Archive for 'Kits' Category
The 12/11/2013 social media guidance has some weaknesses. The good news: the infotex response kit will be designed to address them!
In order to understand the power of the three layers of security required by the June 2011 Supplement to the FFIEC’s 2005 Guidance on Authentication in an Internet Banking Environment, it is helpful to understand just how a corporate account takeover (CAT) attack works. Nowadays, criminals can purchase applications that are designed to attack American […]
According to the Federal Financial Institutions Examination Council’s (FFIEC), a financial institution’s customer awareness and educational efforts should address both retail and commercial account holders and, at a minimum, include the following elements: An explanation of protections provided and not provided to account holders relative to electronic funds transfers under Regulation E, and a related […]
As the “compliance burden” continues to rise, we may sometimes wonder whether information security regulations are worth the effort. This is a story of how the FFIEC got it right. A Short History Lesson For many in banking, this story may appear to have started in June of 2011, when the FFIEC released what we […]
Coming Soon! Sorry, we’re still reviewing the kit. The guidance has a lot of detail, and we’re wanting to be sure we get it right. Social Media Guidance Kit Current estimated release date: 03/21/14 with the Indiana Banker’s Association Workshop. If you’d like to be informed when we have finished development, feel free to email […]
Quick and Easy Due Diligence Checklist! Our most popular tool! What should you look for when you review a SOC2 report? What if you get a SOC1 or SOC3 instead? What type of paper trail should you leave, demonstrating an adequate review? How do you track that all appropriate stakeholders have processed their part of […]
Dan and Sean expanded a research report for a Client to benefit us all! This article includes a comparison of MDM vendors as well as advice in developing technical controls for portable devices!
Just when you think progress is being made in educating employees about BYOD security vulnerabilities, another survey releases results like this: In a 400 person survey of office workers, 47% said they do not use a password on their mobile phone.
Experts say that the international takedown that resulted in 24 arrests for credit card fraud illustrates problems inherent in the Payment Card Industry Data Security Standard (PCI DSS).
Using mobile devices in the workforce has grown in popularity. However, some organizations haven’t jumped to purchasing those devices. Some employees, either out of need or convenience, have used an alternate route in that they bring their own device (BYOD) to work. This brings up some security concerns. To address this, AT&T says it has the answer for corporations that want to let employees access work applications from personal phones without becoming a security threat.