The Obama administration's plan for a federal data breach notification policy is too vague to be effective, and it lacks teeth to penalize violators, according to experts who raise open questions about the proposal.
Regulatory compliance expert Harry Rhodes says it's essential to have a formal process in place for objectively assessing whether a security incident needs to be reported as a breach.
Payment card fraud is a reality the industry is learning to deal with, through stronger analytical tools and transaction monitoring, financial experts says.
Lacking technology is not the problem, says attorney Lucy Thomson. It's that today's technology is not being adequately used to fight modern cybersecurity threats.
When it comes to hot topics, they don't get hotter than authentication, cloud computing and IT governance - all of which I've discussed at length in recent interviews with industry thought-leaders. Let's review some highlights from these conversations.
Widely publicized reports aren't giving the full picture of an (ISC)2 survey that projects the doubling of the federal government IT security workforce by 2015.
A silver lining is emerging behind the rash of breaches that occur all too regularly. The fact that these breaches make the public more aware of the vulnerabilities is encouraging in efforts to make the Internet safer for all.
Personalized medicine research, which relies on genetic information paired with electronic health records, could pave the way for many treatment breakthroughs. But because of the sensitive nature of the information involved, pioneers in this field must take extra privacy and security precautions.
Bankers aren't waiting for the FFIEC to act on the release of its updated online authentication. Instead, they've already begun to comply with the major points recommended in the draft. And the death of Osama bin Laden has heightened concerns terrorists' efforts to launder money through legitimate banking channels.
Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.
"Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect the intrusion quickly, all perhaps by design," Sony Computer Entertainment America Chairman Kazuo Hirai said in a letter to Congress.
From mobile devices to social media and cloud computing, IT governance is all about risk management. "You can't de-risk everything, but you can de-risk the majority of circumstances you will see in normal operations," says governance expert Robert Stroud.
Intel CISO Malcolm Harkins says the Sony PlayStation breach reminds CISOs in all sectors that such incidents can't be avoided, but their risks can be managed.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
