have to be diligent in our annual vendor reviews and comb through our own vendors’ IT security related and other documentation. As such, this article interested me.

By Vigilize - Last updated: Saturday, June 9, 2012

IT Governance documentation is both extremely important and extremely difficult to create for IT managers, Information Security Officers, and Compliance Officers alike. infotex has been maturing GLBA and HIPAA templates since before the regulations were law. Our first Acceptable Use Policy was written in 1989. Each time we audit a new client, we learn from […]

Tiny Banker Trojan

By Vigilize - Last updated: Wednesday, June 6, 2012

According to a post by CSIS Security Group A/S, they have uncovered a new trojan-banker family which they have named Tinba (Tiny Banker) alias “Zusy”. Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing Two factor Authentification (2FA) or tricking the infected user to give away additional sensitive data such as credit card data or TANs.