About Us | Contact Us
View Cart
Archive for 'Compliance' Category

Four out of Five Schools Admit To Cybersecurity Incidents

By Vigilize - Last updated: Tuesday, September 10, 2019

Four out of five schools have experienced a cybersecurity incident… An article review. While it seems like these days every organization faces cybersecurity threats, as we’ve pointed out in the past schools are an increasingly attractive target to hackers—and a new audit carried out by the cybersecurity wing of the UK’s Government Communications Headquarters (GCHQ) […]


FFIEC Emphasizes The Importance of Standardized Cybersecurity Assessments

By Vigilize - Last updated: Tuesday, September 3, 2019

These tools will help you assess and improve your cybersecurity preparedness… An article review. If you’re a regular reader of our blog, you know that we think cybersecurity training and the tools that go along with it are vitally important to any organization that relies upon computers—which is pretty much everyone, now. The Federal Financial […]


Four Risk Appetite Statements

By Dan Hadaway - Last updated: Thursday, June 6, 2019

Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . For all the same reasons a board of directors would want to establish a risk appetite statement on loan risk or other major risk categories, the 2015 Cybersecurity Assessment Tool gave us the ability to establish […]


Microsoft Considers Changing Password Guidance

By Vigilize - Last updated: Monday, April 29, 2019

Password expiration rules can create more problems than they solve… An article review. Passwords, it seems, are a lot like diets. They’re often necessary, but no one really wants to have to deal with them–and we’re always looking for the next trick to make the process easier. And just like there’s always a new diet […]


Microsoft Discontinues Support For SHA-1

By Vigilize - Last updated: Monday, March 4, 2019

Known to be vulnerable since 2005, the algorithm will be phased out over the next several months… An article review. Things can move slowly in the world of cryptography, and for evidence of that one needs to look no further than SHA-1–the hash algorithm introduced in 1995, found to be vulnerable to attack in 2005 […]


Incident Response Boilerplate Update

By Adam Reynolds - Last updated: Monday, October 15, 2018

We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]


New Metrics for a New Round of SOC Reviews

By Matt Jolley - Last updated: Monday, October 1, 2018

Just in time for the next round of SOC reviews, we’ve reviewed and updated our metrics… Well it’s that time of year again: the days are growing shorter, the leaves are changing color and your compliance officer is gathering up SOC reports for this year’s round of reviews! Here at infotex we’ve long maintained a […]


Succession Planning Governance

By Adam Reynolds - Last updated: Monday, August 27, 2018

What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process.  Dan asked me to update our research on this issue and, as a byproduct, I have produced […]


Unless You Are Based in Europe

By Dan Hadaway - Last updated: Sunday, May 27, 2018

Some businesses are attempting to capitalize on confusion over just who the GDPR applies to… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Several Clients have emailed a question to me this week (one even picked up that thing called a telephone, and called […]


2019 OBL IT Forum for Community Bankers

By Vigilize - Last updated: Wednesday, April 11, 2018

OBL IT FORUM – 09/26/19 Please know that the boilerplates we provide as part of our speaking engagements are mere starting points and cybersecurity professionals should audit your final customized version prior to your considering them “sufficient.” Also, see our “Transfer of Copyright Agreement” located here. We hope you find these free tools useful. Please […]