Receive articles and resources from the information risk management experts at FoxPointe.
How can an organization know if they are prepared to handle the many facets of a cybersecurity incident? We check the news all the time and see headlines of the latest data breach, or ransomware outbreak, but what if that happened to you? Would your team be able to identify...
Yesterday, the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC, and together with the Federal Reserve and the FDIC, the Agencies), finalized previously proposed interagency guidance on how banking organizations should manage...
What is Encryption? Encryption is often utilized to protect and hide user information from hackers. However, understanding what encryption is and how it works may be daunting. By looking at the first forms of encryption, we can simplify and understand modern encryption. The simplest form of encryption is referred to...
Man-in-the-Middle Attack Phishing and malware attacks have become well known methods of cyber security attacks. But there is another, less common, but equally dangerous method of attacking: Man-in-the-Middle or Eavesdropping attacks. A Man-in-the-middle attack involves an individual observing or collecting your data that is being sent to a trusted source....
As another year passes, more cybersecurity laws and regulations for financial institutions are proposed and or updated. Let’s recap the last twelve months and look at some of the most impactful cyber regulatory updates that, whether coming soon or are now in effect, will need to be considered by your...
In 2018, one of the most well-known side-channel attacks was discovered. The Spectre and Meltdown attack was noteworthy because of how the exploitation affected almost every modern computer processor using software alone, making it difficult to detect. There was a specific technique called “speculative execution” that created a vulnerability in...
This article was written by Christopher Salone, CISA, CCSFP, MBA After years of presenting to Audit Committees, you develop effective ways of communicating not only the results of your IT Audits, but also the health and state of the Organization as a whole. Frequently, I find that at the end...
The Cybersecurity and Infrastructure Security Agency (CISA) defines Multi-factor authentication (MFA) as: “a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA increases security because even if one credential...
With the rise of ChatGPT, deepfakes, and AI-generated art, many people are being exposed to the black box that is advanced computer science. While the inner workings of AI algorithms are known to their developers, the tools that are created can be used by anyone to create unique outputs that...
The FTC Safeguards Rule requires covered companies to develop, implement, and maintain an information security program with over 20 implemented, documented and risk assessed administrative, technical, and physical safeguards designed to protect customer information. Are your clients up on what the revised Rule requires? Are they ready to be compliant...
Building a cyber resilient workforce for is critical to a cyber security program for all companies. According to Verizon’s 2022 Data Breach Investigations Report “This year (2022) 82% of breaches involved the human element. Whether it is the Use of stolen credentials, Phishing, Misuse, or simply an Error, people continue...
by Allison Hall (Director) and Courtney Caryl (Manager), FoxPointe Solutions SOC 2+ Reporting A SOC 2 Plus Additional Subject Matter (SOC 2+) engagement allows a service auditor to assess a service organization’s compliance with the American Institute of Certified Public Accountants’ (AICPA) SOC 2 Trust Services Criteria (TSC), while at...
