Stephanie Goetz

Recent Posts

Artificial Intelligence–How will it be regulated

by Stephanie Goetz | Jun 7, 2024

Institutions are looking at services using Artificial Intelligence (AI), such as loan decisioning, resume review, and process automation. Using these services can be risky not only because of the...

Hacker Psychology

by Stephanie Goetz | Apr 26, 2024

Many of you have probably heard the adage that one of the best ways to catch a criminal is to think like one. Recently, I discovered several articles in a series called ‘Hacker Conversations’ by...

NIST Releases Cybersecurity Framework 2.0

by Stephanie Goetz | Mar 22, 2024

The National Institute for Standards and Technology released an update to its Cybersecurity Framework (CSF) late February. The CSF was originally created in 2014 to help critical national...

The Three Lines of Defense

by Stephanie Goetz | Jan 19, 2024

We have referenced this concept in blog posts previously related to growing your Information Security Program and ensuring independence in your Information Security Officer (ISO), however, we have...

Humans vs. Artificial Intelligence: Who is the better phisher?

by Stephanie Goetz | Dec 7, 2023

What an interesting question and an article published recently gives us the answer, at least for today. Stephanie Carruthers, the chief people hacker for IBM X-Force Red, had her team take on...

Five Findings from the 2023 IBM Security Cost of a Data Breach Report

by Stephanie Goetz | Oct 20, 2023

I was reviewing the 2023 IBM Security Cost of a Data Breach Report this week and wanted to share some findings I found interesting. This report is published annually and that follows organizations...

NIST Cybersecurity Framework 2.0 Draft Updates

by Stephanie Goetz | Sep 8, 2023

The NIST Cybersecurity Framework (CSF) was initially developed in 2014 and was intended to be a living document, dependent on feedback from stakeholders. It was initially developed for critical...

Business Email Compromise: Attacks Immune to Multi-Factor Authentication

by Stephanie Goetz | Jul 21, 2023

They’ve come back around…those business email compromises, which were all too common in the late 2010s. Unfortunately, we have seen many of these in recent weeks, even with multi-factor...

Three Options to Implement Phish Resistant Multi-Factor Authentication

by Stephanie Goetz | Mar 17, 2023

Since the pandemic and the rise of work at home, we have become very familiar with Multi-Factor Authentication (MFA). Typically, this is implemented as a One-Time Password (OTP) delivered via an...

Should Financial Institutions have a BISO Program?

by Stephanie Goetz | Feb 17, 2023

A BISO (Business Information Security Officer) is an ombudsman for business lines across an institution. This person is responsible for representing the business requirements, controls, and...

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!