For financial institutions, data security is both an operational and regulatory imperative. A bank or financial services provider that fails to protect a customer's financial data faces the threat of losing customers, tarnishing their reputation and eventually losing competitive advantage.
Register for this...
I'm out in the field this week conducting a series of services for one our clients. At the moment I'm heavily focused on completing a draft of a new vendor management program for them to implement. Although we have a standard methodology that's been used by the practice for several years, I've taken it upon myself...
Management of third-party service provider relationships has been a regulatory issue as far back as the FDIC's Bank Service Company Act. But recent, well-publicized security breaches of Heartland Payment Systems, TJX Companies and Hannaford Brothers have brought Vendor Management to the fore, and banking regulators...
This week's arrest of 11 alleged hackers accused of stealing more than 40 million credit and debit card numbers may be only the "tip of the iceberg," security experts say.
In the largest identity theft case ever prosecuted by the US Department of Justice, 11 alleged hackers from around the globe face up to life in...
Identity theft red flags, business continuity planning, vendor management - these topics all have received fresh attention from the regulatory agencies this year. And with more to come before year's end.
So, as a way to both reflect and project, we take a look at the Top 6 Regulatory Issues of 2008 - and identify...
In a month of bad news for banking (see recent stories about IndyMac Bank and other failures), our recent series of articles and insights on Gramm-Leach-Bliley Act (GLBA) compliance delivers a reassuring message: Banking institutions are making progress in safeguarding customer information.
A "progressive learning...
The recent release of a University of Michigan study on the security flaws of online banking websites brings attention to the often overlooked area of web application security.
In this exclusive interview, Jeremiah Grossman of WhiteHat Security shares his insights on the importance of web application security for...
Only half of U.S. banking institutions will beat the Nov. 1 deadline for compliance with the Identity Theft Red Flags Rule.
This is the key finding of this survey aimed at gauging the success of institutions' efforts to meet the terms of the new regulatory mandate. The survey, administered electronically in June,...
Interview with Tom Field, Editorial Director at Information Security Media Group
As Nov. 1 looms, Identity Theft Red Flags Rule compliance is an absolute must for financial institutions. Information Security Media Group recently surveyed 300 banking and credit union leaders to gauge their progress toward...
I've told this story before about Michael Barrett, CISO of PayPal. When he joined the company, he asked how senior leaders were fighting the phishing problem.
"Technically, we don't have a phishing problem," he was told.
In the face of regulatory requirements and emerging security threats, banking institutions must consider the policies and procedures necessary for proper retention of audit reports, papers and logs.
Register for this webinar for an overview of the contractual, legal and regulatory compliance requirements for...
Talk about a harmonic convergence.
Just as the major banking regulatory agencies went before the Senate committee recently to deliver their "State of the Banking Industry" addresses, I was sitting back and starting to think about drafting the questions for our next State of Banking Information Security survey.
Whenever family or friends or otherwise ask what I do or what kind of company I work for, I always take the opportunity to start off with a question: Do you know what "information security" is? I do not expect much, as I myself could not quite give a clear definition before working in the position I hold now. No one...
When an institution's focus turns to compliance with the Gramm-Leach-Bliley Act (GLBA), questions always pop up -- What should the institution's core GLBA program include; who should be involved; what kind of information is needed, and what should be prepared for an assessment?
We've asked industry...
Was it the largest synchronized security update in the history of the Internet?
On Tuesday, a coordinated patch was released by security researcher Dan Kaminsky of IO Active, fixing a vulnerability that exists in all Domain Name System (DNS) servers.
What does that mean for financial institutions? Patches are...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
