"The changes we propose in revision 4 are directly linked to the current state of the threat space - the capabilities, intentions and targeting activities of adversaries - and analysis of attack data over time," says NIST's Ron Ross.
When the Commonwealth of Pennsylvania suffered a major security breach a few years back, vulnerabilities in a Web application were to blame. CISO Erik Avakian explains how the state developed a process to correct flaws in application code.
Despite the FFIEC authentication guidance and the growth of online fraud, financial institutions still rely on outdated practices that expose customers to risk. How can institutions update their security measures?
Banks and credit unions are feverishly working to meet the FFIEC's authentication compliance deadline next year. But experts say institutions should be looking beyond the guidance, by making investments in cross-channel fraud detection.
Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.
An estimated 650,000 customers have recently switched from big banks to community banks and credit unions. But are these smaller institutions prepared for the new demand for security and fraud prevention?
What fraud and security issues does Paul Smocer, the new president of BITS, see as being top concerns in the coming year? Mobile payments, social media, and a strong need for institutions and organizations to comply with existing guidance top the list.