Latest

►

PCI Standards

Why Standards for Securing Digital Payments Are Essential

Varun Haran  •  December 14, 2018

Following industry standards should not be a compliance-driven, checkbox activity, says the PCI Security Standards Council's Nitin Bhatnagar. "It has to be a holistic approach, and you have to get involved with people, process and technology."

►

Identity & Access Management

Identity and the Need to Break Down Silos

Varun Haran  •  December 14, 2018

Breaking down departmental silos and building one common, umbrella identity is critical for closing the security gaps in rapidly digitizing environments, says Nexus Group CEO Magnus Malmström.

►

Advanced SOC Operations / CSOC

Insights on Upgrading a SOC

Tom Field  •  December 14, 2018

By building in some risk intelligence upfront, organizations can upgrade their security operations centers and reduce the noise from the sheer volume of alerts and false positives, says Ganesh Prasad of RSA, who shares insights.

►

Breach Response

Breach Response: When to Involve the Board and PR

Tom Field  •  December 14, 2018

In the wake of the recent Marriott and National Republican Congressional Committee data breaches, now is the time to get your board's attention regarding breach response and public disclosures. Attorney Mark Rasch offers insights for preparing and practicing response plans.

►

Artificial Intelligence & Machine Learning

How to Maximize Data Used to Fight Fraud

Tom Field  •  December 14, 2018

The data being used to drive effective anti-fraud efforts can be rich in context and useful for other activities. Jim Apger of Splunk describes emerging fraud schemes and solutions, highlighting the role of machine learning.

►

Fraud Management & Cybercrime

Mitigating Identity Deception

Tom Field  •  December 14, 2018

The fraudsters have more tools and information than ever at their disposal to pull off socially engineered schemes. But how can the victims turn the tables? Agari's Andrew Coyle discusses new tools and strategies to improve defenses.

►

Analytics

The Blurring Line Between Business and Cyber Fraud

Varun Haran  •  December 14, 2018

Technology and business process silos are being exploited to perpetrate sophisticated, technology-driven fraud across business functions, which is blurring the line between cyber fraud and business fraud, says Forcepoint's Ajay Kumar Dubey.

Breach Response

Did China Hack Marriott, Or Is This Fake News?

Nick Holland  •  December 14, 2018

The latest edition of the ISMG Security Report features an analysis of the validity of reports that China is behind the massive Marriott data breach. Also: Fascinating details in a Congressional report on the Equifax breach, and a clear explanation of "self-sovereign identity."

►

Audit

Making Internal Audits More Relevant

Suparna Goswami  •  December 13, 2018

How can internal audits be improved and made more meaningful? Prasanna Bharatan, internal auditor at the pharmaceutical company Wockhardt, outlines the important steps to take.

►

3rd Party Risk Management

Improving Vendor Risk Management

Suparna Goswami  •  December 13, 2018

Providing vendors with visibility to a company's systems makes the vendor management process far more complicated, says Sunil Chandiramani of NYKA Advisory Services.

Incident & Breach Response

Incident Response: Mistakes to Avoid

Suparna Goswami  •  December 13, 2018

Ganesh Viswanathan, CISO at Quatrro, a global services company, offers insights on how to avoid incident response mistakes. One key element, he says, is using multiple sources for breach detection so response can be swift.

Breach Response

Marriott: Breach Victims Won't Be Forced Into Arbitration

Jeremy Kirk  •  December 12, 2018

Breach victims who sign up for free fraud-monitoring services from breached businesses that lost control of their data often sign away their right to join class-action lawsuits or pursue other legal actions, and Marriott proved to be no exception, following its mega-breach. But it now appears to be backing off.