With many organizations pushing outsourcing to its limits, regulators and standards bodies (e.g., MAS, OCC, BaFin, FCA, FedRAMP, BITS, NERC, NEI, ISO, PCI Security Council, AICPA, and Cloud Security Alliance) are increasingly putting an emphasis on having a strong and effective supplier risk management framework....
A key challenge in mitigating cyber-risks is differentiating new malware threats from older ones. Experts offer insights on how to sort through the massive number of alerts issued by vendors to identify the real threats that require attention.
Comptroller of the Currency Thomas Curry warns in an April 16 speech that third-party security risks are posing increasing vulnerabilities for community banks. Learn about the advice he offered.
Manufacturers of a wide variety of devices that link to the Internet can improve security by turning to processes IT has used for nearly a generation, says Tony Sager of the Council on Cybersecurity.
Mobility has driven the rise of containerization as a security strategy for employee-owned devices. But what about for contractors? Kimber Spradlin of Moka 5 discusses how to mitigate third-party risks.
Mobility has driven the rise of containerization as a security strategy for employee-owned devices. But what about for contractors? Kimber Spradlin of Moka5 discusses how to mitigate third-party risks.
Lawsuits that card issuers have filed against Target to help recoup expenses associated with the retailer's breach aren't likely to reap big rewards, two legal experts say. But they are sending a strong message.
Despite their differences on certain issues, the Financial Services Roundtable and the Retail Industry Leaders Association have joined forces in an effort to prevent breaches by enhancing cybersecurity and threat intelligence sharing.
Security experts disagree about whether the breach of a refrigeration vendor is ultimately to blame for the network attack that compromised Target. Here, they explain their views.
Big data is a hot item on every banking institution's security agenda, says Gartner analyst Avivah Litan. Here she explains why mid-sized institutions are in the best position to implement new technology.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
President Obama met with technology company executives critical of his administration's surveillance program a day after a federal judge ruled that portions of the National Security Agency program could be unconstitutional.
Cybersecurity risks posed by inadequate IAM and IT asset management are mounting. Now the National Cybersecurity Center of Excellence has drafted guidance to address banking institutions' unique risks, says Nate Lesser, the center's deputy director.
The final version of the FFIEC's guidance on social media use clarifies how banks should assess consumer and third-party risks. But suggested controls for employee risks are still missing.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.