Ensuring Transparency and Disclosure: Navigating Cybersecurity Risks in the Municipal Bond Market
I recently had the honor of being selected to participate in a panel discussion on assessing, mitigating, and disclosing cybersecurity...
Reporting to Council: Why Local Governments Should Use the NIST Cybersecurity Framework
The blog post discusses how the NIST Cybersecurity Framework can be an effective tool for reporting on cybersecurity to council members.
The Importance of Active Involvement from Local Government Leaders for a Cyber Safe Future
In today's digital age, every local government is a digital government. With the increasing reliance on information and technology,...
Who should setup access in the ERP (Financial Application)?
As an IT auditor for local governments, one of the most often asked questions I get during audits is this: “Who should set up user access...
Policy, Procedure, or Plan
Some standards like PCI and NIST require policies that cover specific topics. Sometimes you will see a requirement for a policy and...
IT Governance & IT Management
Many practitioners use these terms governance and management synonymously. While there is some overlap in practice, there are key...
Cybersecurity Policies Made Easy
People often ask for advice regarding information security or cybersecurity policies. For the remainder of this article, I will use...
Cybersecurity Policy for Local Governments
Here is a sample high-level cybersecurity policy for a city, district, or county. It is designed to be a high-level statement adopted by...
Does Security Awareness Work?
According to the Verizon 2018 Data Breach Report, 93% of data breaches are linked to phishing or social engineering. With stats like...
