General: (800) 466-9939

Controls

Manifesto: Time to Revolutionize our E-banking Policies

I’m in the midst of writing an article about Wireless Banking.  I’m actually working two articles: one about the Top Five Risks of Wireless Banking, the other a drill-down on the Compliance Risks of Wireless Banking.  In the process, I’m reviewing a few E-b...
READ MORE

Actions in Response to RSA Cyber Intrusion

An Information Assurance Advisory (IAA-003-2011) has been issued by the National Security Agency concerning recommended actions for SecurID users in response to the RSA cyber intrusion. This advisory provides guidance on: The use of SecurID hard tokens and soft tokens For...
READ MORE

Data Inventory

Do you know where your data is? went? A good incident response plan puts the finishing touch on an IT Governance Program. Where are the boundaries of what you used to call your “network?”   Though not the first priority in developing a sound IT Governance Progra...
READ MORE

Data Classification Policy

Sorting your data . . . . Data Classification is a Proactive Control. “It’s not as much about what to protect as it is about what hoops to jump through to protect it.”   Sound IT Governance eventually includes developing a Data Inventory, and one of the fa...
READ MORE

FFIEC Issues Revised BSA/AML Examination Manual

In trying to keep up with notifications of threats and vulnerabilities, patches, articles and other issues related to information security, I am a little late in getting this out. But, for those of you who are busy with your compliance duties and haven’t noticed…...
READ MORE

Discarded Copiers Hold Sensitive Data

According to the Federal Financial Institutions Examination Council (FFIEC), financial institutions need appropriate disposal procedures for electronic media. That should include copiers. And, it should include organizations outside of the financial industry. Why? A CBS news...
READ MORE

OWASP Issues Top 10 Web Application Security Risks List

On April 19, 2010 Open Web Application Security Project (OWASP) released the final version of the OWASP Top 10 for 2010. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. The OWASP Top 10 Web Application Security ...
READ MORE

Let’s start a movement!

In spring 2009 I published an article in the Hoosier Banker magazine. The article, entitled “Sometimes Say Never,” was a slightly humorous “manifesto” about the illusion of password aging as a control. The issue seems to be rising again.  It came up i...
READ MORE

The User Level: Facsimiles!

In today’s technology oriented environment, many organizations send and receive important documents via facsimile. As such, we suggest that you require that your users follow a few guidelines. Management or supervisor authorization should be required prior to the transmiss...
READ MORE

An asset for your list!

As information flows through our lives, it goes through (and can be copied to) many vulnerable places. This year, when we ramp up that risk assessment, let’s go beyond the normal checklists we’ve all been using. A formal process of walking through our day, payi...
READ MORE

CATEGORIES

General: (800) 466-9939

Facebook Youtube X-twitter

General: (800) 466-9939

Facebook Youtube X-twitter

General: (800) 466-9939

Facebook Youtube X-twitter