About Us | Contact Us
View Cart
Archive for 'Compliance' Category

Information Overload 2017

By Dan Hadaway - Last updated: Wednesday, November 23, 2016

2017 – Ten Guidance Releases and the Solution . . . A sidebar from our 2017 M-7 Article! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . We felt our M-7 article should inventory the new guidance you’ll need to get your arms around in 2017.  However, when […]


FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ

By Vigilize - Last updated: Wednesday, October 26, 2016

Questions from vendor management to mitigating controls covered in the new document. An article review.   The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and it’s certainly worth taking a look at as many of their answers are eye-opening! Many have wondered […]


When Ransomware Hits, Concerns Go Beyond Payment

By Jolley | Hadaway - Last updated: Friday, August 26, 2016

Without further investigation, there’s no guarantee that data was merely encrypted… When ransomware strikes it’s likely many organizations will focus on whether the encryption used can be broken, and whether it makes more sense to simply pay to unlock the affected machines. While concerns about payment are likely the most pressing concern that you will […]


The Midwest Interagency Regulator Conference

By Dan Hadaway - Last updated: Thursday, November 19, 2015

and my panel experience . . . and the one question that had me stumped, until . . . .  Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So, if you watch our Facebook page, you’d see that one of the many reasons I’ve been […]


Wisdom and Advice for Incident Response Testing

By Dan Hadaway - Last updated: Thursday, June 25, 2015

Testing Reduced to Two Bullet Lists! How to make sure your Incident Response Tests are “amenable” to your auditors! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .   One of my favorite Clients is preparing for his or her (when she gave me permission […]


The Password Manifesto Revisited

By Dan Hadaway - Last updated: Tuesday, May 19, 2015

Dan’s reminding us that the manifesto, Sometimes Say Never, has the word “sometimes” in it.


Mark Your Calendars!

By Vigilize - Last updated: Tuesday, March 17, 2015

Another stop in the IT Governance Tour! . . . An Indiana Bankers’ Association Workshop! Incident Response Management: The new NIST Cyber Security Framework is heavy on Incident Response.  Executives are starting to talk like “it’s not a matter of if, it’s a matter of when.” When we choose “accept” as a risk response decision, we rely […]


The Adoption of Information Security

By Dan Hadaway - Last updated: Tuesday, February 17, 2015

Should we see Information Security as a normal technology adoption and, if so, do we want to be laggards if we’re in an unregulated industry?


SOS Indiana Advisory

By Dan Hadaway - Last updated: Wednesday, January 28, 2015

And now that we are all paying attention . . . A great example of Awareness Activation! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . When we finally release our annual “trend article” . . . .  and we’re sorry it’s taking so long but […]


School Compliance Frameworks

By Dan Hadaway - Last updated: Tuesday, September 16, 2014

Where should you start?  How about choosing a framework? If the Risk Assessment Answer Isn’t Enough! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I’ve been asked to give a talk to school corporations about Information Security, as in “why should we be concerned, […]