Compliance

FFIEC Issues a Revealing Cybersecurity Assessment Tool FAQ

Questions from vendor management to mitigating controls covered in the new document. An article review.   The FFIEC released a document earlier this month covering some of the most frequently asked questions surrounding the Cybersecurity Assessment Tool (CAT), and it...

When Ransomware Hits, Concerns Go Beyond Payment

Without further investigation, there’s no guarantee that data was merely encrypted… When ransomware strikes it’s likely many organizations will focus on whether the encryption used can be broken, and whether it makes more sense to simply pay to unlock the ...

The Midwest Interagency Regulator Conference

and my panel experience . . . and the one question that had me stumped, until . . . .  Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So, if you watch our Facebook page, you’d see that one of the many reasons I...

Wisdom and Advice for Incident Response Testing

Testing Reduced to Two Bullet Lists! How to make sure your Incident Response Tests are “amenable” to your auditors! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .   One of my favorite Clients is prep...

The Password Manifesto Revisited

Password aging should be retired, usually . . . There is never 100%, even in manifestos! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So several years back I became known as the auditor who had the audacity to prop...

Mark Your Calendars!

Another stop in the IT Governance Tour! . . . An Indiana Bankers’ Association Workshop! Incident Response Management: The new NIST Cyber Security Framework is heavy on Incident Response.  Executives are starting to talk like “it’s not a matter of if, it’s a matter of...

The Adoption of Information Security

and the Advent of “Partial Compliance” . . . How do you decide where to start if you are NOT in a regulated industry? Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have been having more than one intere...

SOS Indiana Advisory

And now that we are all paying attention . . . A great example of Awareness Activation! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . When we finally release our annual “trend article” . . . .  and weR...

School Compliance Frameworks

Where should you start?  How about choosing a framework? If the Risk Assessment Answer Isn’t Enough! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I’ve been asked to give a talk to school corporations abo...

A Simplified Approach to Vendor Management

If we had to reduce all of vendor management down to two operations, we’d suggest a strong contract policy, and a sorting process. Business Associate Agreements Simplified For those of you who are wanting to come into lightening-speed compliance with Section 164.308(b...