Key questions: What impact - if any - will the recent RSA and Epsilon data breaches have on the FFIEC's pending authentication update? And when will this long-awaited banking guidance finally be released?
For Will Pelgrin, the former New York State chief information security officer, mobile devices, insiders and old infrastructure represent the major challenges local and state governments face in in securing information technology.
Fraud, risk management emerging technologies -- these issues know no boundaries. That's why we're launching a series of new international BankInfoSecurity sites to draw proper attention to local issues that impact the global banking industry.
Until the IRS corrects the identified weaknesses, its financial systems and information remain unnecessarily vulnerable to insider threats, including errors or mistakes and fraudulent or malevolent acts by insiders, GAO auditors says.
Banking/security leaders aren't crazy about banking regulators telling them they could have done a better job detecting ACH fraud, and they're eager for more specific guidance on what to do going forward.
Speculation about the pending update to online authentication guidance has been circulating around water coolers for months now. "A [disclosure] like this could make it more challenging for the regulators," says attorney David Navetta.
Once a CEO understands the value and risks catered through mobile functionality, it is easier to discuss mobile innovations, policy and how the company can then strike a balance to meet customer and employee requirements.
The survey of local, state and federal IT security practitioners also shows a lack of faith in secure cloud computing. Half see insider threats and poor practices as their agencies' greatest vulnerabilities.
Cyberthreats stem from the malware, but monetary losses stem from money mules. I've decided to coin a new term: eFraud. I cannot think of a better way to describe the wave of fraud incidents the financial industry is facing. It's electronic.