Archive for 'Asset Management' Category
What’s In A Name?
By Dan Hadaway - Last updated: Saturday, April 15, 2023
A trick I learned in the ’80’s . . . Probably saved me . . . and the teams I served . . . thousands of hours! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Naming goals and projects is a basic practice that […]
The Four Basic Truths of System Security
By Dan Hadaway - Last updated: Sunday, January 1, 2023
System Security and Cybersecurity are not the same thing. . . Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Regarding “information security,” the last thirty years have seen an evolution of frameworks, laws, and assessment approaches which intimidate the management team with their complexity. […]
The Changing IT Landscape and Endpoint Detection and Response (EDR)
By Steven Jakubin - Last updated: Monday, May 9, 2022
Threats are changing, EDR can help us adapt . . . Today’s advanced persistent threat (APT) understands that the IT landscape has changed. In the post-COVID age, more and more organizations have adopted some form of work from home. While WFH offers many conveniences, it also imparts increased risks. BitSight conducted a 2021 study of […]
Managing Software Supply Chain Risk
By Steven Jakubin - Last updated: Monday, April 25, 2022
Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates. New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
The AIO’s Impact on Technology Planning Movie
By Bryan Bonnell - Last updated: Monday, December 6, 2021
Dan is joined by a Panel to discuss the FFIEC’s New AIO Guidance and how it may impact Technology Planning in the future.
Zeroing in on VPN Security
By Tanvee Dhir - Last updated: Monday, November 1, 2021
Has the security effectiveness of VPNs passed? Another Technical Article by Tanvee Dhir! Why under scrutiny? VPNs (Virtual Private Networks) have been a cardinal piece for secure internet browsing for decades. They offer a secure and encrypted tunnel to transfer your data over the network whether in a home or an enterprise environment. Different vendors […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
A Network is a Network . . . NOT!
By Dan Hadaway - Last updated: Monday, August 23, 2021
Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks. We […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
A trick I learned in the ’80’s . . . Probably saved me . . . and the teams I served . . . thousands of hours! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Naming goals and projects is a basic practice that […]
System Security and Cybersecurity are not the same thing. . . Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Regarding “information security,” the last thirty years have seen an evolution of frameworks, laws, and assessment approaches which intimidate the management team with their complexity. […]
The Changing IT Landscape and Endpoint Detection and Response (EDR)
By Steven Jakubin - Last updated: Monday, May 9, 2022
Threats are changing, EDR can help us adapt . . . Today’s advanced persistent threat (APT) understands that the IT landscape has changed. In the post-COVID age, more and more organizations have adopted some form of work from home. While WFH offers many conveniences, it also imparts increased risks. BitSight conducted a 2021 study of […]
Managing Software Supply Chain Risk
By Steven Jakubin - Last updated: Monday, April 25, 2022
Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates. New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
The AIO’s Impact on Technology Planning Movie
By Bryan Bonnell - Last updated: Monday, December 6, 2021
Dan is joined by a Panel to discuss the FFIEC’s New AIO Guidance and how it may impact Technology Planning in the future.
Zeroing in on VPN Security
By Tanvee Dhir - Last updated: Monday, November 1, 2021
Has the security effectiveness of VPNs passed? Another Technical Article by Tanvee Dhir! Why under scrutiny? VPNs (Virtual Private Networks) have been a cardinal piece for secure internet browsing for decades. They offer a secure and encrypted tunnel to transfer your data over the network whether in a home or an enterprise environment. Different vendors […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
A Network is a Network . . . NOT!
By Dan Hadaway - Last updated: Monday, August 23, 2021
Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks. We […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Threats are changing, EDR can help us adapt . . . Today’s advanced persistent threat (APT) understands that the IT landscape has changed. In the post-COVID age, more and more organizations have adopted some form of work from home. While WFH offers many conveniences, it also imparts increased risks. BitSight conducted a 2021 study of […]
Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates. New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
The AIO’s Impact on Technology Planning Movie
By Bryan Bonnell - Last updated: Monday, December 6, 2021
Dan is joined by a Panel to discuss the FFIEC’s New AIO Guidance and how it may impact Technology Planning in the future.
Zeroing in on VPN Security
By Tanvee Dhir - Last updated: Monday, November 1, 2021
Has the security effectiveness of VPNs passed? Another Technical Article by Tanvee Dhir! Why under scrutiny? VPNs (Virtual Private Networks) have been a cardinal piece for secure internet browsing for decades. They offer a secure and encrypted tunnel to transfer your data over the network whether in a home or an enterprise environment. Different vendors […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
A Network is a Network . . . NOT!
By Dan Hadaway - Last updated: Monday, August 23, 2021
Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks. We […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Dan is joined by a Panel to discuss the FFIEC’s New AIO Guidance and how it may impact Technology Planning in the future.
Has the security effectiveness of VPNs passed? Another Technical Article by Tanvee Dhir! Why under scrutiny? VPNs (Virtual Private Networks) have been a cardinal piece for secure internet browsing for decades. They offer a secure and encrypted tunnel to transfer your data over the network whether in a home or an enterprise environment. Different vendors […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
A Network is a Network . . . NOT!
By Dan Hadaway - Last updated: Monday, August 23, 2021
Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks. We […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks. We […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
