When planning for an internal IT risk assessment, it is a good idea to have a solid understanding of risk management first. The finance and accounting departments in most organizations now have a firm grasp on risk management from a business perspective, thanks to Sarbanes-Oxley. However, when the IT Security...
Financial institutions are subject to a slew of laws and regulations aimed at information security. There's Gramm-Leach-Bliley (privacy), Federal Financial Institutions Examination Council (authentication and online banking), and Payment Card Industry (card security). There's also California's and other states' data...
The Interagency Guidelines Establishing Information Security Standards as per Gramm-Leach-Bliley Act (GLBA) of 2001 require each bank to have a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the bank and the...
The FAQs recently published by the FFIEC on August 15, 2006, is an attempt by the FFIEC to answer questions asked of them about their guidelines on Internet Banking Authentication published October 12, 2005. The 2005 guidelines were an outgrowth of a previous guidance document issued in 2001.
As with all federal...
The Gramm-Leach-Bliley Act (GLBA) contains a rule, known as the Safeguard Rule, under which the Federal Trade Commission and other federal agencies have established standards for financial institutions relating to administrative, technical, and physical safeguards for customer information. The objectives are to ensure...
Visa is mounting a full-scale blitz to encourage merchants to use payment software that doesn't compromise consumer passwords. The card company has asked merchants to ensure that the software they use to process card transactions doesn't store the full contents of "track data", which contains passwords and other...
The results are in, and BankInfoSecurity.com would like to present the Top 10 financial information security articles on this website from 2006. All articles have been posted since January, and include any articles through the last week in July.
Not surprisingly, the number one article referred to actual financial...
Computing Technology Industry Association (CompTIA) released results of a study earlier this year that cites human error was responsible for nearly 60 percent of information security breaches experienced by organizations over the last year. Additionally the results of the study show that most companies don't require...
EMC Corp.'s recent acquisition of RSA Inc. underscores the convergence of information security and storage. EMC, which sells large storage systems for use in corporate data centers, bought RSA - a manufacturer of encryption software and devices - to provide it with identity and access management technologies and...
Steve Williams - GonzoBanker
NEW JOB OPENING!SENIOR EXECUTIVE WANTED FOR FAST-GROWING BANK
- As a senior vice president of our bank, you will be in charge of a function that is complex and requires technical knowledge that needs to be completely refreshed every 2 - 3 years.
- You will provide services to a...
Deloitte Security Survey
The world's largest financial institutions have faced a surge in the number of security attacks over the past year, particularly from external sources, according to the 2006 Global Security Survey released by the Financial Services Industry practices of the member firms of Deloitte Touche...
You're thinking about making a career move in the information security industry, but not sure how to approach it? Position yourself for professional and personal excellence!
Set Realistic Goals for Yourself
One morning you wake up and realize you are head to head with the unknown. How can you move past this and...
To be successful as a company, finding and choosing the right team is critical. Every company must continuously expand its core team in order to increase market share and maintain competitive standing. Expanding your team requires top talent - specialists in the unique nature and culture of information security...
Disaster Recovery is about three things: planning, testing, and procedures. Each part is as important as the other. The planning phase often gets a lot of attention and for good reason. Banks have to satisfy compliance initiatives and answer to the FFIEC and OCC.
But that is not where the story ends. ...
Exploitations that threaten security are on the rise. Every day, news stories document the rampant growth of attacks and exploits. The types of attacks vary - Denial of Service (DoS), buffer overflow, identity theft, session hijacking, website defacements, email viruses, worms, phishing scams, and the list goes on. ...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.