In the cybersecurity world, there are acronyms for everything from certifications, tools, compliance requirements, and agencies. Today, we continue exploring the various agencies that exist and what they offer to the cybersecurity world with a deep dive on the Federal Financial Institutions Examination Council or “FFIEC“. FFIEC History The FFIEC was established on March 10, […]
One of the most common tests we perform for clients is an internal penetration test, designed to explore the vulnerabilities across a company’s internal networks. This testing emulates what an attacker that gained an initial foothold on the network could do or what kind of problems a malicious insider could cause, to put it briefly. […]
The Gramm-Leach-Bliley Act or GLBA is also known as the Financial Modernization Act of 1999. The GLBA requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of consumer’s financial information. As part of its implementation of the GLBA, the Federal Trade Commission (FTC) issued the Safeguards Rule, which requires […]
Today, we look at 2 dangers of shared accounts. Many compliance requirements, for example PCI DSS, require users to have unique accounts and prohibits the use of shared accounts. However, rather than blindly complying with the requirement, let’s take a look at why this is important. First, shared accounts have shared passwords. In other words, […]
In today’s blog, we are going to take a look at a key concept in information security: nonrepudiation. Simply put, nonrepudiation is the assurance that someone cannot deny an action they took. This can apply to an email, for example. If the sender sends the message with a digital signature, this proves that the sender […]
Measuring the effectiveness of a penetration test is tough. Everyone has a different method to determine if a penetration test was “effective”. We recently completed an assessment for a client that came back with over 100 vulnerabilities. They had the exact same penetration test performed the prior year by a different firm and had less […]
