In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
Equifax is facing increased scrutiny from Congress, including a bill that would mandate free credit freezes for consumers, on demand. But a true fix would require Congress to give U.S. government consumer watchdogs more power.
The notion of patching the most critical vulnerabilities is outdated and ineffective thanks to today's black market for exploit kits, says Kevin Flynn of Skybox. Evaluating the exposure and context of holes in your organization is crucial to shoring up defenses, he says.
The new cyber regulations from the New York Department of Financial Services apply to far more than just major New York-based banks, explains Paul Bowen of Arbor Networks.
The landscape of user authentication is changing rapidly. A vanishing perimeter and the continuing explosion of cloud-based applications and mobile devices are blurring old boundaries - creating more islands of identity and forcing organizations to reimagine identity and access strategies. And, with four out of five...
In the age of ubiquitous mobility, customers' expectations have evolved - and so must an organization's approach to authentication and transaction security, says Will LaSala of VASCO Data Security.
Oracle's Joshua Brooks understands why those charged with information security compliance can, at times, be overwhelmed when they must deal with frameworks associated with PCI, HIPAA, FedRAMP, ISO 270001 and NIST 800-53, to name a few.
Often, security leaders will look for an industry standard or best practice to help them navigate through the minefield. A recent Rsam survey revealed that
87% of InfoSec leaders said they plan to incorporate NIST CSF into their risk and compliance strategy.
NIST CSF can help CISOs understand their organization's...
Angler phishing targets customers of financial services firms more often than any other industry. When a customer tries to connect to with you, the attacker responds through a lookalike social media account and tries to obtain your customer's account credentials. This can lead to real monetary losses, a damaged brand,...
Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
Today's business climate is one of unprecedented regulatory growth, data complexity and cybersecurity concerns. There is a corresponding increase in media attention, customer awareness and Board-level scrutiny.
Organizations must demonstrate that they have a viable process for managing risk and compliance (broadly...
Most organizations have embraced more than one software platform to automate their critical business processes. Platforms are becoming more flexible, allowing users to customize or configure their own applications. As your use cases grow, you may question whether you should leverage an existing platform for your next...
How well do you know your vendors and the risk they pose? The scope of vendors you need to assess is rising constantly. At the same time, there is more scrutiny than ever on data security and privacy. These factors create greater shared risk where organizations can be held liable for their vendors' actions. To get a...
As financial organizations deploy artificial intelligence and machine learning in the fight against money-laundering fraud, tips are offered to help separate fact from market hype when reviewing new data analytics tools.
Download this whitepaper about analytics and the anti-money laundering paradigm shift that...
Security leaders at financial organizations are fighting a tough battle. Unable to hire the teams they need, they are often left to rely on outdated security controls that can't defend against the sophistication and frequency of today's targeted attacks. This is a losing strategy that results in multiple points of...
