Stephanie Goetz

3 min read

The Three Lines of Defense

Stephanie Goetz: Jan 19, 2024

We have referenced this concept in blog posts previously related to growing your Information Security Program and ensuring independence in your Information Security Officer (ISO), however, we have not dug into the concept. I found myself revisiting...

Risk Threats Risk Management
Read More

1 min read

Humans vs. Artificial Intelligence: Who is the better phisher?

Stephanie Goetz: Dec 7, 2023

What an interesting question and an article published recently gives us the answer, at least for today. Stephanie Carruthers, the chief people hacker...

Email AI Artificial Intelligence User Testing and Training Phishing Vishing
Read More

2 min read

Five Findings from the 2023 IBM Security Cost of a Data Breach Report

Stephanie Goetz: Oct 20, 2023

I was reviewing the 2023 IBM Security Cost of a Data Breach Report this week and wanted to share some findings I found interesting. This report is...

Threats Training MFA Ransomware Access Passwords Multi-factor Authentication Business Email Compromise AI Cybersecurity
Read More

2 min read

NIST Cybersecurity Framework 2.0 Draft Updates

Stephanie Goetz: Sep 8, 2023

The NIST Cybersecurity Framework (CSF) was initially developed in 2014 and was intended to be a living document, dependent on feedback from...

Risk Banks NIST Cybersecurity Risk Management
Read More

2 min read

Business Email Compromise: Attacks Immune to Multi-Factor Authentication

Stephanie Goetz: Jul 21, 2023

They’ve come back around…those business email compromises, which were all too common in the late 2010s.

Threats Controls MFA Access Third-Party Passwords Email Key Control Multi-factor Authentication Business Email Compromise BEC
Read More

1 min read

Three Options to Implement Phish Resistant Multi-Factor Authentication

Stephanie Goetz: Mar 17, 2023

Since the pandemic and the rise of work at home, we have become very familiar with Multi-Factor Authentication (MFA). Typically, this is implemented...

Controls Remote Access MFA Banks Passwords
Read More

2 min read

Should Financial Institutions have a BISO Program?

Stephanie Goetz: Feb 17, 2023

A BISO (Business Information Security Officer) is an ombudsman for business lines across an institution. This person is responsible for representing...

Information Security Program Governance Banks Credit Unions
Read More

2 min read

Tools to Check Out in the Cybersecurity Resource Guide

Stephanie Goetz: Oct 14, 2022

Last week, we saw the Federal Financial Institutions Council (FFIEC) announce an update to its Cybersecurity Resource Guide. It was originally...

Risk CISO Information Security Program CISO Services vCISO Virtual CISO Outsourced CISO In-house CISO Banks Credit Unions FFIEC Ransomware CISO as a service IT
Read More

2 min read

Charging Dr. Ransomware

Stephanie Goetz: Aug 12, 2022

Moises Luis Zagala Gonzalez, a 55-year-old Venezuelan cardiologist, has been charged with developing the Jigsaw v.2 and Thanos ransomware strains,...

Risk Cyber Law Risk Assessment Ransomware
Read More

3 min read

Change, Conflict and Culture

Stephanie Goetz: Jul 15, 2022

We have many institutions either going through or coming out of a large amount of change. It seems like there’s always some new guidance, product, or...

CISO Information Security Program Governance CISO Services vCISO Virtual CISO Outsourced CISO In-house CISO Banks Credit Unions Culture
Read More
Prev 1 2 3 4 5 Next