Access Management

Cybersanity in the Incident Response Age

Their unprecedented breach presents an opportunity to learn. A Jolley | Hadaway Article. The recent data breach at Equifax has shocked many of us, even the ones who have become desensitized to the “breach parade,” the regular stream of news regarding major orga...

Forgotten But Not Gone: The Ex-Employee Risk

Failure to deprovision former employees presents a real risk to businesses. An article review. When terminating an employee you probably make sure that they turn in keys, access cards, and any other physical access credentials, but how sure are you that their electronic cr...

Small Business Resource Page

Small Business Technology Risk Management Starting Points Remember, these are merely generic starting points! They may not be all-inclusive for your unique business! The infotex Small Business Technology Risk Assessment A starting point to determine tactics. For a movie on...

Former NIST Official Regrets Issuing Password Guidance

Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose passw...

Nine Years Later, NIST Agrees With Dan!

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he ...

With Windows Hello, Users May Be Trading Security For Convenience

  Microsoft promises ‘enterprise-grade’ security without a password, so what’s the catch? When Windows 10 was launched there was a great deal of attention paid to some of its more controversial aspects, such as the inability for end users to disable ...

Alarming Recurring Finding

“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and they s...

Getting Started on Cybersecurity

Process Flow for Institutions . . . and why Dan loves the Cybersecurity Assessment Tool! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Real quick:  What should you do to get started on understanding the new Cybersec...

Data Leakage Without a Cause

or, at least, without a malicious cause . . . . . . and the risk introduced by “crapware” . . . the continued climb of cloud-offers that accompany new assets!  (That’s consonance, kids!) Another one of those Dan’s New Leaf Posts, meant to inspire tho...

The Other Side of the Password Debate

Is Biometrics Ready? Though we disagree with this article, we thought our Clients would appreciate reading an opposing position to our belief that biometrics are still not a cost-effective form of authentication.  We believe you still need to increase the tolerance so high ...