Archive for 'Controls' Category
Sorting your data . . . . “It’s not as much about what to protect as it is about what hoops to jump through to protect it.” Sound IT Governance eventually includes developing a Data Inventory, and one of the factors to consider in such an inventory is Data Classification. In a typical organization, […]
In trying to keep up with notifications of threats and vulnerabilities, patches, articles and other issues related to information security, I am a little late in getting this out. But, for those of you who are busy with your compliance duties and haven’t noticed….
The FFIEC issued a press release announcing the release of the revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual.
According to the Federal Financial Institutions Examination Council (FFIEC), financial institutions need appropriate disposal procedures for electronic media. That should include copiers. And, it should include organizations outside of the financial industry. Why? A CBS news investigation found that the hard drives of four digital copy machines purchased second hand at a New Jersey warehouse contained treasure troves of personally identifiable information.
On April 19, 2010 Open Web Application Security Project (OWASP) released the final version of the OWASP Top 10 for 2010. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
This article reviews two articles and asks you to digg the articles! Digg it?
In today’s technology oriented environment, many organizations send and receive important documents via facsimile. As such, we suggest that you require that your users follow a few guidelines.
When you get ready to upgrade your risk assessment this year, think of where information goes not only by looking around, but by walking around as well! My friend Joe found an article that illustrates how peripheral assets can make confidential data available to bad guys. This article would be good reading material to kick off the asset-identification process with your management team!
Microsoft (Yup, of all people, Microsoft) has made a few Security Awareness posters available. They’re quite good. If you’re looking for something to post by the water-cooler, these are great candidates.
A German computer engineer, Karsten Nohl, has deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls.
This is a manifesto decrying password aging as a checklist control, that I wrote for Hoosier Banker Magazine last spring, entitled “Sometimes Say Never”. I’m posting it because I just had to change my password, a client e-mailed me several links about passwords, and one of my employees just e-mailed a link about passwords. – Dan