About Us | Contact Us
View Cart
Archive for 'Controls' Category

Data Classification Policy

By Dan Hadaway - Last updated: Monday, August 30, 2010

Sorting your data . . . . “It’s not as much about what to protect as it is about what hoops to jump through to protect it.”   Sound IT Governance eventually includes developing a Data Inventory, and one of the factors to consider in such an inventory is Data Classification.  In a typical organization, […]

FFIEC Issues Revised BSA/AML Examination Manual

By Vigilize - Last updated: Monday, May 24, 2010

In trying to keep up with notifications of threats and vulnerabilities, patches, articles and other issues related to information security, I am a little late in getting this out. But, for those of you who are busy with your compliance duties and haven’t noticed….

The FFIEC issued a press release announcing the release of the revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual.

Discarded Copiers Hold Sensitive Data

By Vigilize - Last updated: Tuesday, April 27, 2010

According to the Federal Financial Institutions Examination Council (FFIEC), financial institutions need appropriate disposal procedures for electronic media. That should include copiers. And, it should include organizations outside of the financial industry. Why? A CBS news investigation found that the hard drives of four digital copy machines purchased second hand at a New Jersey warehouse contained treasure troves of personally identifiable information.

OWASP Issues Top 10 Web Application Security Risks List

By Vigilize - Last updated: Wednesday, April 21, 2010

On April 19, 2010 Open Web Application Security Project (OWASP) released the final version of the OWASP Top 10 for 2010. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.

Let’s start a movement!

By Dan Hadaway - Last updated: Wednesday, April 14, 2010

This article reviews two articles and asks you to digg the articles! Digg it?

The User Level: Facsimiles!

By Vigilize - Last updated: Thursday, March 25, 2010

In today’s technology oriented environment, many organizations send and receive important documents via facsimile. As such, we suggest that you require that your users follow a few guidelines.

Read the Full Article

An asset for your list!

By Dan Hadaway - Last updated: Tuesday, March 23, 2010

When you get ready to upgrade your risk assessment this year, think of where information goes not only by looking around, but by walking around as well! My friend Joe found an article that illustrates how peripheral assets can make confidential data available to bad guys. This article would be good reading material to kick off the asset-identification process with your management team!

Read the Full Article

Free Security Awareness Posters

By Dan Hadaway - Last updated: Tuesday, March 9, 2010

Microsoft (Yup, of all people, Microsoft) has made a few Security Awareness posters available. They’re quite good. If you’re looking for something to post by the water-cooler, these are great candidates.

Read the Full Article

GSM Encryption Broken

By Dan Hadaway - Last updated: Wednesday, December 30, 2009

A German computer engineer, Karsten Nohl, has deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls.

Read the Full Article

Sometimes Say Never: A Manifesto!

By Dan Hadaway - Last updated: Monday, November 2, 2009

This is a manifesto decrying password aging as a checklist control, that I wrote for Hoosier Banker Magazine last spring, entitled “Sometimes Say Never”. I’m posting it because I just had to change my password, a client e-mailed me several links about passwords, and one of my employees just e-mailed a link about passwords. – Dan

Read the Full Article