General: (800) 466-9939

Access Management

With Windows Hello, Users May Be Trading Security For Convenience

  Microsoft promises ‘enterprise-grade’ security without a password, so what’s the catch? When Windows 10 was launched there was a great deal of attention paid to some of its more controversial aspects, such as the inability for end users to disable ...
READ MORE

Alarming Recurring Finding

“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and they s...
READ MORE

Getting Started on Cybersecurity

Process Flow for Institutions . . . and why Dan loves the Cybersecurity Assessment Tool! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Real quick:  What should you do to get started on understanding the new Cybersec...
READ MORE

Data Leakage Without a Cause

or, at least, without a malicious cause . . . . . . and the risk introduced by “crapware” . . . the continued climb of cloud-offers that accompany new assets!  (That’s consonance, kids!) Another one of those Dan’s New Leaf Posts, meant to inspire tho...
READ MORE

The Other Side of the Password Debate

Is Biometrics Ready? Though we disagree with this article, we thought our Clients would appreciate reading an opposing position to our belief that biometrics are still not a cost-effective form of authentication.  We believe you still need to increase the tolerance so high ...
READ MORE

A Simplified Approach to Vendor Management

If we had to reduce all of vendor management down to two operations, we’d suggest a strong contract policy, and a sorting process. Business Associate Agreements Simplified For those of you who are wanting to come into lightening-speed compliance with Section 164.308(b...
READ MORE

Access Management

Go here to learn more about our Access Management Program Kit! Dan Hadaway, CISA, CISM, CRISC Managing Partner Dan speaks regularly at various conferences, workshops, and webinars. He has delivered talks for the Community Bankers Association of Illinois, the...
READ MORE

If You DO Write It Down . . . .

If you DO write it down . . . another Password Manifesto by Dan Hadaway Shhh.  Once again I’m huddled over my laptop, wondering if I’m really going to submit this to be posted and/or published.  You see, once again I’m going to go ahead and say it:  some of our beliefs abou...
READ MORE

Technical BYOD Controls for Banks

by Sean Waugh and Dan Hadaway First, let us confess that we used BYOD in the title merely so that we’d catch everybody’s attention. It’s a nice buzzword; who wouldn’t feel like partying after seeing it? But this article is actually about Portable Devices, which is a superset...
READ MORE

Analysis of the FFIEC’s Statement on Cloud Computing

On July 10th, 2012, the FFIEC published a “Statement on Cloud Computing” in a new section of the ffiec.gov resource library for guidelines related to information technology governance.  This statement served to declare that cloud computing providers are simply another form o...
READ MORE

CATEGORIES

General: (800) 466-9939

Facebook Youtube X-twitter

General: (800) 466-9939

Facebook Youtube X-twitter

General: (800) 466-9939

Facebook Youtube X-twitter