Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.
The new virtualization guidance issued by the PCI Security Standards Council urges organizations to take a risk-based approach when dealing with virtualization methods, especially within cardholder data environments.
Leigh Williams says preventing online data breaches requires cooperation within the online ecosystem from domestic and international organizations. Spearheading and maintaining that cooperation requires federal oversight, he contends.
"It's not enough to know the architecture of the breach system," says Michael Aisenberg of MITRE Corp. "Leaders have to understand the different jurisdiction of where they do business, where their customers are and which breach law applies."
Building on existing contactless NFC technology could bridge the gap between the mag-stripe and chip and PIN. And the Smart Card Alliance says merchants should begin investing in infrastructure upgrades now.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.
The arrest followed an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.
Northrop Grumman Cybersecurity Research Consortium's Robert Brammer says IT security researchers should think like Wayne Gretzky, the National Hockey League hall of famer: Skate to where the puck will be.