Organizations are starting to adapt to cloud computing, but they're hesitant about placing their core assets in the online environment, according to results from the 2011 ISACA IT Risk/Reward Barometer.
Breaches will not slow anytime soon, and there's not much financial institutions and the payments chain can do to stop them. At this point, the best course of action for banks and retailers is to focus on damage control.
Organizations looking to improve their privacy management in the event of a breach "have to continually plan and prepare," says Nationwide's Chief Privacy Officer Kirk Herath. That means putting into writing a comprehensive plan.
Card-issuing banks struggle to find the balance between consumer satisfaction and protection. And in the wake of the Michaels breach, the financial industry knows it has to make a change. One industry expert says stronger card authentication is the answer, and he favors chip-based or EMV-like solutions.
Two stories stand out when I look back on the month of May: the POS PIN pad swap scheme that hit Michaels crafts stores in more than 20 states and the insider job at Bank of America that led to $10 million being stolen from some 300 customer accounts.
Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies, has been in privacy management for more than a decade, and he has two main concerns about today's enterprise: Mobile technology and cloud computing.
"No one up here wants to stop Apple or Google from doing the incredible things that you do," Sen. Al Franken says. "What today is about is trying to find a balance between all of those wonderful benefits and the public's right to privacy."
Bankers aren't waiting for the FFIEC to act on the release of its updated online authentication. Instead, they've already begun to comply with the major points recommended in the draft. And the death of Osama bin Laden has heightened concerns terrorists' efforts to launder money through legitimate banking channels.
"The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone's location," Apple said.
Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.