Technical Security Standards

In-Memory Malware Hitting Banks Across The Globe

Residing almost entirely in memory, these new attacks are much harder to combat An article review. Our friend Wes Pollard at Home Bank turned us on to this story from Ars Technica about a rash of new malware attacks with a new twist: they reside almost entirely in a compu...

The TSP: An Important Consideration

Something to look at when choosing your next service provider. . . A short Jolley | Hadaway article In our due diligence packet prospects and clients eventful tax will discover that we are proud to be part of a program that is called the FFIEC’s Technology Service Provide...

Alarming Recurring Finding

“Mal-Configured Secure E-Mail . . .” A new risk arises as Secure Messaging Enters the Late-Majority Adoption Phase! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So we’re auditing a bank and they s...

Getting Started on Cybersecurity

Process Flow for Institutions . . . and why Dan loves the Cybersecurity Assessment Tool! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Real quick:  What should you do to get started on understanding the new Cybersec...

Ultrasonic Technology Takes Fingerprint Security to the Next Level

Mobile devices getting a boost in security with ultrasonic 3D fingerprint scanner. A new 3D imaging technique of fingerprint scanning, using an ultrasonic sensor, has researchers excited about the prospects of “smartphone security” to another level. We’ve never been enthusia...

Segregation Not!

80% of Network Engineers Involved in Security . . . One fourth of them spend 10-20 hours per week investigating information security issues! While you may need to sacrifice your e-mail address to download the report, this State of the Network study by Network Instruments ...

Over Sensationalized Internet Security Marketing

An article review. Beware of buzzwords Our friend and associate Joe Cychosz sent us this article a few days ago, and we thought it was worth sharing. This brief article highlights an alarming trend within the InfoSec world, where security vendors are hyping and spinning t...

Survey Finds Most Firms Would Take Hours to Detect Breach

An article review. You have to detect the breach first Many companies have plans for when a breach occurs. After all, there is no such thing as 100% security. As Dan Hadaway will highlight in his upcoming “Turning Lemons into Lemonade with Incident Response” w...

Two New Statements, One Read!

Are they worth the read? Yes, but you only have to read the first one! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Note:  If you haven’t figured it out, on 03/30/15 the FFIEC posted two new “statements....

Windows Susceptible to FREAK Attack After All

An article review. Microsoft admits that Internet Explorer is vulnerable to HTTPS hack Earlier this month, Microsoft announced that any Windows computer running any version of Internet Explorer is vulnerable to a FREAK attack. Now the FREAK vulnerability has been around f...