Controls

Actions in Response to RSA Cyber Intrusion

An Information Assurance Advisory (IAA-003-2011) has been issued by the National Security Agency concerning recommended actions for SecurID users in response to the RSA cyber intrusion. This advisory provides guidance on: The use of SecurID hard tokens and soft tokens ...
READ MORE

Data Inventory

Do you know where your data is? went? A good incident response plan puts the finishing touch on an IT Governance Program. Where are the boundaries of what you used to call your “network?”   Though not the first priority in developing a sound IT Governance Pro...
READ MORE

Data Classification Policy

Sorting your data . . . . Data Classification is a Proactive Control. “It’s not as much about what to protect as it is about what hoops to jump through to protect it.”   Sound IT Governance eventually includes developing a Data Inventory, and one of the...
READ MORE

FFIEC Issues Revised BSA/AML Examination Manual

In trying to keep up with notifications of threats and vulnerabilities, patches, articles and other issues related to information security, I am a little late in getting this out. But, for those of you who are busy with your compliance duties and haven’t noticed...
READ MORE

Discarded Copiers Hold Sensitive Data

According to the Federal Financial Institutions Examination Council (FFIEC), financial institutions need appropriate disposal procedures for electronic media. That should include copiers. And, it should include organizations outside of the financial industry. Why? A CBS n...
READ MORE

OWASP Issues Top 10 Web Application Security Risks List

On April 19, 2010 Open Web Application Security Project (OWASP) released the final version of the OWASP Top 10 for 2010. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. The OWASP Top 10 Web Application Securi...
READ MORE

Let’s start a movement!

In spring 2009 I published an article in the Hoosier Banker magazine. The article, entitled “Sometimes Say Never,” was a slightly humorous “manifesto” about the illusion of password aging as a control. The issue seems to be rising again.  It came u...
READ MORE

The User Level: Facsimiles!

In today’s technology oriented environment, many organizations send and receive important documents via facsimile. As such, we suggest that you require that your users follow a few guidelines. Management or supervisor authorization should be required prior to the transm...
READ MORE

An asset for your list!

As information flows through our lives, it goes through (and can be copied to) many vulnerable places. This year, when we ramp up that risk assessment, let’s go beyond the normal checklists we’ve all been using. A formal process of walking through our day, p...
READ MORE

Free Security Awareness Posters

Microsoft (yup, of all people, Microsoft) has made a few Security Awareness posters available. They’re quite good. If you’re looking for something to post by the water-cooler, these are great candidates. Here is what is available: Internet Worm Crossing Do ...
READ MORE

CATEGORIES

infotex

MANAGING TECHNOLOGY RISK

Linkedin-in Facebook-f Youtube Twitter

SERVICES

EDUCATION

COMPANY

CONTACT

SIGN UP FOR OUR BLOG

As part of infotex‘s service to our clients, find “non-mainstream” articles about relevant security issues.

Facebook Youtube Twitter