TrustCC, Information Security Consulting & Compliance

• Home
• Industries
  • Financial Services
  • Healthcare
  • Retail
  • Government
  • Service Providers
  • Public Companies
  • Higher Education
  • Professional Services
• Services
  • IT Compliance
    • GLBA Compliance
    • HIPAA Compliance
    • SOX 404 Compliance
    • PCI DSS Security Preparedness
    • TG-3 PIN Security
  • IT Audit
    • General Controls Audit
    • FFIEC Audit
  • IT Security Testing
    • Comprehensive Security Assessment
    • Penetration Testing
    • Mainframe Security
  • IT Policy and Program
    • Information Security Risk Assessment
      
    • Incident Response
    • IT Security and Compliance Training
    • Business Continuity Planning
    • Policy and Procedure Development
• Resources
  • Articles
  • Checklists and Samples
  • Presentation Materials
  • Case Studies
    • Penetration Testing Case Study
    • Social Engineering and Phishing Case Study
    • Outsourced IT Audit Case Study
    • Policy Development Case Study
  • Partners
  • Useful Links
• Company
  • The TrustCC Advantage
  • Management Team
  • Security/Audit Vendor Due Diligence
  • TrustCC's Internal Controls
  • Client Demographics
  • Code of Ethics
  • Job Openings
  • Contact Us
• News
  • News & Press
  • Seminars and Training
• Blog

Articles

The articles below are written by TrustCC professionals to benefit the information security and financial services community.  You may have seen these articles in various trade magazines or publications.  While we do not require registration to download the documents, we do appreciate your comments and suggestions for future articles.
 

Security Awareness Training - A Security Program "Must Have!" .PDF for NASCUS - May 2008
Is security awareness training a beast you’re not sure you can tame? CEO Tom Schauer talks about "Social Engineering" tactics and the security weaknesses that are present when your organization lacks a strong security awareness training program.

Vendor Due Diligence - Filtering Out Security Vendor Rhetoric .PDF (38K) - January 2007
Security Vendors can be among the worst when it comes to rhetoric.  New vendors pop up eveyday with "Silver Bullet" technologies and "The most qualified professionals".  Enough Rhetoric!  This article describes vendor due diligence principles from the FFIEC's Outsourcing Technology Vendors Booklet.

How to Avoid Common Exam Findings .PDF (57K) - December 2006
TrustCC is contracted to perform regulatory exams in the State of Washington.  There are a number of common findings related to IT that could be avoided with just a bit of guidance.  This article provides the needed guidance to avoid findings related to Tests of Key Controls, Information Security Policies and Vendor Management.