About Us | Contact Us
View Cart
Archive for 'Controls' Category

Four Risk Appetite Statements

By Dan Hadaway - Last updated: Thursday, June 6, 2019

Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . For all the same reasons a board of directors would want to establish a risk appetite statement on loan risk or other major risk categories, the 2015 Cybersecurity Assessment Tool gave us the ability to establish […]


Microsoft Considers Changing Password Guidance

By Vigilize - Last updated: Monday, April 29, 2019

Password expiration rules can create more problems than they solve… An article review. Passwords, it seems, are a lot like diets. They’re often necessary, but no one really wants to have to deal with them–and we’re always looking for the next trick to make the process easier. And just like there’s always a new diet […]


The Evolution of Phishing

By Vigilize - Last updated: Monday, April 22, 2019

As user awareness grows, criminals are changing their tactics… An article review. First, some good news: Users are becoming more aware of phishing attacks, especially high-ranking users such as executives. Unfortunately, the bad news is that criminals are aware of this and are adapting their strategies to target new groups. The new targets, according to […]


Risk Versus Severity When In A Panic

By Dan Hadaway - Last updated: Monday, April 9, 2018

Risk isn’t the only thing to consider when planning a decision tree. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . During tuning, we’re sometimes asked, as we help our MSSP Clients establish a detailed decision tree (modify our default to their own situation), “are […]


The Difference Between Patch and Vulnerability Management

By Vigilize - Last updated: Thursday, January 18, 2018

The first in our guest author series, this article by Eric Kroeger and Jason Mikolanis explains the difference between patch and vulnerability management.


Former NIST Official Regrets Issuing Password Guidance

By Vigilize - Last updated: Monday, August 21, 2017

Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose password security suggestions became the basis for many organization’s own standards now says he regrets writing the […]


Nine Years Later, NIST Agrees With Dan!

By Vigilize - Last updated: Friday, May 19, 2017

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine in 2008, where he spoke out against the “conventional wisdom” requiring frequent password changes, advocating instead other mitigating factors […]


Ransomware: Should You Pay or Should You Go?

By Jolley | Hadaway - Last updated: Wednesday, May 3, 2017

When it comes to paying a ransomware demand, there’s no one-size-fits-all policy…


FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ

By Vigilize - Last updated: Wednesday, October 26, 2016

Questions from vendor management to mitigating controls covered in the new document. An article review.   The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and it’s certainly worth taking a look at as many of their answers are eye-opening! Many have wondered […]


Alarming Recurring Finding

By Dan Hadaway - Last updated: Tuesday, March 8, 2016

“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and they send us files using their shiny new “Secure E-Mail System” and guess […]