About Us | Contact Us
View Cart
Archive for 'Controls' Category

Tactics Behind CareFirst Hack

By Vigilize - Last updated: Thursday, May 28, 2015

An article review. Taking a turn at the breach steering wheel In May 2014, CareFirst BlueCross BlueShield learned that one of their information systems had been infected with malware, so they got rid of it. Or so they thought. The malware was never fully eradicated, leading to a substantial hacking incident a few weeks later. […]


The Password Manifesto Revisited

By Dan Hadaway - Last updated: Tuesday, May 19, 2015

Dan’s reminding us that the manifesto, Sometimes Say Never, has the word “sometimes” in it.


Over Sensationalized Internet Security Marketing

By Vigilize - Last updated: Monday, April 27, 2015

An article review. Beware of buzzwords Our friend and associate Joe Cychosz sent us this article a few days ago, and we thought it was worth sharing. This brief article highlights an alarming trend within the InfoSec world, where security vendors are hyping and spinning their offerings to the point of untruth! Now this may […]


Awareness Is Not a Verb!

By Dan Hadaway - Last updated: Wednesday, March 11, 2015

But “test” is an action verb! and your approach could “Turn Awareness Inward.” Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . “With all we have going on, our auditors are not letting us abandon the Awareness Training Thing.  They aren’t treating it as a “one-off.”  We […]


The Adoption of Information Security

By Dan Hadaway - Last updated: Tuesday, February 17, 2015

Should we see Information Security as a normal technology adoption and, if so, do we want to be laggards if we’re in an unregulated industry?


Awareness Poster: Don’t be Conned!

By Vigilize - Last updated: Thursday, August 28, 2014

Here’s an awareness poster directed at your CUSTOMERS, rather than your users!


Coming Soon: The Windows 8 Replacement

By Vigilize - Last updated: Tuesday, August 19, 2014

Hopefully you weren’t caught in the recent Microsoft Update Fiasco! Those of us who wait a while before installing Windows Updates, and who have Windows 8, are breathing a sigh of relief that the control, once considered critical, protected us. And if you are like the many who have waived the control in the name […]


What should we focus our 2014 Audit Plan upon?

By Dan Hadaway - Last updated: Sunday, November 17, 2013

Risk Based Auditing!   I am often asked, especially at the end of a year, what should we be focusing our next audit plan upon? My answer:  Focus your auditing on testing YOUR controls that mitigate the most risk in YOUR environment.  Don’t bother testing controls which do not mitigate risk.  Other than compliance risk*, […]


A Simplified Approach to Vendor Management

By Dan Hadaway - Last updated: Thursday, October 10, 2013

For those of you who are wanting to come into lightening-speed compliance with Section 164.308(b)(1) of the HIPAA Security Ruling, start telling your vendors that they need to revise their agreements to include the following.


Authenticating Callers

By Vigilize - Last updated: Monday, February 25, 2013

The art of “out-of-wallet” questions! When somebody calls wanting information that is sensitive (such as social security numbers, account numbers, account balances, the names of applications on our network, names of personnel, etc.), we must “authenticate” them prior to giving out information.  “Pretext calling” is a rising attack vector used in both orchestrated attacks by professionals […]