Being on the board of a financial institution is not easy. Board members are expected to not only be knowledgeable about the operational and financial workings of the institution but also to...
Brian Petzold
Recent Posts
Choosing a Cybersecurity Framework
by Brian Petzold | Aug 13, 2021
It is a good practice to identify a cybersecurity framework as part of an institution’s Information Security Program. A framework helps to identify gaps that might exist and leave the institution...
Breaking the SMS Habit
by Brian Petzold | Jun 25, 2021
Multifactor Authentication (MFA) is one of the most important controls to block account takeover fraud. There are many different forms of MFA available, and many banks support more than one method...
A Message to Vendors
by Brian Petzold | Jun 11, 2021
Today I am writing to those who wish to sell their products or services to a financial institution. If you work at a financial institution, feel free to pass this on to any prospective vendors to...
The Policy Labyrinth
by Brian Petzold | Apr 30, 2021
You started with an Information Security Policy that covered the basics. Then one day an auditor walked in and asked to see your Data Destruction Policy, so you wrote one. In the next exam,...
Learning Not to Trust
by Brian Petzold | Apr 9, 2021
Most of our IT infrastructures were built to trust. From the time users sign on in the morning until they log off at the end of the day, the network trusts them as well as the computer that they are...
What is "Best Practice"?
by Brian Petzold | Mar 5, 2021
Over the years, I have become wary of the term “best practice” when it is applied to technology and cybersecurity. The term “best practice” is supposed to mean that what is being described aligns...
Guidance on Obsolete Encryption Protocols
by Brian Petzold | Jan 22, 2021
Networks rely on encryption to ensure that data is kept private and cannot be changed while at rest or in transit. In most cases this encryption utilizes certificates, and these certificates in turn...
Mitigating Supply Chain Attacks
by Brian Petzold | Dec 30, 2020
The worst fears of security experts became a reality recently when threat actors maliciously hid malware inside legitimate updates of SolarWinds network monitoring software. When the malware...
The Powerful GLBA Board Report
by Brian Petzold | Dec 11, 2020
When the Gramm-Leach-Bliley Act was implemented, each regulatory agency adopted a set of interagency guidelines and regulations required for compliance with the provisions of the Act. Within each of...