Brian Petzold

2 min read

Control Assessments Vs. Risk Assessments

Brian Petzold: Jul 19, 2024

When we first start working with new institutions, it is not unusual for us to see them struggling because they have focused their efforts on remediating controls that were found to be missing during a control assessment (NIST, CAT, ACET, RSAT,...

Risk Regulation Controls Risk Assessment Risk Management Control Assessment
Read More

2 min read

Is Ransomware Dying?

Brian Petzold: May 17, 2024

In December 2023 the US Justice Department announced that they had disrupted operations of ALPHV/Blackcat, a ransomware group that was responsible...

Risk Threats Ransomware Technology
Read More

2 min read

Consent Orders Put Focus on Third-Party Risk Management

Brian Petzold: Apr 12, 2024

There have been multiple consent orders issued recently which have made it clear that regulators are starting to enforce new third-party risk...

Risk Regulation 3rd party Third-Party Risk Management
Read More

3 min read

Best Practices to Ace Your Penetration Test

Brian Petzold: Mar 1, 2024

Every institution should have an internal penetration test performed annually. The goal of the penetration test is for the tester to try to gain...

Information Security Program Access Cybersecurity Penetration Test
Read More

2 min read

Adding Perspective to Tabletop Exercises

Brian Petzold: Dec 1, 2023

BIA/BCP Culture IT Cyber insurance Cybersecurity Communication Tabletop Test
Read More

2 min read

What is a Good Password Length?

Brian Petzold: Oct 13, 2023

We are often asked what length passwords should be. The answer that we give in general is that we would like user passwords to be at least 14...

Risk Passwords Email Risk Management
Read More

1 min read

Is Your M365 Conditional Access Unconditional?

Brian Petzold: Sep 1, 2023

As attackers are finding new ways to get around multifactor authentication in Microsoft 365, conditional access is becoming more important....

Policy Remote Access Banks Access Access & Authentication Access Reviews
Read More

3 min read

Helping Board Members Sleep at Night

Brian Petzold: Jul 14, 2023

Banks Board of Directors 3rd party Third-Party
Read More

2 min read

Reviewing the New Interagency Third-Party Risk Management Guidance

Brian Petzold: Jun 9, 2023

On June 6th, the Federal Reserve, FDIC, and OCC released new interagency guidance on third-party risk management. The new guidance, based on existing...

Regulation Vendor Management Banks Credit Unions 3rd party Third-Party OCC FDIC
Read More

2 min read

Blocking Outbound Communications

Brian Petzold: May 12, 2023

All organizations have (or should have) a firewall that blocks unexpected communications from the Internet to internal network hosts. But what about...

Controls Audit Email
Read More
Prev 1 2 3 4 5 Next