Compliance

Microsoft Discontinues Support For SHA-1

Known to be vulnerable since 2005, the algorithm will be phased out over the next several months… An article review. Things can move slowly in the world of cryptography, and for evidence of that one needs to look no further than SHA-1–the hash algorithm introd...

Incident Response Boilerplate Update

We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incid...

New Metrics for a New Round of SOC Reviews

Just in time for the next round of SOC reviews, we’ve reviewed and updated our metrics… Well it’s that time of year again: the days are growing shorter, the leaves are changing color and your compliance officer is gathering up SOC reports for this year...

Succession Planning Governance

What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process.  Dan asked me to update our resea...

Unless You Are Based in Europe

Some businesses are attempting to capitalize on confusion over just who the GDPR applies to… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Several Clients have emailed a question to me this week (one even pick...

2019 OBL IT Forum for Community Bankers

OBL IT FORUM – 09/26/19 Please know that the boilerplates we provide as part of our speaking engagements are mere starting points and cybersecurity professionals should audit your final customized version prior to your considering them “sufficient.” Also,...

Firewall Log Retention: Beyond The Guidance

In the absence of specific guidance, organizations are left to use their judgement in retaining logs… Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Not long ago a Client asked for my input on their firewall lo...

The Top 3 Articles of 2018

The Top 3 Articles of 2018 2018 has now come to an end, but what a year it was for articles on the infotex blog! Not only did the “infotex writing team” published twenty-two article reviews, (thanks in large part to our Clients for sending them to us), but we a...

FERPA Does Not Require…*

Notification is not explicitly required following a breach, but… Recently we published a short piece on the Family Educational Rights and Privacy Act (FERPA) and how it factors in to your incident response program. While we were working on that piece, though, we came...

Imagine Having Your Audit Reports Published For All The World To See…

Following multiple security incidents, the FDIC has made their audit reports available to the public. An article review. Here in the private sector, we can sometimes take for granted the confidentiality agreements that restrict access to our audit reports and other complia...