2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
The bring-your-own-device trend is increasing, but work-place policies are not. ISACA's Ken Vander Wal says low employee awareness and the absence of any BYOD policy are to blame. So what can organizations do to fill their security gaps?
Despite the FFIEC authentication guidance and the growth of online fraud, financial institutions still rely on outdated practices that expose customers to risk. How can institutions update their security measures?
In their efforts to conform with the FFIEC authentication guidance, many financial institutions are caught off-guard by the overall cost of enhanced detection and authentication for online banking. Why?
Bank of America, a pioneer in mobile banking, says mobile is hot, but it also opens financial institutions to unknown risks. What proactive steps should banks and credit unions take to ensure they're ready?
BITS president Paul Smocer says banks can expect an uptick in cybersecurity-focused legislation in 2012. What impact will changes from Capitol Hill have on requirements for data breach notification, information sharing and critical infrastructure?
A wave of security breaches serves as a catalyst for all types of organizations to assess the need for cyber insurance. Here's the story of one institution that saw the threat and took out a $10 million policy.
Banks and credit unions are feverishly working to meet the FFIEC's authentication compliance deadline next year. But experts say institutions should be looking beyond the guidance, by making investments in cross-channel fraud detection.
Unfortunately, says Ken Vander Wal, most organizations have done little to address security in their policies and procedures regarding BYOD, which is changing the ways companies address user behavior and risk.
Mobile banking is a 'must-have' today, but the foray into this new financial-services arena comes with risk. Consistent review and implementation of security layers and controls is the only strategic way to tackle emerging mobile offers.