The breach of a card loyalty marketing company has reignited discussions about the roles banking institutions, regulators and others play when it comes to mitigating third-party risks. Where should the buck stop?
The breach of a card loyalty marketing company that exposed card data and other personally identifiable information illustrates the privacy vulnerabilities third parties pose, experts say.
As efforts to fix technical glitches on the HealthCare.gov website for Obamacare continue, taking steps to ensure security should be a top priority. Otherwise, efforts to build trust in the system will fail.
The Office of the Comptroller of the Currency is the first major U.S. banking regulator to issue updated guidance on third-party risks. What are the key tenets, and what should institutions expect next?
Banking institutions are becoming more comfortable with sharing information about cyber-attacks and fraud. And some threat-intelligence vendors are helping to pave the way for expanded collaboration.
Organizations should make sure their business continuity plans address all key business processes and customer-facing applications, says Dan Shannon of core processor Fidelity Information Services.
In the wake of an ongoing stream of merchant and payment processing breaches, the FDIC is reminding smaller banking institutions that they are ultimately responsible for ensuring the security of cardholder data.
Comptroller of the Currency Thomas Curry's comments in a Sept. 18 speech could be an early indication that regulators will put more pressure on banks and service providers to fill cybersecurity gaps, some observers say.
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.
The FDIC is urging banking institutions to pay more attention to vendor management in light of recent breaches, such as one that compromised core processor Fidelity National Information Services.
Few community banks and credit unions have taken the necessary steps to help guard against the growing risks of patent infringement lawsuits. What lessons can they learn from larger institutions?
Operators of media sites should consider adoption of the cybersecurity framework in the aftermath of the recent domain name systems attacks aimed at The New York Times and Twitter.
In the wake of domain name systems attacks aimed at The New York Times, Twitter and other media sites, experts say security professionals in all fields should take specific mitigation steps.
The FFIEC's 2012 guidelines for cloud providers highlight due diligence, and institutions that don't adequately screen vendors face trouble. Troy Wunderlich of Washington Trust Bank offers tips.
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
