Manage your application security risk and comply with OCC Bulletin 2008-16 cost-effectively...
Hear about how leading organizations are leveraging Bulletin 2008-16 as a blueprint for securing third party applications
Learn about contract language you can use in SLAs to demand secure software from third...
Leading Technology Vendor Discusses the Need for Vulnerability Assessments & Remediation Processes for Applications Whether Developed In-House or By a Third-Party
Application security is a key focus of regulatory agencies - ensuring that financial institutions pay as much attention to third-party applications as...
In recent years, the hacking community has shifted its efforts toward a new frontier: the application layer. With most companies spending thousands, if not millions, of dollars securing the perimeter with network firewalls, intrusion prevent systems, and other devices, hackers have realized the lowest hanging fruit...
A recent Comptroller of the Currency (OCC) guidance emphasizes the need for stronger application security within financial institutions and their third-party service providers to maintain integrity of data, mitigate true risks and avoid being prime targets for criminal activities. We queried two information security...
Sahba Kazerooni is a senior security consultant with Security Compass, a security consulting and training firm specializing in application security based in New Jersey. He is also an internationally-renowned speaker on security topics, and has provided presentations at security conferences around the world, including...
To me, this is one of the sleeper stories of the year.
The ID Theft Red Flags Rule, Business Continuity and Anti-Money Laundering have dominated the headlines - and banking/security priorities. But recent attention paid to Application Security has the potential to fuel one major fire drill in 2009.
A Wells Fargo bank access code was used to steal the personal information of roughly 5,000 consumers, leading the bank to conduct a full-scale inquiry into the data breach.
Wells Fargo says it was notified on July 1 by MicroBilt, an online consumer and commercial credit bureau information provider, that someone had...
"Whitelisting" is a new twist on information security. Instead of trying to find a software solution that keeps all of the potential bad guys out of your systems, whitelisting allows you to establish a protection layer that grants access to only your finite list of good guys - individuals or applications.
In this...
Interview with Cyber Crime Expert Eric Fiterman
In the wake of the arrests of 11 hackers tied to the TJX data breach, security experts everywhere are warning of bigger, bolder threats to come.
So, what should banking institutions have learned from TJX-style breaches, and what can they do now to protect their...
Interview with Brent Rickles, SVP, First National Bank of Bosque County, on Securing Financial Data and Systems Through Application Whitelisting
"Whitelisting" is a new twist on information security. Instead of trying to find a software solution that keeps all of the potential bad guys out of your systems,...
The recent release of a University of Michigan study on the security flaws of online banking websites brings attention to the often overlooked area of web application security.
In this exclusive interview, Jeremiah Grossman of WhiteHat Security shares his insights on the importance of web application security for...
More than 75 percent of bank webites in a recent survey have at least one design flaw that could make customers vulnerable to cyber thieves.
This according to a new University of Michigan study of online banking.
These design flaws stem from the flow and the layout of the websites, according to the study. Led...
The launch of the Payment Card Industry Data Security Standard (PCI DSS) has helped expose serious security shortcomings. The IBM System i (AS/400) presents its own unique set of challenges when it comes to PCI compliance. Read this white paper to learn the following:
How the standard relates to the AS/400
How to...
Banking institutions must conduct appropriate security risk assessment and mitigation on all software applications, regardless of whether developed internally, by a vendor or by outside developers.
This is the key point of a recent bulletin from the Office of the Comptroller of the Currency, which regulates and...
Just when you thought PCI deadlines were behind you ...
The deadline for compliance with the Payment Card Industry's Data Security Standard DSS (PCI-DSS) 6.6 requirement is June 30. This requirement describes security steps that are intended to address threats to web applications.
But industry analysts project...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.