About Us | Contact Us
View Cart


By Vigilize | Sunday, January 1, 2012 - Leave a Comment

Any topic you’d like us to present?

Let us know!

Join us in Education and Awareness!
We have always subscribed to the philosophy that the best mitigating control is Awareness.  Our talks and workshops are all designed to increase your awareness of the various topics we speak about, and yet they are also a great tool to get you started on implementing a particular “control.”  Meanwhile, we also provide great tools as a part of our sessions . . . boilerplates, links to resources, policies, procedures, etc.

Let us know if there are any topics that you need to learn about!

One Hour Talks:  

Contact us for more information about the following talks, designed to be between 60 and 90 minutes long (depending upon your itinerary):

  • A Flood Comes One Drop at a Time:  Combating fraud with ongoing security awareness training.
  • Avoiding the PC Time Warp:  Being more effective with e-mail, web surfing, and social media.
  • Board Awareness Training:  Board responsibilities, as they relate to Information Technology Governance, as delineated in the FFIEC guidelines.
  • Compliance Officers Are From Venus, IT Folks From Mars:  A talk about the need for compliance officers to be on the IT steering committee!
  • Creating a Branchless Banking Program:  The need to create a new IT Governance Program to address all “branchless banking assets” including mobile devices, Internet banking, mobile banking, etc.
  • Customer Awareness Training:  Establishing a customer awareness strategy that works!
  • Down and Dirty Vendor Management:  What you need to do yesterday, today, and tomorrow.
  • Hack Attack Live:  Watch while a non-technical person hacks into a website.
  • Insider Theft:  We’ve all been aware of the numbers our entire career.  This talk dives down into real-life examples of how “trust” cannot be a control.
  • Internet Banking Review Basics:  Implementing an Information Security review as it pertains to e-banking, based on FFIEC guidelines.
  • Outside the Branch:  Next generation bank technologies.
  • Password Management:  Beyond enabling Microsoft’s rather weak enforcement capabilities, much must be done to properly manage authentication processes.
  • Redesigning Your IT Governance Program:  Seven simple but far-reaching tactics to creating an appropriate governance strategy for your organization.
  • Social Engineering in the Second Decade:  New tactics for testing user awareness, incident response, and your overall security awareness posture.
  • SOS – Student Online Safety:  What parents can do to increase the safety of their children while online.
  • The Business Case for Zitmo:  A talk about Zeus, Zitmo, organized Cybercrime rings, and what we can do to protect our organizations from them.
  • The Horse, then the Cart – Controlling Mobile Banking Risk:  The top five risks with Mobile Banking and how to avoid them.
  • Top Five Threats to Financial Institutions:  A rundown of the top five threats to financial institutions from in information security perspective.
  • Top Seven Non-Technical Audit Findings:  A Rundown of the top seven findings in our information technology audits.
  • Updating Your IT Strategy:  The five most important steps to ensuring that your annual strategy update is all-inclusive and yet unencumbered with unnecessary detail.
  • Using the infotex Boilerplate Set:  This youtube.com video comes free when you sign up for more then $500 worth of boilerplates per year.
  • What’s The Deal?:  Why vendor management is so important.
  • Women in Business and Banking:  The history and progress of women in business and banking.

Three Hour Seminars/Webinars:    

Contact us for more information about the following talks, designed to be three hours long and delivered over the Internet:

  • Customer Awareness Training:  Creating your customer awareness strategy and how to prioritize tactics.
  • Information Technology Strategy:  Creating a strategy and identifying tactics that will stand the test of time, audits, and user satisfaction.
  • Management Awareness Training:  The entire IT Governance Program presented to the Management Team.  This talk can be generic, based on FFIEC guidelines, or can be customized to your financial institution’s unique IT Governance Program.
  • Monitoring IT Risk:  Event Log Management, Security Event Information Management, Intrusion Prevention and Detection, Ongoing Technical and Non-technical controls Testing, Risk Monitoring, and Policy Enforcement.
  • Redesigning Your IT Governance Program:  Seven simple but far-reaching tactics to creating an appropriate governance strategy for your organization.
  • Technical Security Standards:  Creating documentation the management team needs, but will never understand.
  • The Branchless Banking Program:  How to create a new program that addresses everything from authentication risk assessments to wireless banking to mobile devices.
  • The Simple IT risk Management Process:  We’re sorry, a simplified risk assessment does not exist.  However, with a simple process, you’ll be able to apply the appropriate level of complexity to risk assessing.

Eight Hour Workshops:
The following workshops are designed to be customized to your financial institution and delivered directly to your management team.  We also provide these workshops at the Indiana Bankers association from time to time.

  • Customer Awareness Training:  The June 2011 Supplement to the 2005 Authentication Guidance finally put some teeth into the “good idea” of teaching our customers good information security practices.  Now we are required to create a strategy and implement a plan for increasing the awareness of our customers.  This workshop shows us how to create a customer awareness training strategy and illustrates ten tactics that work.
  • Everything Mobile Banking:  Finally, under one workshop, we present all mobile banking issues – everything from risk management to vendor management to marketing to customer awareness to incident response to helpdesk training.
  • Incident Response Planning:  We’ve finally brought our management team members into the reality that there is no such thing as 100% security.  Now what?  The best way to address the inevitable is to ensure that we have a good process in place for responding to the information security incident.
  • Monitoring IT Risk:  Event Log Management, Security Event Information Management, Intrusion Prevention and Detection, Ongoing Technical and Non-technical Controls Testing, Risk Monitoring, and Policy Enforcement.
  • Risk Management Program:Examiners have made it clear:  if your management team understands the risk exposure of information and technology to your bank, you are definitely heading in the right direction.  If risk is considered in all technology decision making, an effective IT risk management process has been implemented.The standards themselves call for a risk assessment of all information assets.  Beyond creating an inventory of assets, identifying threats and vulnerabilities, and assessing risk mitigation techniques, an effective risk management program puts the organization on guard in real time, in a manner that avoids threats and vulnerabilities as much as it mitigates the unavoidable risks or unpredictable problems.
  • Security Standards – Tweak the Geek Speak:  Management wants documentation, but they don’t understand what we are saying.  Meanwhile, we need documentation so we can remember what we did!  Add on top of that the fact that the FFIEC requires the establishment of a security baseline.  Specifically:  “Financial institutions should develop security control requirements for new systems, system revisions, or new system acquisitions.  Management will define the security control requirements based on their risk assessment process evaluating the value of the information at risk and the potential impact of unauthorized access or damage.”This workshop will help you with standard language starting points for documenting your network configuration standards, server and network device build-config standards, password management procedures, change control procedures, patch management procedures, remote access security procedures, server hardening procedures, and wireless security procedures.
  • Technology Compliance Training:Because Information Security is a team effort, awareness is the most important control.  Financial Institutions must maintain an appropriate Acceptable Use Policy and teach the concepts inherent in that policy.  The training should stress the threats and vulnerabilities financial institutions face, and help users understand their role in mitigating information security risk.  According to the FFIEC, authorized internal users should receive a copy of the [Acceptable Use] policy and appropriate training, and signify their understanding and agreement with the policy before management grants access to the system.
  • The Branchless Banking Program:  In 2000, seventy percent of transactions were initiated inside the financial institution.  Now, we’re headed to less than a third of transactions inside the branch.  The new paradigm creates a need for a new governance strategy.  One way to address this need is to create a whole new program outside of the existing IT governance programs.  This worksho9p will show you how to create a new program that addresses everything from authentication risk to wireless banking to mobile devices to ATM management.
  • The Information Technology Strategy:  Incorporating governance, risk management, and new technologies into one strategy writing process that identifies tactics to withstand the test of time, audits, and user satisfaction.
  • Vendor Management:Today’s financial institutions are relying heavily on vendor partners to perform tasks ranging from the mundane to handling critical processes and information, including nonpublic customer information.  With this growing trend comes increasingly stringent regulations governing the security of customer data.  And, according to the FFIEC, you are responsible for establishing and approving a risk-based policy to govern the vendor process.An effective vendor management program should provide the organizational framework for Management to identify, measure, monitor, and control the risks associated with vendor relationships.
Posted in Version, Workshops

Latest News
    You’ve heard it from every MSSP you’ve met: the definition of a SIEM is in the eye of the beholder. But at infotex, we are not talking about the database – an asset whose definition is continuously evolving. We’re talking about the way three teams collaborate in an overall Technology Risk Monitoring process. And whether […]
    A new study shows organizations are responding to cyber attacks faster than ever, so why is that bad news? An article review. When it comes to cyber attacks, the sooner an organization can begin to respond to an attack the better, so the results of a new study showing a drop in the amount of […]
    …a Crash Course of Security Measures The first article by Sara Fultz, Creative Assistant of infotex! Introduction: As the managing partner of infotex, I am proud to introduce the “debut article” for Sara Fultz.  I told Sara “write an article showing us what you’ve learned that the technical staff will appreciate.” As I read her […]
    infotex Programming Coordinator, Michael Hartke, introduces a high level overview of the upcoming update to the infotex SIEM. Look for more movies in the coming months informing our Clients, and those just now learning about us, about the SIEM and its features and functions.
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    As the investigation of the SolarWinds Hack was ongoing, another hack stole some of the limelight… This is the final update on the SolarWinds hack unless a major development comes to light. You can see the previous article here: “Autopsy of the SolarWinds Hack Update“. One of the largest cyber-espionage campaigns in the history of […]
    Employees working from home may find it more difficult to follow security policies… An article review. The surge in employees working from home during the pandemic created many headaches for IT departments around the world, many of whom had no telecommuting policies or procedures before the start… but what about the employees who had to […]
    A Webinar-Movie infotex presents the 2021 update of a previously released webinar presented by our Lead Non-Technical Auditor, Adam Reynolds. This movie-short is intended for those who are planning to participate in an infotex Incident Response Test. Not sure about the importance of an Incident Response Test? Check out onetest.infotex.com for more information! Please let […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS INFOTEX PROMOTES BRYAN BONNELL TO DIGITAL MEDIA MANAGER infotex, the Managed Security Service Provider, announced Bryan Bonnell’s promotion from Senior Data Security Analyst to Digital Media Manager.  “He will continue his normal DSA duties on a limited basis, because we want everybody to stay in touch with […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS RYAN HENSLER OF INFOTEX, EARNS CISSP CERTIFICATE Ryan Hensler, Senior NOC Associate of infotex, Inc., recently received the CISSP certification. “Ryan has proven himself to be a seasoned security professional both in his work for infotex and now through achieving this certification.” said Sean Waugh, Information Security Officer. […]