Skip to main content
FoxPointe FoxPointe
  • Services
    • Compliance
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog
  • Contact Us
FoxPointe
  • Services
    • Compliance
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog

Enter Keywords

FoxPointe Security Hub

Subscribe to the blog

Receive articles and resources from the information risk management experts at FoxPointe.

Subscribe Now

What is Pen Testing and Why is it Important to Perform?

January 5, 2022
The ever-growing threat landscape and wide accessibility to the internet around the globe have made it easy for malicious actors to launch cyber-attacks and exploit vulnerabilities within an organization.  Big or small, organizations that possess data can be at risk to cyber criminals who want…

Apache Log4j Guidance

December 15, 2021
This article was written by Andrew Parks & James Merritt. Apache Log4j is an open-source library that is utilized by applications to facilitate logging requests. On December 9th, 2021 a vulnerability was reported (CVE-2021-44228 from the National Vulnerability Database) that impacts applications…

Reducing Scope of PCI with Cloud Computing

December 6, 2021
Overview Typically, the two primary goals of a company’s Payment Card Industry (PCI) governance program are to meet the intent of applicable controls and reduce the scope of PCI Data Security Standards (DSS) requirements enforced on the company’s environment. However, many companies do…

Proposed Risk Management Guidance for Third-Party Relationships

November 22, 2021
On July 13, 2021, the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC, and together with the Federal Reserve and the FDIC, the Agencies), requested comments on proposed…

The Impact of Internal Controls on Fraud Prevention

October 21, 2021
All fraud begins with a line of thinking that follow three major factors: Opportunity, Rationalization, and Pressures. Rationalization is the excuse an individual uses to provide comfort or assurance that they need to commit fraud. An example of this could be: “I’ll put the money back, I…

FedLine Security and Resiliency Assurance Program Attestation Service

October 20, 2021
In October 2020, the Federal Reserve Banks (FRB) posted an announcement to their website titled “Announcing the FedLine Solutions Security and Resiliency Assurance Program”.  The FRB’s FedLine Solutions are a critical component of the U.S. payment system.  FedLine is a…

Fight the Phish

October 6, 2021
Phishing is defined as a form of social engineering that use email or malicious websites to solicit personal information by posing as a trustworthy organization. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing is often in the news,…

October Marks Cybersecurity Awareness Month

October 1, 2021
Now in its 18th year, Cybersecurity Awareness Month continues to raise awareness about the importance of cybersecurity.  Every October since 2004 marks National Cybersecurity Awareness Month. This month raises awareness about the importance of cybersecurity and how to protect yourself from…

The Dangers of Information Security Complacency - A Leading Cause of Data Breaches in the Manufacturing Environment

September 14, 2021
My career has taken me through a winding road of many areas including finance, manufacturing, education, and, today, information security.  My career has included 24 years in the manufacturing world, where I managed many risks including employee theft (check kiting and manipulation) and mail…

Data Security and the Zero Trust Model

August 24, 2021
Our workplaces have become more mobile than ever before, largely due to advancements in technology being used by businesses for communication and collaboration. The circumstances related to the COVID-19 pandemic have expedited this movement by forcing most businesses and organizations out of their…

The Cybersecurity and Infrastructure Security Agency on Ransomware

July 27, 2021
Stopping Ransomware In today’s world of everchanging technology, the fastest growing method of cyber-attacks is Ransomware.  “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and malicious actors…

NY State Senate Bill S6806A

June 29, 2021
This blog was written and produced by Nick Cozzolino, CISSP, Director of Information Security at The Bonadio Group. FoxPointe Solutions is The Bonadio Group's dedicated cybersecurity division. Looking to get in touch with Nick? Reach out today: Nick Cozzolino ncozzolino@bonadio.com. “Data is…

HITRUST: Important Changes You Need to Know

June 28, 2021
Is your organization involved in HITRUST or looking to take that path in the near future? If so, there are some important changes to be aware of that may change your timeline and approach. Throughout each year, HITRUST releases Advisories as needed, in one of two categories: Assurance Change…

Benefits of a SOC 2 + HITRUST CSF Report

June 10, 2021
This blog was written and produced by Courtney Nist, Senior Security Consultant CHQP, CCSFP, at FoxPointe Solutions. Looking to get in touch with Courtney? Reach out today: Courtney Nist cnist@foxpointesolutions.com. Based on the Verizon Data Breach Investigations Report of 2021, healthcare and…

Benefits of a SOC 1 Report

May 21, 2021
What is a SOC 1 Report A SOC 1 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 18, focuses on a service organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements. SOC 1 reports cover a…

New York State Department of Financial Services Cracking Down On Compliance With Cybersecurity Regulations

May 13, 2021
Since the regulation came into effect in March 2019, the New York State Department of Financial Services (DFS) continues to strengthen the way that it enforces the Cybersecurity Regulation 23 NYCRR Part 500. With 23 distinct sections of the regulation, DFS requires a comprehensive cybersecurity…

New Proposed Banking Breach Notification Regulation is Met with Criticism

April 22, 2021
As you were enjoying a cup of coffee the morning of December 18, 2020, you might have been arranging your Holiday plans or ordering a last-minute gift for a loved one. Or, perhaps, you’re part of the banking industry, and as part of your morning routine, you peruse various news outlets and…

Reducing Third-Party Risk: Ongoing Assessment and Monitoring

April 15, 2021
In this day and age, the risk of cybersecurity threats is becoming a concerning topic for organizations. Reducing the risk of data breach has become a top priority for many businesses. When it comes to minimizing risk, an often-overlooked area is third-party risk. Many organizations include an…

Over 500 Million Facebook User Records Leaked

April 5, 2021
On April 2, 2021, it was confirmed that a malicious user published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The information, spanning from users across the globe, includes phone numbers, user IDs, full names, locations, birthdates, and some email…

Important SHIELD Act Information for Colleges and Universities

March 5, 2021
An updated cybersecurity law that the IT organization (along with other college/university departments) will need to continue to integrate into its compliance programs, policies, and controls is the recent changes to New York’s General Business Law 899-aa and 899-bb (aka SHIELD Act). The…
  •   
  •   
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 3 / 6
  •   
  •   
  • Topics
  • Authors
  • Data Security (15)
  • Data Privacy (15)
  • Compliance (5)
  • Risk Management (10)
  • Cybersecurity Alert (7)
  • Cybersecurity (27)
  • Archive (34)
  • Charlie Wood | PCI QSA, CISA, CRISC, CISM
  • Carl Cadregari | CISA, CCSFP, CTPRP
  • Brandon Agostinelli
  • Courtney Caryl | CCSFP, CHQP
  • Allison Hall | PCIP, CCSFP
  • Christopher Salone | MBA
  • Grace Walker | CPA, CCSFP, CHQP
Let us show you how we can help
Request Quote
FoxPointe

171 Sully's Trail
Pittsford, NY 14534

Call 844-726-8869
or Contact Us

Subscribe to the Blog

Services
CompliancePenetration TestingGeneral ConsultingIT AuditVirtual Chief Information Security Officer (vCISO)
Company
Management TeamAbout UsBlogCareersPrivacy Policy
©2023 FoxPointe
Website by Corporate Communications, Inc.
We use cookies and other technologies to optimize site functionally, analyze website traffic, and share information with our service and analytics partners. To view our Privacy Policy, which discusses cookies, click here. By continuing to use & browse our services, you agree to our Privacy Policy, our use of cookies, and the Terms and Conditions.