Post Type Description
Introduction In the course of any given year BAI Security performs hundreds of IT Security Audits for truly security-conscious organizations in highly regulated industries. Our specialization includes in-depth IT Security Audit and Forensic services primarily to the Banking and Finance, Pharmaceutical, Healthcare, and Insurance sectors. In an effort to bring awareness to growing trends related… Continue reading Protecting Your Intellectual Property – Tips from Real World Audits
First, it should be noted that this list is compiled from IT Security Audits performed by BAI Security during January to July of 2013 and is not intended to be a comprehensive list of all security risks. BAI Security specializes in auditing regulated organizations, such as those in banking and finance, pharmaceutical, healthcare, insurance, and… Continue reading BAI Security – Mid-year Top-4 Security Risks
The FBI’s IC3 says spear-phishing attacks are targeting multiple industries, and that the end goal is to steal IP or compromise banking credentials. “Cyber-criminals target victims because of their involvement in an industry or organization they wish to compromise,” the IC3 states. “Recent attacks have convinced victims that software or credentials they use to access… Continue reading FBI Warns of Spear-Phishing Increase
On April 30th, 2013 the National Institute of Standards and Technology (NIST) issued their latest version of essential guidance: Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations. Led by Ron Ross, a NIST fellow and the project leader, a team of computer scientists spent the past two years… Continue reading New Guidance Released by NIST Redefines Assurance & Trustworthiness for Financial Institutions
The following is an excerpt from an article regarding the “Top IT Security Threats for 2013” “One of the areas we see a dramatic increase of concern is over data leakage,” says Michael Bruck of Chicago-based BAI Security. “The ease in which an individual can export sensitive information from an internal network is chilling for… Continue reading 2013 Insider Threat to Banks and Credit Unions – Data Leakage
An experiment carried out within London’s financial district has demonstrated what security experts have been saying for years: employees – even those working with ultra-sensitive financial data – are unaware of or are far too loose with basic security practices. In the experiment, Flash Drives were handed out to commuters as they entered the city.… Continue reading Live Experiment Demonstrates Disregard for Bank Security Policy
Mergers, Acquisitions and Divestitures require special handling when bringing together two distinct organizations or separating a business from the remaining IT infrastructure. The technical environment can be rife with unsecure access points, un-patched servers, and incorrectly configured firewall settings. Information on the acquired company technical environment may be non-existent or incomplete and depending on the… Continue reading 4 Tech Tips for Organizations Planning a Merger
A man calls the receptionist at a competitors company and asks for the name of the Sales Manager. The receptionist says the person you are looking for is Bob Jones. Later, the man calls back to the same company and says he needs to speak with the IT helpdesk. When the helpdesk operator answers the… Continue reading Are Your Employees Giving Away Confidential Security Information?
When the Financial Services – Information Sharing and Analysis Center (FS-ISAC) raises its threat level from “elevated” to “high”, banks need to take action. The combination of the recently publicized rise in cyber-attacks against financial institutions and the number of institutions increasingly vulnerable make this a time for action. While the headlines are focusing on… Continue reading Warning: Large Banks face DoS threats – Small Banks Take Action
How well are your users prepared for modern-day social engineering attacks? If you’re like the majority of management personnel I speak with during our pre-audit consultations you’re wary, but confident that your staff has properly prepared your employees from this threat to your organization. In response, I routinely explain that it is admirable that you… Continue reading Real World Social Engineering Attacks … In the Trenches with an Auditor
We’re here to discuss your upcoming IT security assessment and compliance audit needs.
