When the Gramm-Leach-Bliley Act was implemented, each regulatory agency adopted a set of interagency guidelines and regulations required for compliance with the provisions of the Act. Within each of...
Brian Petzold
Recent Posts
Inherent and Residual Risk
by Brian Petzold | Nov 13, 2020
When we start working with financial institutions, we often find that there is a lot of confusion around how cybersecurity inherent risk and residual risk should be defined. The assessments seem to...
Asset Management Lessons Learned from Morgan Stanley
by Brian Petzold | Oct 16, 2020
Asset Management is one of the foundations of a sound Information Security Program, but it is also often neglected in the rush to replace or decommission systems. Every IT Manager has been through...
Typ0squatting
by Brian Petzold | Sep 25, 2020
We recently have seen an increase in “typosquatting” activity targeting financial institutions. Typosquatting is when someone registers a domain with a name that is very similar to the legitimate...
National Insider Threat Awareness Month
by Brian Petzold | Sep 4, 2020
A group of US security agencies has once again designated September as “National Insider Threat Awareness Month” (NITAM). While insider threats are always a concern, the agencies point out that...
Herding CATs
by Brian Petzold | Aug 7, 2020
After helping many financial institutions complete their Cybersecurity Assessment Toolkit (“CAT”), we have found that there are a small number of CAT statements that commonly get institutions...
Understanding Your Information Security Layers
by Brian Petzold | Jul 17, 2020
Information security programs are like onions. They have layers. Understanding the control layers of an information security program helps management of a financial institution stop seeing the...
Changing How Vulnerabilities are Audited
by Brian Petzold | Jun 12, 2020
Regulators expect that a financial institution will have a vulnerability scan performed by an independent third party at least annually. This scan normally occurs during the annual audit, with the...
Murphy’s Law and Business Continuity Plans
by Brian Petzold | May 15, 2020
Any seasoned IT pro can recount stories where seemingly insignificant components or very rare events brought down critical systems. Perhaps it was the failure of a core switch and its redundant twin...
Controlling Sensitive Files Outside Your Institution
by Brian Petzold | Apr 24, 2020
When your institution needs to send a sensitive file to an outside party, how do you control what happens to that file? If you are like many, you may email it to them utilizing one of many email...