Alisdair Faulkner of ThreatMetrix says financial institutions and businesses should focus on five key security areas. What make up the top five, and where do banks need to make the greatest fraud-prevention investments?
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
The FDIC has issued revised guidance describing potential risks associated with relationships to third-party payment processors. What are regulators' new risk-management expectations of banks?
Regulators have hinted at it, and industry experts say it's coming. U.S. banking institutions can expect to see new guidance for mobile banking. The open questions are: When, and in what form?
IT security provider Symantec says it identified multiple publisher identifications on the Android Market that are being used to push out Android.Counterclank, which it characterizes as a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.
Risk assessments are over. Now it's time for institutions to prove they conform to the FFIEC's Authentication Guidance. Fraud expert George Tubin offers tips to prepare for the first regulatory exam.
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
What steps can smaller organizations and their vendors take to ensure security and regulatory compliance? They must transcend what researcher Wendy Nather calls the 'Security Poverty Line.' See how.
IT security leaders rely on penetration testing to determine whether applications are secure. But penetration tests can't be a primary source of assurance, says Jeff Williams, co-founder of OWASP.
Steven VanRoekel says the mobile revolution will fundamentally change the way the federal government serves the public and its employees. But in outlining the Federal Mobile Strategy, the federal CIO hardly mentions security and privacy.
As organizations move to the continuous monitoring of their IT systems to assure they're secure, they rely much more on automated processes. But don't forget the role people play.
In their efforts to enforce security layers and multifactor authentication, are banks and credit unions still missing a core problem - the real vulnerabilities fraudsters are banking on?
"Banks and businesses have to realize: It's not a matter of 'if' when it comes to these attacks," says Barry Rich, CFO of Tennessee's CapitalMark Bank & Trust. "it's just a matter of when."
ACH/Wire fraud was the big story in 2010 and helped influence the updated FFIEC Authentication Guidance. So, have incidents of corporate account takeover decreased in 2011, or are we just hearing less about them?
When the Commonwealth of Pennsylvania suffered a major security breach a few years back, vulnerabilities in a Web application were to blame. CISO Erik Avakian explains how the state developed a process to correct flaws in application code.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.