The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.
The new virtualization guidance issued by the PCI Security Standards Council urges organizations to take a risk-based approach when dealing with virtualization methods, especially within cardholder data environments.
"Most convenience stores are concerned about pay-at-the-pump skimming. But they can only focus on so much," says Gray Taylor, a security and compliance expert with the National Association of Convenience Stores.
Characterizing LulzSec as cyberterrorists, department officials confirmed that LulzSec appeared to have gained access to the e-mail accounts of at least seven department employees, with the pilfered information posted online by the group.
Minnesota faces a government shutdown Friday, and state CISO Chris Buse confronts unexpected barriers in preparing for it. No one yet knows what services the IT security organization must support once the midnight deadline passes.
Organizations' biggest obstacles to privacy protection are the organizations themselves - specifically, their silos - says Dr. Ann Cavoukian, proponent of the new concept, Privacy by Redesign.
The release of the list coincides with the issuance of the Common Weakness Scoring System that allows software makers to identify vulnerabilities in their programs and buyers to determine software they acquire is secure.
International cooperation is to thank for the takedown of one cybercrime ring accused of using the Conficker worms to steal more than $72 million from bank accounts spanning more than 10 countries.
The Office of the National Coordinator for Health Information Technology plans to hire a contractor to conduct research on electronically obtaining patient consent for health information exchange.
SafeNet CEO Chris Fedde says top executives, not chief information or chief information security officers, should have final say on what data to encrypt.
Leigh Williams says preventing online data breaches requires cooperation within the online ecosystem from domestic and international organizations. Spearheading and maintaining that cooperation requires federal oversight, he contends.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.