About Us | Contact Us
View Cart
Archive for 'MSSP' Category

My Take on the 36 Hour Rule

By Dan Hadaway - Last updated: Wednesday, March 9, 2022

It doesn’t cover us. . . . . . but we’ll agree to it anyway. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I thought I’d write a quick DNL about the new 36 hour rule.  It’s due in May, so I am not […]


How the New Rule Applies to infotex

By Adam Reynolds - Last updated: Monday, February 21, 2022

(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]


Truth In Disasters

By Dan Hadaway - Last updated: Monday, October 25, 2021

How Do We Know What We Know? Making Sure You Can Understand What Happened in an Incident. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Until I reclined on my front yard, looking at the sky, following the instructions on how not to look […]


What To Expect from an infotex Incident Response Tabletop Test Movie

By Vigilize - Last updated: Tuesday, April 6, 2021

A Webinar-Movie infotex presents the 2021 update of a previously released webinar presented by our Lead Non-Technical Auditor, Adam Reynolds. This movie-short is intended for those who are planning to participate in an infotex Incident Response Test. Not sure about the importance of an Incident Response Test? Check out onetest.infotex.com for more information! Please let […]


Incident Response Diagramming

By Vigilize - Last updated: Tuesday, April 21, 2020

Risk Versus Severity When In A Panic

By Dan Hadaway - Last updated: Monday, April 9, 2018

Risk isn’t the only thing to consider when planning a decision tree. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . During tuning, we’re sometimes asked, as we help our MSSP Clients establish a detailed decision tree (modify our default to their own situation), “are […]


Firewall Log Retention: Beyond The Guidance

By Dan Hadaway - Last updated: Monday, March 26, 2018

In the absence of specific guidance, organizations are left to use their judgement in retaining logs… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Not long ago a Client asked for my input on their firewall log policy, as they were collecting logs but […]


Object Access Limitations

By Matt Jolley - Last updated: Monday, March 5, 2018

Object Access Limitations. . . While offering some visibility, there are limitations to object access monitoring. If your organization has to comply with industry regulations such as GLBA, HIPAA, or Sarbanes Oxley, you know that maintaining data security and privacy are important, and one of the ways you can accomplish that is with object access […]