About Us | Contact Us
View Cart
Archive for 'Compliance' Category

Incident Response Boilerplate Update

By Adam Reynolds - Last updated: Monday, October 15, 2018

We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]


New Metrics for a New Round of SOC Reviews

By Matt Jolley - Last updated: Monday, October 1, 2018

Just in time for the next round of SOC reviews, we’ve reviewed and updated our metrics… Well it’s that time of year again: the days are growing shorter, the leaves are changing color and your compliance officer is gathering up SOC reports for this year’s round of reviews! Here at infotex we’ve long maintained a […]


Succession Planning Governance

By Adam Reynolds - Last updated: Monday, August 27, 2018

What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process.  Dan asked me to update our research on this issue and, as a byproduct, I have produced […]


Unless You Are Based in Europe

By Dan Hadaway - Last updated: Sunday, May 27, 2018

Some businesses are attempting to capitalize on confusion over just who the GDPR applies to… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Several Clients have emailed a question to me this week (one even picked up that thing called a telephone, and called […]


Firewall Log Retention: Beyond The Guidance

By Dan Hadaway - Last updated: Monday, March 26, 2018

In the absence of specific guidance, organizations are left to use their judgement in retaining logs… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Not long ago a Client asked for my input on their firewall log policy, as they were collecting logs but […]


Imagine Having Your Audit Reports Published For All The World To See…

By Vigilize - Last updated: Friday, October 20, 2017

Following multiple security incidents, the FDIC has made their audit reports available to the public. An article review. Here in the private sector, we can sometimes take for granted the confidentiality agreements that restrict access to our audit reports and other compliance related information–but what if they were available to any interested parties? That’s exactly […]


Former NIST Official Regrets Issuing Password Guidance

By Vigilize - Last updated: Monday, August 21, 2017

Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose password security suggestions became the basis for many organization’s own standards now says he regrets writing the […]


What’s New in Incident Response

By Jolley | Hadaway - Last updated: Tuesday, July 11, 2017

As threats evolve, so must your plans to respond to them… A Jolley|Hadaway Article. There have been a number of changes to the threat landscape organizations face in recent years, and if your organization’s plans to respond to those threats haven’t changed with them you may be wondering how to get started. From ransomware to […]


Nine Years Later, NIST Agrees With Dan!

By Vigilize - Last updated: Friday, May 19, 2017

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he spoke out against the “conventional wisdom” requiring frequent password changes, advocating instead other mitigating factors […]


Ten Must-Reads For Information Security Awareness

By Vigilize - Last updated: Thursday, April 20, 2017

These titles should be on every professional’s list. An article review. If there’s one thing you can take away from the most recent installment of our annual T7 article, it’s that the threats we face when securing IT assets are a diverse and constantly evolving lot. That’s why staying current is one of the most […]