Whenever family or friends or otherwise ask what I do or what kind of company I work for, I always take the opportunity to start off with a question: Do you know what "information security" is? I do not expect much, as I myself could not quite give a clear definition before working in the position I hold now. No one...
When an institution's focus turns to compliance with the Gramm-Leach-Bliley Act (GLBA), questions always pop up -- What should the institution's core GLBA program include; who should be involved; what kind of information is needed, and what should be prepared for an assessment?
We've asked industry...
Just the other night, I was watching the 1958 classic movie about the sinking of the Titanic. You know, the one that told the straight story before Leonardo DiCaprio and Kate Winslet's steamy romantic version?
My recent post on Business Continuity Planning and its role in supporting institutions affected by the recent Midwest flooding generated more than its fair share of dialogue with my peers.
So much of what's required by regulation often presents itself as a documentation exercise and rarely transcends the...
Was it the largest synchronized security update in the history of the Internet?
On Tuesday, a coordinated patch was released by security researcher Dan Kaminsky of IO Active, fixing a vulnerability that exists in all Domain Name System (DNS) servers.
What does that mean for financial institutions? Patches are...
Early this year, I caught up with Steve Katz, the dean of banking CSO's (see Stephen Katz on Top InfoSec Issues of 2008), and he had some interesting insights on the year's top challenges for banking institutions.
Planning for disaster - whether a simple service disruption or a pandemic event - is paramount to any financial institution. But where does the responsibility fall?
Roger Batsel, SVP, Managing Director of Information Systems at Republic Bank, Louisville, KY., says it's time to separate duties: Let IT handle system...
Remember when you were in school and you hadn't read the chapter like your American history teacher had instructed your class to do on Friday afternoon right before the last bell? It was springtime; who was paying attention to their school work? Who thought there might be a pop quiz on Monday afternoon?
Now, here...
Financial institutions are increasingly better prepared for a pandemic disaster, but cyber security attacks are a growing concern.
This is the message from the current and past chairmen of the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC).
George...
Comptroller of the Currency John C. Dugan this week told his agency's compliance examiners that they need to stay focused on compliance despite the industry's recent credit issues.
"We simply cannot take our eyes off compliance while we address safety and soundness," said >Dugan, speaking at the OCC Compliance...
We are in the process of analyzing data from the Identity Theft Red Flags survey we recently administered - a survey that aims to gauge the current readiness of financial institutions as they move toward complying with new guidance from the banking agencies regarding their identity theft prevention programs. Many of...
The Financial Modernization Act of 1999, AKA the Gramm-Leach-Bliley Act, or just plain GLBA.
However you know it, financial institutions now have had several years of regulatory oversight and examination on it, but some are still struggling to meet the regulation's myriad list of requirements, which include...
Eighty-seven percent of major data breaches could have been avoided through reasonable security measures.
This is the conclusion of a new report from Verizon Business Security Solutions, analyzing 500 forensic investigations of data breaches. Financial institutions made up 14 percent of all companies included in...
Keeping abreast of what's going on in the regulatory compliance domain is something I need to do. It's sort of the life-blood of my career these days, as I spend most of my time either managing or executing audit and assessment activities predicated upon the various regs. Beyond wanting to be certain that my clients...
Say, you need to hire your next CISO. Do you hire a security executive who can learn banking, or a banking executive who can pick up the necessary security skills?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.