Stephanie Goetz

Recent Posts

NIST Releases Cybersecurity Framework 2.0

by Stephanie Goetz | Mar 22, 2024

The National Institute for Standards and Technology released an update to its Cybersecurity Framework (CSF) late February. The CSF was originally created in 2014 to help critical national...

The Three Lines of Defense

by Stephanie Goetz | Jan 19, 2024

We have referenced this concept in blog posts previously related to growing your Information Security Program and ensuring independence in your Information Security Officer (ISO), however, we have...

Humans vs. Artificial Intelligence: Who is the better phisher?

by Stephanie Goetz | Dec 7, 2023

What an interesting question and an article published recently gives us the answer, at least for today. Stephanie Carruthers, the chief people hacker for IBM X-Force Red, had her team take on...

Five Findings from the 2023 IBM Security Cost of a Data Breach Report

by Stephanie Goetz | Oct 20, 2023

I was reviewing the 2023 IBM Security Cost of a Data Breach Report this week and wanted to share some findings I found interesting. This report is published annually and that follows organizations...

NIST Cybersecurity Framework 2.0 Draft Updates

by Stephanie Goetz | Sep 8, 2023

The NIST Cybersecurity Framework (CSF) was initially developed in 2014 and was intended to be a living document, dependent on feedback from stakeholders. It was initially developed for critical...

Business Email Compromise: Attacks Immune to Multi-Factor Authentication

by Stephanie Goetz | Jul 21, 2023

They’ve come back around…those business email compromises, which were all too common in the late 2010s. Unfortunately, we have seen many of these in recent weeks, even with multi-factor...

Three Options to Implement Phish Resistant Multi-Factor Authentication

by Stephanie Goetz | Mar 17, 2023

Since the pandemic and the rise of work at home, we have become very familiar with Multi-Factor Authentication (MFA). Typically, this is implemented as a One-Time Password (OTP) delivered via an...

Should Financial Institutions have a BISO Program?

by Stephanie Goetz | Feb 17, 2023

A BISO (Business Information Security Officer) is an ombudsman for business lines across an institution. This person is responsible for representing the business requirements, controls, and...

Tools to Check Out in the Cybersecurity Resource Guide

by Stephanie Goetz | Oct 14, 2022

Last week, we saw the Federal Financial Institutions Council (FFIEC) announce an update to its Cybersecurity Resource Guide. It was originally released in 2018 and intended to be a resource to...

Charging Dr. Ransomware

by Stephanie Goetz | Aug 12, 2022

Moises Luis Zagala Gonzalez, a 55-year-old Venezuelan cardiologist, has been charged with developing the Jigsaw v.2 and Thanos ransomware strains, which would make him one of the most productive...

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!