Compliance

Former NIST Official Regrets Issuing Password Guidance

Bill Burr admits security advice actually created more vulnerable passwords. An article review. If you’ve ever angrily questioned some seemingly arbitrary rule when creating a new password, there is some vindication for you: the former government official whose passw...

What’s New in Incident Response

As threats evolve, so must your plans to respond to them… A Jolley|Hadaway Article. There have been a number of changes to the threat landscape organizations face in recent years, and if your organization’s plans to respond to those threats haven’t change...

Nine Years Later, NIST Agrees With Dan!

For the sake of user comfort, new draft document calls for an end to mandatory password changes, and other requirements. An article review. Long-time readers may remember Dan’s Password Manifesto, originally published in the Hoosier Banker Magazine inĀ 2008, where he ...

Ten Must-Reads For Information Security Awareness

These titles should be on every professional’s list. An article review. If there’s one thing you can take away from the most recent installment of our annual T7 article, it’s that the threats we face when securing IT assets are a diverse and constantly e...

Four and Four – Questions to Simplify Vendor Management

Two sets of questions that can help start your vendor due diligence adventure. A quickĀ Dan’s New Leaf Post, meant to inspire thought about IT Governance . . . . When you’re just starting to address the issue of vendor management, it can seem like a daunting t...

Proposed Bill Would Make Cybersecurity Disclosure The Board’s Responsibility

The Cybersecurity Disclosure Act of 2017 Would Make The Board Report on Its Own Expertise An article review. For thoseĀ of you wondering if you should be adding a Cybersecurity expert to your board of directories, you may be getting out in advance of law. Ā We at infotexĀ ha...

New York to Impose New Cybersecurity Regulations

The controversial new regulations are the first in the nation, and may not be the last… An article review. On March 1 New York State became the first in the nation to impose its own cybersecurity regulations on banking institutions. Though banking institutions have ...

Financial Statement Review in Vendor Management

What are the expectations for Financial Statement Review? For banks and credit unions. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I’m often asked, “what should we be doing when it comes to financial st...

Digital Security Standard Compliance: Is It Enough?

While the credit card industry-backed program has good aspects, it should notĀ replace the SOC-2. With the number of different security standards–and ways to test those standards–out there, it can be difficult to stay on top of just what is required, compliance ...

Information Overload 2017

2017 – Ten Guidance Releases and the SolutionĀ . . . A sidebar fromĀ our 2017 M-7 Article! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . We felt our M-7Ā article should inventory the new guidance you’ll need to g...