Each time we see a major data breach related to payment card data, the breached entity says 'Gee, well we were told we were PCI compliant - how could this happen?'
Driving to my office yesterday, I listened to the radio as an announcer read the news of an FBI sweep that saw politicians and religious leaders arrested. The first group I wasn't exactly surprised about, but religious leaders? Well, I was listening even more closely when the radio announcer then said there were four...
If there's one thing I've learned about information security professionals, it's that they come in multiple flavors.
Yet, increasingly today, you want people who can run security like a business, feel comfortable in maintaining a seat at the table and are willing to work with changing governance
Imagine the scene: You awaken to start your workday, boot up your PC, and suddenly two of your most mission-critical software applications are unavailable.
Looking for summer reading?
Just finished a new book, "Late Edition," by one of my favorite writers, Bob Greene. This is a touching, often funny memoir of Greene's days as a newspaper rookie in Columbus, Ohio in the 1960s.
The power of social networking web sites can be measured by just looking at the number of hits (or visits) to a person's web page on such well-known sites as MySpace or Facebook.
The negative side web users should consider before placing information on such social networking sites include the connection one...
I moved to Citicorp in the mid-90s, and from the beginning we recognized that in order to be successful, information security had to have the support and buy-in from business and executive management.
The first federal CTO thinks the new federal CTO also could serve as the federal cybersecurity czar.
Norm Lorentz served as the federal chief technology officer in 2002 and 2003, working within the White House Office of Management and Budget. In that job, Lorentz focused on developing the federal IT enterprise...
Angry about the Heartland data breach?
Anxious because you have an upcoming regulatory exam?
Frustrated by the effects of the global recession, and wondering when the heck we're going to climb out of it?
Every day I'm driving to or from work -- or even on the weekends - it seems like I hear about some new urgent priority that I must be aware of, whether it be the flailing economy, President Obama's directives, data breaches, or any number of other news-worthy items. But I love the news - so I don't mind!
You can't get away from this story.
Since we first broke the news about the Heartland Payment Systems (HPY) data breach back on Jan. 21, this story has just dominated conversation in and about our industry.
On our site, the latest news updates and have proven enormously popular.
Federal banking regulators have just released new risk management guidance on remote deposit capture. This FFIEC guidance is to be used by examiners, financial institutions and technology service providers to identify risks, evaluate controls and assess risk management practices related to remote deposit capture (RDC)...
Regulatory compliance is the backbone of a financial institution's information security program. But compliance alone isn't enough, says John Pironti of ISACA's Education Board, who advises institutions to take a risk-based, not a "checklist-based" approach to security.
As of Nov. 1, banking institutions are now eligible to be examined by federal regulators for compliance with the new Identity Theft Red Flags Rule.
So, what should banking/security leaders expect from their initial examinations?
In an exclusive interview, Bill Sewall previews his new webinar, "How to Prepare for...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.