About Us | Contact Us
View Cart
Archive for 'Compliance' Category

Wisdom and Advice for Incident Response Testing

By Dan Hadaway - Last updated: Thursday, June 25, 2015

Testing Reduced to Two Bullet Lists! How to make sure your Incident Response Tests are “amenable” to your auditors! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .   One of my favorite Clients is preparing for his or her (when she gave me permission […]


The Password Manifesto Revisited

By Dan Hadaway - Last updated: Tuesday, May 19, 2015

Dan’s reminding us that the manifesto, Sometimes Say Never, has the word “sometimes” in it.


Mark Your Calendars!

By Vigilize - Last updated: Tuesday, March 17, 2015

Another stop in the IT Governance Tour! . . . An Indiana Bankers’ Association Workshop! Incident Response Management: The new NIST Cyber Security Framework is heavy on Incident Response.  Executives are starting to talk like “it’s not a matter of if, it’s a matter of when.” When we choose “accept” as a risk response decision, we rely […]


The Adoption of Information Security

By Dan Hadaway - Last updated: Tuesday, February 17, 2015

Should we see Information Security as a normal technology adoption and, if so, do we want to be laggards if we’re in an unregulated industry?


SOS Indiana Advisory

By Dan Hadaway - Last updated: Wednesday, January 28, 2015

And now that we are all paying attention . . . A great example of Awareness Activation! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . When we finally release our annual “trend article” . . . .  and we’re sorry it’s taking so long but […]


School Compliance Frameworks

By Dan Hadaway - Last updated: Tuesday, September 16, 2014

Where should you start?  How about choosing a framework? If the Risk Assessment Answer Isn’t Enough! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I’ve been asked to give a talk to school corporations about Information Security, as in “why should we be concerned, […]


A Simplified Approach to Vendor Management

By Dan Hadaway - Last updated: Thursday, October 10, 2013

For those of you who are wanting to come into lightening-speed compliance with Section 164.308(b)(1) of the HIPAA Security Ruling, start telling your vendors that they need to revise their agreements to include the following.


Analysis of the FFIEC’s Statement on Cloud Computing

By Vigilize - Last updated: Tuesday, July 31, 2012

A quick analysis of the July 10th, 2012 “Statement on Cloud Computing” published by the FFIEC in their new “Reference Materials” section.


The case against Dan Hadaway!

By Dan Hadaway - Last updated: Monday, July 23, 2012

The latest Dan’s New Leaf is an article review of an article that directly contradicts Dan’s own philosophy!


FFIEC Statement on Outsourced Cloud Computing

By Vigilize - Last updated: Wednesday, July 11, 2012

The Federal Financial Institutions Examination Council (FFIEC) has issued a statement on outsourced cloud computing activities. The statement discusses key risk considerations associated with outsourced cloud computing activities and identifies applicable risk mitigation considerations.