Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
Since becoming Vermont's first CISO three years ago, Kris Rowley's been on a quest to create an IT security culture in state government. Rowley's latest initiative, bringing risk assessment in-house, is helping build that culture.
The new FFIEC online authentication guidance update is a good "cookbook" for financial institutions to apply layered security, says Avivah Litan of Gartner.
Now that the FFIEC Authentication Guidance update has been issued, there is no more important task for banking institutions than to conduct their risk assessments, says Matthew Speare of M&T Bank Corp.
By leveraging infrastructure that exists, a DoD-DHS-private sector cyber pilot suggests the nation can provide substantial additional protections across its critical infrastructure for only a fractional increase in cost.
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-François Legault, senior manager of forensics and dispute services at Deloitte.
Eddie Schwartz didn't shy away from the offer to become RSA's first chief security officer after the security firm experienced a sophisticated advanced-persistent-threat breach. Instead, Schwartz embraced the hack as the reason to take the job. (See RSA to Get Its First Chief Security Officer.)
Fraud today is global. The same problems happening in the U.S. are simultaneously occurring in other parts of the world. For interested job seekers, there's never been a better time to enter the fraud examiner profession.
Recent high-profile data breaches and heightened threats add up to one thing: a bright future for information security professionals who want to start or re-start a career in risk management.
As recent incidents at Citi and BofA reinforce, most banking institutions, from large to small, have done a poor job of keeping up with inside jobs and internal threats.
Among the 12 computer-related job classifications tracked by the Department of Labor's Bureau of Labor Statistics, information security analysts was one of only two categories to report no unemployment during the second quarter of 2011.
We all know the cost of regulatory compliance - how expensive it can be to meet the standards of HIPAA, HITECH and other industry guidelines. But two organizations this week learned hard lessons about the cost of non-compliance.
Emerging technology is often touted for enhancing security. But if not properly deployed and integrated, these technologies can hinder rather than improve security.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.