Announcing RIA Cybersecurity Risk Worksheet
13th February 2017
Introducing the complementary RIA Cybersecurity Risk Worksheet! The RIA Cybersecurity Risk Worksheet is a great tool for Registered Investment Advisors (RIAs) to do a quick initial investigation into your firm’s cyber security practices. RIA Cybersecurity risk worksheet The risk worksheet is an eighteen question multiple choice self-evaluation of your firm’s current cybersecurity practices. After answering…
-- READ MORE
Mothers, don’t let your babies grow up to use the ‘admin’ username
31st January 2017
There are many blog posts, articles, training materials and all sorts of content admonishing people to pick good passwords. But there is not nearly the same volume of content discussing good username selection. Administrators especially should be cognizant of good usernames to reduce the risk of an attack. Here at Fractional CISO we took a…
-- READ MORE
Why a virtual CISO for your medium-sized business makes sense
9th November 2016
You know you need better security for your organization. The security consultants you hired ran a penetration test on your website but did they look comprehensively at your organization’s security posture? Did they talk with your executive management about their business goals and risk tolerance for the organization? Often in the security space there is…
-- READ MORE
Password Advice – xkcd
6th October 2016
“What about ‘correct horse battery staple’ style passwords?” has been the response to our password manager post. There is a famous xkcd comic posted above suggesting that using four ‘random words’ together would make a great password. Here at Fractional CISO we have a view of the security of such passwords… eh. It is true that…
-- READ MORE
Password advice from the wicked
25th September 2016
Internet ransomers, hackers, and scammers all have password advice for you… keep your passwords simple, don’t change them and use the same ones for every site. Unfortunately many of us follow this terrible advice. Not having a good password scheme can lead to significant financial, privacy, social and career problems. Instead of following what…
-- READ MORE
Business Email Compromise
19th May 2016
“Please wire $70,000 to the account below.” If your staff got these instructions from “you” via email, would they do it? Would they confirm in person with you first? What policies, procedures and systems do you have in place to prevent such an action when the “you” is not you? You may believe that this…
-- READ MORE
How to check if someone is really a CISSP
30th April 2016
The Certified Information Systems Security Professional (CISSP) is the most prestigious security certification. People with the certification demonstrate a comprehensive understanding of many aspects of security as well as many years of relevant experience in the security space. The test is one of the more challenging tests with a fair number of experienced security professionals…
-- READ MORE
Temporary CISO
28th March 2016
A Temporary CISO is the interim appointment of a CISO at an organization for a period of transition. Often an Temporary CISO is needed during a period of crisis for instance during a security breach, because of a key departure or because the existing CISO needs to take a leave of absence for personal reasons. However, it may…
-- READ MORE
Interim CISO
25th February 2016
An Interim CISO is the temporary appointment of a CISO at an organization for a period of transition. Often organizations need an Interim CISO during a period of crisis. The organization needs to hire the Interim CISO quickly due to a departure. Sometimes the existing CISO may need to take a leave of absence for health…
-- READ MORE
How Registered Investment Advisors can avoid the SEC’s cybersecurity wrath
7th December 2015
In the course of providing investment guidance to consumers, Registered Investment Advisors (RIAs) collect significant personal and financial information for their clients. Hackers have learned that targeting RIAs can be a fruitful source of valuable information. The Security and Exchange Commission (SEC) has turned its attention toward RIA cybersecurity, issuing strong guidance on how RIAs…
-- READ MORE
