FoxPointe Security Hub

Subscribe to the blog

Receive articles and resources from the information risk management experts at FoxPointe.

This article was written by Jamie Normand, Security Consultant – FoxPointe Solutions Cybersecurity Jurisdiction Data privacy and protection regulations are becoming increasingly common worldwide. This month marks four years since the European Union’s General Data Protection Regulation (GDPR) took effect. During the GDPR’s first four years, more than $1.5 Billion...

This article was written by Chris Salone, CISA, CCSFP, MBA Computer Incident Notification Rule In the final quarter of 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (the agencies), issued a rule requiring...

PCI Standard v4.0 In March 2022, the Payment Card Industry Security Standard Council (PCI SSC) released its initial draft v4.0 of the standard. Based on the initial draft release, the following critical changes are assumed to be incorporated into the new version of the PCI standard: For merchants, sensitive authentication...

Cyberattacks February 24, 2022, Russia began its large-scale military invasion of Ukraine, one of its neighboring countries. Many international organizations, like Apple and Volkswagen, have taken a stance by applying sanctions against Russia in hopes of encouraging Russia’s President, Vladimir Putin, to stop its invasion without starting a world war....

Ransomware Concerns for Every Business All organizations can face a disastrous outcome to a ransomware event, including the governmental entities. An outbreak is a painful event especially with the critical role these agencies have. The disruption of essential services to the public, health care, water & sewerage, education, transportation, and...

The Bonadio Group and their cybersecurity division FoxPointe Solutions highly recommends and encourages that our customers invest in an ongoing compliance solution that can help support its company’s internal controls and compliance requirements before an internal audit is performed by an independent third-party. Not only does an effective and valuable...

By: Christopher Salone, CISA CCSFP, MBA This past year proved to be a year of rapid development for the cybersecurity and IT landscape. As new threats emerged, others continued to develop and evolve. Throughout the year, the FFIEC, in an effort to help its institutions combat these threats, issued new...

The ever-growing threat landscape and wide accessibility to the internet around the globe have made it easy for malicious actors to launch cyber-attacks and exploit vulnerabilities within an organization. Big or small, organizations that possess data can be at risk to cyber criminals who want to gain access to their...

This article was written by Andrew Parks & James Merritt. Apache Log4j Apache Log4j is an open-source library that is utilized by applications to facilitate logging requests. On December 9th, 2021 a vulnerability was reported (CVE-2021-44228 from the National Vulnerability Database) that impacts applications leveraging Apache Log4j versions 2.14.1 and...

Payment Card Industry (PCI) governance program Typically, the two primary goals of a company’s Payment Card Industry (PCI) governance program are to meet the intent of applicable controls and reduce the scope of PCI Data Security Standards (DSS) requirements enforced on the company’s environment. However, many companies do not meet...