Despite advances in automation, millions of additional people are still needed… An article review. If you follow cybersecurity news you’d be forgiven if you thought that humans were rapidly becoming obsolete: everywhere you turn there are articles extolling the virtues of automation and artificial intelligence for staying on top of all the threats facing your […]

Incident response testing is the stone that kills many birds… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Good morning.  It’s 5:00am on a weekend, and I’m preparing my talk for the Cybersecurity Conference this week. While the talk is only supposed to be […]

In a change for the Agency, the new directorate will have a defensive focus… An article review. Over the last few years, we’ve seen a cat and mouse game between hackers and the good guys: from potential foreign influence in elections to the establishment of the US “Cyber Command” and, of course, the steady announcement […]

We rely on them to keep our systems safe, but who is protecting the security researchers? An article review. Over the past few decades there have been a number of laws and regulations enacted with the goal of improving computer security, but due to the way many of them have been written they could be […]

We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]

The FDIC has released new training material to help small banks start a discussion on risk… An article review. Sometimes it can be difficult to find a starting point when getting your employees discussing risk and technology, and while we do provide our own resources on the subject we wanted to pass along another resource […]

A new study has identified the most profitable malware, showing just how much unprepared businesses have paid. An article review. Despite pleas from various experts and authorities, it looks like a significant number of organizations ultimately decide to pay the criminal organizations who have held their data hostage. That’s something that many people have probably […]

Risk isn’t the only thing to consider when planning a decision tree. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . During tuning, we’re sometimes asked, as we help our MSSP Clients establish a detailed decision tree (modify our default to their own situation), “are […]

In the absence of specific guidance, organizations are left to use their judgement in retaining logs… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Not long ago a Client asked for my input on their firewall log policy, as they were collecting logs but […]

Object Access Limitations. . . While offering some visibility, there are limitations to object access monitoring. If your organization has to comply with industry regulations such as GLBA, HIPAA, or Sarbanes Oxley, you know that maintaining data security and privacy are important, and one of the ways you can accomplish that is with object access […]