The draft guidelines recommend developing system threat models, instituting a mobile-device security policy, implementing and testing a prototype of the mobile-device solution and securing a device before allowing user access.
How are banks addressing mobile security risks? Bank of America's Keith Gordon says most are just beginning to forge ahead in the mobile space, and new security gaps are areas for which institutions have to prepare, proactively.
Some organizations are focusing so much attention on the bring-your-own-device trend and on implementing a mobile device management system that they're neglecting mobile app security issues, says security expert Jeff Williams.
Gartner's Peter Firstbrook, to illustrate the vulnerability of IT systems, cites research that pegs at about 400 days the average time a targeted virus remains undetected on a computer. And, he says, that doesn't speak highly of the current offerings from security vendors.
Howard Schmidt takes exception with aspects of our blog that addresses his position in the White House hierarchy and relationship with agencies' chief information security officers. Here's his response.
Big data isn't about size, says Gartner's Neil MacDonald. It's much bigger: Big data is about volume, velocity, variety and complexity, and requires new approaches on how information is used to secure digital assets.
Consumers want more control when it comes to ensuring security during mobile banking. But most financial institutions have been reluctant to give end-users too much control. Why? Javelin's Jim Van Dyke offers some answers.
Mobile security threats can be managed through testing and strategic risk-mitigation strategies, says Keith Gordon, who oversees authentication and security strategies for Bank of America's consumer online and mobile banking units.