1 min read
Regulators Becoming More Prescriptive
Recently, the New York Department of Financial Services (“DFS”) released a proposed update to its 2017 “Cybersecurity Requirements for Financial...
Policy (2)
2 min read
The Risk Based Audit
We have a meeting every Monday morning to do a status update on each of the 40 financial institutions we serve as their virtual Information Security...
1 min read
Preparing for a Security Incident
The worst time to develop an Incident Response Plan for dealing with a security incident is during an actual incident. It’s not a matter of “if” but...
2 min read
MFA Enrollment Mistakes
Most financial institutions understand the importance of Multifactor Authentication (MFA) in keeping unauthorized parties from gaining access to user...
2 min read
Tricky Phish Testing
Phishing remains one of the top threats to organizations today. Every user regularly receives emails designed to trick them into clicking on a link,...
2 min read
Breaking the SMS Habit
Multifactor Authentication (MFA) is one of the most important controls to block account takeover fraud. There are many different forms of MFA...
2 min read
The Policy Labyrinth
You started with an Information Security Policy that covered the basics. Then one day an auditor walked in and asked to see your Data Destruction...
1 min read
Learning Not to Trust
Most of our IT infrastructures were built to trust. From the time users sign on in the morning until they log off at the end of the day, the network...
3 min read
Does your Change Management Process Need a Conversion?
We are seeing findings related to change management cropping up in several audit reports this year. Appropriately scoping change management can be...