Controls

FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ

Questions from vendor management to mitigating controls covered in the new document. An article review.   The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and...
READ MORE

Alarming Recurring Finding

“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and the...
READ MORE

Tactics Behind CareFirst Hack

An article review. Taking a turn at the breach steering wheel In May 2014, CareFirst BlueCross BlueShield learned that one of their information systems had been infected with malware, so they got rid of it. Or so they thought. The malware was never fully eradicated, le...
READ MORE

The Password Manifesto Revisited

Password aging should be retired, usually . . . There is never 100%, even in manifestos! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So several years back I became known as the auditor who had the audacity to p...
READ MORE

Over Sensationalized Internet Security Marketing

An article review. Beware of buzzwords Our friend and associate Joe Cychosz sent us this article a few days ago, and we thought it was worth sharing. This brief article highlights an alarming trend within the InfoSec world, where security vendors are hyping and spinnin...
READ MORE

Awareness Is Not a Verb!

But “test” is an action verb! and your approach could “Turn Awareness Inward.” Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . “With all we have going on, our auditors are not letting u...
READ MORE

The Adoption of Information Security

and the Advent of “Partial Compliance” . . . How do you decide where to start if you are NOT in a regulated industry? Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have been having more than one int...
READ MORE

Awareness Poster: Don’t be Conned!

Here’s an awareness poster for YOUR customers.  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Don’t let schools be the next victim in this cyber war. Boost information security to help mitigate the risk o...
READ MORE

Coming Soon: The Windows 8 Replacement

Hopefully you weren’t caught in the recent Microsoft Update Fiasco! Those of us who wait a while before installing Windows Updates, and who have Windows 8, are breathing a sigh of relief that the control, once considered critical, protected us. And if you are like ...
READ MORE

What should we focus our 2014 Audit Plan upon?

Risk Based Auditing!   I am often asked, especially at the end of a year, what should we be focusing our next audit plan upon? My answer:  Focus your auditing on testing YOUR controls that mitigate the most risk in YOUR environment.  Don’t bother testing controls whi...
READ MORE

CATEGORIES

infotex

MANAGING TECHNOLOGY RISK

Linkedin-in Facebook-f Youtube Twitter

SERVICES

EDUCATION

COMPANY

CONTACT

SIGN UP FOR OUR BLOG

As part of infotex‘s service to our clients, find “non-mainstream” articles about relevant security issues.

Facebook Youtube Twitter