"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
"There's a real threat out there." Cybersecurity Coordinator Howard Schmidt says. "But the threat sort of follows the way we build our defenses against it, and I think those things continue to move in parallel."
Looking ahead to the new year, Kristin Lovejoy of IBM says information security organizations face a host of global compliance issues - and the complexity of this challenge may be the biggest task of 2011.
Shuttering of smaller institutions leaves a financial void for certain segments of the population -- a golden opportunity for innovative institutions dedicated to growing their businesses and services.
"What's interesting is that the criminals are now using cryptographic technology to protect the card information they steal, and that's posing challenges for detection and law enforcement," says Jeremy King of the PCI Security Standards Council.