R-7 – The Top Seven Risks – 2019

Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . When Dan presents audit reports to boards of directors, he also talks to the board about the top risks the institution is facing. Since 2006, Dan has been compiling a list of the “top seven risks […]

The Magnificent Seven 2019

Seven trends impacting Information Security Officers of Small Institutions! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome to the Magnificent Seven, my annual predictive article, affectionately dubbed “M7,” about the seven trends in bank technology that will impact the Information Security Officers of small banks […]

The Pine Processionary

Battling Procedure Fatigue in Cybersecurity . . . Or . . . making sure we don’t just go through the motions! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . When it comes to the routine things in life, it can be easy to get […]

Error Fatigue Risk

Going through the motions when we should be going through a checklist! The risk of way too many error messages! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . For infotex, 2018 was the year of the “Aggressive Technology Plan.” Something I’ve noticed, as we […]

Unless You Are Based in Europe

Some businesses are attempting to capitalize on confusion over just who the GDPR applies to… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Several Clients have emailed a question to me this week (one even picked up that thing called a telephone, and called […]

Risk Versus Severity When In A Panic

Risk isn’t the only thing to consider when planning a decision tree. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . During tuning, we’re sometimes asked, as we help our MSSP Clients establish a detailed decision tree (modify our default to their own situation), “are […]

Firewall Log Retention: Beyond The Guidance

In the absence of specific guidance, organizations are left to use their judgement in retaining logs… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Not long ago a Client asked for my input on their firewall log policy, as they were collecting logs but […]

Merchandising as an Information Security Concept

Haven’t rotated your posters in a while? Your customers may not be seeing them anymore. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . One of the things I recently realized: some bankers I interact with do not have the same  understanding of merchandising that I […]

Our Compliance with #4040

Dan’s decided to declare “in compliance” on a CAT Statement, and wants your opinion! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . How would you like to experience a little excerpt from an infotex risk assessment?  (Yes, we had to run this by our […]

The Magnificent Seven 2018

Seven trends impacting Information Security Officers of Small Institutions! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome to the Magnificent Seven, my annual predictive article, affectionately dubbed “M7,” about the seven trends in bank technology that will impact the Information Security Officers of small banks […]