Dickie George of the National Security Agency has one word to describe the state of information security education today: "Spotty." And this state must improve if we hope to fill all the growing demand for security pros.
It is no longer enough for information security professionals to secure critical information. They also need to be asking about the legitimacy of where this information comes from, says John Colley, managing director of (ISC)2 in EMEA.
From the exposure of thousands of Citi cardholders to the Michaels debit breach, fraud continues to impact card issuers. Involving the consumer in prevention is a step financial institutions must take, says Javelin's Phil Blank.
You know the tune: Cyber thieves pirated the town's banking credentials, arranged some bogus "payroll transactions" with the town's bank and then next thing you know ... money mules are transferring funds to the Ukraine.
In a merger, it's important for both organizations to have strong communication and data protection processes in place, says Phil Romero, senior security architect of First Technology Federal Credit Union. His institution just led a $4.75 billion merger.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
HealthcareInfoSecurity has launched its inaugural Healthcare Information Security Today survey gauging top trends, threats and priorities for hospitals, clinics, health plans and integrated delivery systems.
"Consumer notification is often hampered by the fact that companies must first determine their obligations under 47 different state regimes," says Rep. Mary Bono Mack, R-Calif., the subcommittee's chair and bill's sponsor.
It's not enough for banking institutions to conform to the FFIEC Authentication Guidance update. They also must ensure that their key vendors meet the same standards, says Philip Alexander of Wells Fargo Bank.
NIST's Ron Ross points out that its seminal security control guidance, Special Publication 800-53, contains only one privacy control, requiring agencies to conduct a privacy impact assessment. That will change by year's end.