The Obama administration's plan for a federal data breach notification policy is too vague to be effective, and it lacks teeth to penalize violators, according to experts who raise open questions about the proposal.
Payment card fraud is a reality the industry is learning to deal with, through stronger analytical tools and transaction monitoring, financial experts says.
Lacking technology is not the problem, says attorney Lucy Thomson. It's that today's technology is not being adequately used to fight modern cybersecurity threats.
When it comes to hot topics, they don't get hotter than authentication, cloud computing and IT governance - all of which I've discussed at length in recent interviews with industry thought-leaders. Let's review some highlights from these conversations.
Widely publicized reports aren't giving the full picture of an (ISC)2 survey that projects the doubling of the federal government IT security workforce by 2015.
Bankers aren't waiting for the FFIEC to act on the release of its updated online authentication. Instead, they've already begun to comply with the major points recommended in the draft. And the death of Osama bin Laden has heightened concerns terrorists' efforts to launder money through legitimate banking channels.
Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.
"Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect the intrusion quickly, all perhaps by design," Sony Computer Entertainment America Chairman Kazuo Hirai said in a letter to Congress.
From mobile devices to social media and cloud computing, IT governance is all about risk management. "You can't de-risk everything, but you can de-risk the majority of circumstances you will see in normal operations," says governance expert Robert Stroud.
Intel CISO Malcolm Harkins says the Sony PlayStation breach reminds CISOs in all sectors that such incidents can't be avoided, but their risks can be managed.
Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
North American Clearinghouse Association, not the government, led the effort to move Food Stamps to e-payments. That's what the government wants to do with the National Strategy for Trusted Identities in Cyberspace initiative, the fed's NSTIC point man says.
Key questions: What impact - if any - will the recent RSA and Epsilon data breaches have on the FFIEC's pending authentication update? And when will this long-awaited banking guidance finally be released?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.