Mobility and IoT are acknowledged by security practitioners to be a whole different beast when it comes to management. MetricStream's French Caldwell says that GRC likewise needs to change its paradigm to accommodate this disruption.
Starting with the 2007-9 financial crisis, which exposed the fallacy in the idea that any market participant is "too big to fail", banks and their traders have recognized a need to get smarter about counterparty credit risk. As a result, concepts such as credit valuation adjustment (CVA) have evolved from a useful...
We've witnessed companies across industries suffer serious reputational and financial damage due to legal and regulatory compliance failures. Most had what they considered reasonable compliance processes, but somehow they didn't work. More and more corporate resources are spent on compliance, with greater attention in...
In today's global marketplace, business leaders must not only deal with well-understood challenges - competition, increasing regulation and sustained volatility - but also the need to maintain profitability and growth in a world defined by rapidly-evolving disruptive technologies. Today, the value proposition of...
Organizations handling transactions involving credit or debit cards are facing increasing pressure to comply with the Payment Card Industry Data
Security Standard (PCI DSS) version 3, which established
various requirements for safeguarding an organization's relevant systems and networks, comprising the
Cardholder...
Uncertain times and a volatile economic climate have contributed to an expanding focus on corporate governance, risk, and compliance (GRC) across all industries. While some companies have met their risk and compliance challenges head on with insightful business strategies and powerful technology solutions, many are...
Bipartisan legislation before Congress, if enacted, could put pressure on publicly traded companies to add cybersecurity expertise to their boards of directors.
IT architects are deploying enterprise information archiving (EIA) products to support compliance, improve operational efficiency, enable e-discovery and/or allow end users to archive and retrieve their own content. To support any one of these use cases, IT architects must understand the enabling "critical...
Securing sensitive emails isn't just a best practice - it's often the law. Compliance with
regulations is a priority for healthcare, financial services and government organizations; it may
also need to be a priority for companies that work with these organizations or practice business
in specific...
Easy, secure communication is a valuable asset in the financial services
industry. Sensitive information is circulating on a day-to-day basis to
customers, third-party organizations and strategic partners, and one
communication tool emerges above the rest when exchanging sensitive
personal information -...
Healthcare organizations face an ongoing compliance burden involving the protection
of sensitive patient data. The task of safeguarding data grows increasingly complex as
the organization's environment adapts to advancing threats and shifting technology
trends. Once simply in record rooms and on desktops, now...
It's time to start to think about the cybersecurity agenda for the 45th president of the United States, who takes office a year from this week. What's on your list of cybersecurity challenges the next president must tackle?
The PCI DSS was developed to "encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data." Even by following the PCI DSS guidelines, it is...
A lawsuit filed against security firm Trustwave is raising questions about "PCI Professional Forensic Investigators" and how they are monitored by the PCI Security Standards Council. But experts say the onus is on companies, not the council, to ensure their security practices are adequate.
Casino operator Affinity Gaming has sued incident response firm Trustwave, alleging that the firm failed to fully eradicate and "contain" the 2013 data breach and payment card malware outbreak that it was hired to remediate.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.