I was talking the other day with a friend who works at an information security risk company. He shared with me the higher-level details of a physical penetration test on which he tagged along.
When a Dallas, TX bank needed some help to stop unauthorized data, it pulled out the biggest guns it could locate to stop the data leaking out of its networks.
The choice was a natural progression of what the bank was already doing to stop data loss, according to Omni American Bank's Chief Information Officer Tony...
We've known for roughly six months now that the Identity Theft Red Flags Rule compliance deadline is Nov. 1, barely four months away. How close, then, are banking institutions to meeting that deadline?
That is the question of the summer, and the answer will be found in the results of our new Identity Theft Red...
Our insightful content just became a whole lot more interactive - and opinionated.
With the debut of five new blogs on BankInfoSecurity.com and CUinfoSecurity.com, Information Security Media Group (ISMG) is opening the floodgates to a whole new level of informed opinion and two-way communication with its vast...
I started scoping out my next blog entry with PCI in mind (and how it will likely find its way into the community-bank/credit union space in a few years) and was blind-sided by one of my favorite nits to pick recently: the risks presented by poorly managed third-party vendor relationships.
By now we've all heard the buzz term "Web 2.0" - but how many of you truly grasp what it means?
For some time, even those entrenched in Internet marketing and technologies struggled to define the term (brings to mind "GRC"), and nowadays it seems more appropriate to describe web 2.0 by giving examples of specific...
Life on the Great Plains for many nomadic Indian tribes was built around the buffalo. The tribes followed the herds of great shaggy beasts across the rolling hills of tall grass, their entire lifecycle centered on the buffalo herd. Braves honed their lance and bow and arrow skills with hours of practice. A common...
Finally, it's your turn to have your say.
Since first joining Information Security Media Group late last summer, one of my primary goals has been to debut a blog for BankInfoSecurity.com and CUinfoSecurity.com.
Today, proudly, I'm able to announce the launch of not just one blog, but five - with more to come in...
On one hand, this step does show that the business has made a conscientious effort to plug a major security hole.
But on the other, can't you see that first lawsuit filed by a breached customer saying "Hey, you gave me this stuff and said my PC was safe ...?"
Credit and debit card fraud: It's the threat that keeps growing and evolving.
A year ago, many banks and credit unions were forced to cancel and reissue thousands of cards as a result of the TJX breach. More recently, banks located in Indiana saw accounts breached from ATM or debit card transactions. Indiana law...
A financial institution can outsource a service, but it cannot cede responsibility for the potential risks to itself and its customers.
This is the message from banking regulatory agencies to member institutions, hammered home by recent bulletins from the Federal Deposit Insurance Corporation (FDIC) and Office of...
The Federal Reserve Banks have 12 information security control deficiencies that must be improved, according to a new report from the U.S. Government Accountability Office (GAO).
On Monday, June 16, the GAO issued its annual audit report in connection with its requirement to audit the financial statements of the...
With just under five months to go before the Nov. 1 deadline, how close are financial institutions to compliance with the new Identity Theft Red Flags Rule?
This is the key question to be answered by a new survey from Information Security Media Group (ISMG), which seeks to shed new light on what tracks to be one of...
The Federal Deposit Insurance Corporation (FDIC) has made progress with its internal security controls, but still needs to make significant improvements to its security management practices.
This is the key finding of a recent report issued by the Government Accountability Office (GAO) in an audit of the banking...
Banking institutions must conduct appropriate security risk assessment and mitigation on all software applications, regardless of whether developed internally, by a vendor or by outside developers.
This is the key point of a recent bulletin from the Office of the Comptroller of the Currency, which regulates and...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.