Posted February 13, 2019 by Rebecca MerrittThe bank’s infosecurity team was split on the need for a data retention policy. Half of the team didn’t feel they needed to eliminate customer files because customers would likely open another account down the line
Posted January 18, 2019 by Taylor MazeSometimes, the hardest part of risk management is identifying the areas of weakness within your environment. I would argue, however, that more often than not, the more difficult undertaking is deciding how to address said weaknesses.
Posted January 17, 2019 by Brock KrawczunWe recently conducted an engagement with a bank analyzing the risk associated with wire fraud. The outcome surprised some of the team who went through the process. One of the biggest overall findings was that the loss exposure was significantly less than expected
Posted November 21, 2018 by Tim WynkoopI recently ran an analysis for a major bank that I think shows the power of both the FAIR Model for thinking through cybersecurity investment decisions and the power of the RiskLens CRQ platform for quickly running the numbers to support those decisions, often with surprising results.
Posted August 16, 2018 by Rachel SlabotskyI recently worked with a large financial services organization to analyze a data breach scenario and determine the potential risk reduction (in terms of dollars and cents) that would result from implementing tokenization on key fields within a database cluster containing PII information.
Posted June 13, 2018 by Jeff B. CopelandThe access process for the service portal of a global technology manufacturing company had a serious flaw. Once in the portal, anyone could get in and download the materials they needed to compete with the technology company’s authorized partners to service its products.
Posted May 3, 2018 by Tim WynkoopIn 2017, the shipping giant Maersk had to halt its global operations to reinstall its entire IT infrastructure-- 4,000 servers and 45,000 PCs-–after the NotPetya ransomware locked up its machines; the cost in lost business and remediation could hit $300 million.
Posted January 11, 2018 by Tim WynkoopThe infosecurity team at a large financial institution had finally hit the dead end on red-yellow-green, subjective measurement. Its residual and inherent risk “scoring system” could produce colorful heat maps.
Posted October 25, 2017 by Rachel SlabotskyRegulations such as the EU's General Data Protection Regulation (GDPR) and the NYDFS Cybersecurity Requirements represent efforts to ensure that organizations are taking the right steps to protect sensitive data. While the depth and breadth of these requirements may differ, their primary message is the same - protect your sensitive customer data, or pay a significant price.