Brian Petzold

2 min read

What is a Good Password Length?

Brian Petzold: Oct 13, 2023

We are often asked what length passwords should be. The answer that we give in general is that we would like user passwords to be at least 14 characters and complex, and that administrator passwords would ideally be at least 20 characters and...

Risk Passwords Email Risk Management
Read More

1 min read

Is Your M365 Conditional Access Unconditional?

Brian Petzold: Sep 1, 2023

As attackers are finding new ways to get around multifactor authentication in Microsoft 365, conditional access is becoming more important....

Policy Remote Access Banks Access Access & Authentication Access Reviews
Read More

3 min read

Helping Board Members Sleep at Night

Brian Petzold: Jul 14, 2023

Banks Board of Directors 3rd party Third-Party
Read More

2 min read

Reviewing the New Interagency Third-Party Risk Management Guidance

Brian Petzold: Jun 9, 2023

On June 6th, the Federal Reserve, FDIC, and OCC released new interagency guidance on third-party risk management. The new guidance, based on existing...

Regulation Vendor Management Banks Credit Unions 3rd party Third-Party OCC FDIC
Read More

2 min read

Blocking Outbound Communications

Brian Petzold: May 12, 2023

All organizations have (or should have) a firewall that blocks unexpected communications from the Internet to internal network hosts. But what about...

Controls Audit Email
Read More

2 min read

The FDIC InTREX Gets Audited

Brian Petzold: Feb 10, 2023

While the FFIEC has released three major guidance updates since July 2019, the FDIC has not updated its examination program to include the newer...

Policy Controls Governance FFIEC Access & Authentication Audit Exam GLBA
Read More

3 min read

Discussions Triggered from the LastPass Breach

Brian Petzold: Jan 6, 2023

Over the past month, many have written about the latest LastPass breach. If you have not kept up with the breach, you can see the disclosure from...

Risk Threats Controls Cloud Access MFA Access & Authentication Passwords
Read More

1 min read

Regulators Becoming More Prescriptive

Brian Petzold: Dec 9, 2022

Recently, the New York Department of Financial Services (“DFS”) released a proposed update to its 2017 “Cybersecurity Requirements for Financial...

Policy Information Security Program Regulation Risk Assessment NYCRR
Read More

2 min read

Self-Assessing Authentication & Access Risk

Brian Petzold: Nov 4, 2022

A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since...

Threats Information Security Program Regulation Risk Assessment CISO Services vCISO Virtual CISO Banks Credit Unions FFIEC Access Access & Authentication CISO as a service Audit 3rd party Third-Party Passwords Access Reviews
Read More

3 min read

What Is A Strong Password in 2022?

Brian Petzold: Sep 2, 2022

Risk Threats CISO Information Security Program Regulation Controls CISO Services vCISO Virtual CISO Outsourced CISO MFA In-house CISO Banks Board of Directors Access & Authentication CISO as a service Exam Passwords
Read More
Prev 1 2 3 4 5 Next