InfoRiskToday.co.uk RSS Syndication

Preparing for IPv6

What You Need to Know for Secure Implementation
IPv4 - the protocol the Internet originally was built on - is quickly running out of addresses, and organizations must prepare for IPv6. What should they consider, and what steps can they take now?

Attack Highlights Third-Party Risks

Hack of Online Billing Provider May Have Exposed 500,000 Cards
The hack of online billing provider WHMCS may have exposed 500,000 payment cards. Experts say the incident highlights the persistent risks third parties pose in cardholder data security.

Tips for Contracting Cloud Services

What Organizations Need to Consider Choosing a Vendor
Cloud services contracts often provide little to no wiggle room. What steps do organizations need to take before signing any contract? IT security lawyer Françoise Gilbert offers some key strategies.

Social Engineering: Mitigating Risks

Symantec Recommends Mix of Tech, Education
Why are socially engineered schemes causing so many headaches? Symantec's new Internet Security Threat Report shows attacks are growing. Here's a list of Symantec's recommendations to thwart risks.

ENISA: Cybersecurity Aspects in the Maritime Sector

ENISA has published the first EU report ever on cybersecurity challenges in the Maritime sector. This principal analysis highlights essential key insights, as well as existing initiatives, as a baseline for cybersecurity. Finally, high-level recommendations are given for addressing these risks.

ENISA: Guidelines on Incident Reporting

ENISA has issued guidelines to national telecom regulatory authorities about the implementation of Article 13a, in particular, the two types of incident reporting mentioned in Article 13a: the annual summary reporting of significant incidents to ENISA and the European Commission and ad hoc notification of incidents to other NRAs in case of cross-border incidents.

ENISA: Technical Guidelines on Minimum Security Measures

ENISA has issued guidance to national telecom regulatory authorities about the implementation of Article 13a, in particular about the security measures that providers of public communications networks must take to ensure security and integrity of these networks.

ENISA Launches Guide on Building Effective IT Security Public Private Partnerships

The European Network and Information Security Agency has released a new guide on building effective IT security public private partnerships.

Synovus Bank Eliminates Cybercrime - A Case Study

Synovus Bank, one of the largest community banks in the southeast, offers Online Cash Management services to its commercial clients with a simple pledge: "The freedom to manage your cash position anytime, anywhere." After witnessing relentless cyber-attacks on the endpoints of end users, Synovus Bank knew that meeting this pledge required them to take action. The bank's Product Development team carefully selected an endpoint security solution that met their requirements:

Satisfying FFIEC Guidelines
Low customer impact/Ease of installation
Proven effective, quick to implement and easy to manage
Complement the bank's two tier security architecture

Hear how Synovus Bank proactively prevents fraud. Kevin Gibson, Director of Product Development at Synovus Bank, explains the challenges they faced, why Trusteer Rapport was the right fit, and its ease-of-deployment. He also discusses how Trusteer's layered security helps them protect against cybercrime, as well as Trusteer's role in enabling compliance with the latest FFIEC guidance. Trusteer's Director of Product Marketing, Oren Kedem will describe Trusteer's Cybercrime Prevention Architecture and how it stops online banking fraud.

2012 Cloud Security Agenda: Expert Insights on Security and Privacy in the Cloud

What are organizations' top cloud security concerns, and how are security leaders addressing these concerns through policy, technology and improved vendor management?

This is the key question posed by the 2012 Cloud Security Survey.

No longer just an emerging technology practice, cloud computing today is embraced globally as a means of gaining efficient access to critical applications, processes and storage. It's now common for organizations to rely on cloud service providers for functions and business applications such as customer relationship management, messaging or storage via a public, private or hybrid cloud. Further, industry-specific cloud-based applications such as electronic health records or mobile banking and payment applications are emerging at an unprecedented pace.

But these engagements come with questions about risks:

What are your cloud service provider's security and privacy measures, and have they been audited?
Where geographically is cloud data being stored, and how do operational practices comply with government, industry and organizational privacy regulations?
How is a multi-tenant cloud environment managed, and in the event of system compromise - what will be the incident response escalation process?

Yes, cloud computing is about efficiencies and new technologies, but it's also about security, privacy and an organization's reputation.

The 2012 Cloud Security Survey was crafted with assistance from leading experts in cloud computing, security and privacy, with a mission to:

Chart the latest cloud trends, including types of cloud implementations most common by industry and region;
Gauge organizations' top cloud security concerns, from vendor security to data governance and breach preparedness;
Predict the top areas of investment for organizations most concerned about cloud security.

This webinar will draw upon survey results and expert insight from a special roundtable panel to discuss:

Top Security Concerns - Are organizations more concerned about where their data is stored, or whether a malicious insider might be a threat to it?
Success Factors - On a scale with cost savings and availability of services, how does security now rank among elements critical to a successful cloud computing implementation?
Protective Measures - What are some of the practices organizations are employing, from instituting more stringent contracts to enforcing third-party audits and even participating in mock security exercises with cloud service providers?

2012 Faces of Fraud Survey: Complying with the FFIEC Guidance

A follow-up to ISMG's 2011 Faces of Fraud Survey, this webinar looks not only at the latest fraud trends and how institutions are fighting back, but also at their progress in putting together layered security controls in conformance with the FFIEC Authentication Guidance.

Given the persistence of fraud threats and the demands of the FFIEC Authentication Guidance, the 2012 Faces of Fraud Survey is crafted with assistance from leading experts in fraud detection and prevention, with a mission to:

Chart the latest fraud trends, including account takeover, skimming and payment card breaches;
Gauge institutions' preparedness to conform to the FFIEC Authentication Guidance, including where they are prioritizing their efforts;
Predict the top areas of focus for 2012, from real-time fraud monitoring tools to new layered security controls.

BYOD: Manage the Risks and Opportunities

From home computers and laptops to cellphones and PDAs, employees have always lobbied to introduce consumer technologies in the workplace.

But with the advent of smart phones, tablets, portable storage and a variety of laptops - powerful computing devices that often rely on unsecured wireless networks - the push today is even greater. Example: Intel, the global computer technologies manufacturer, reports that connected mobile devices grew from 10,000 to 30,000 over the first 10 months of 2011. And by 2014, Intel expects 70% of its employees to use personal devices for some aspect of their job.

So, it's no longer a question of whether to allow employees to use their own devices - no corporate policy can stem the tide of consumerization. The questions now are about:

Inventory - How do you properly account for all of the consumer devices introduced by your employees? Know how to lock down your corporate wireless networks and desktop computers, so you'll also know when employees are trying to access corporate resources via connecting new devices.
Security - How do you protect your systems and data from unauthorized access - and in the event of lost or stolen devices? From identification to proper authentication, appropriate access control, data storage and detecting un-authorized activities - all controls implemented by an organization on 'corporate-owned' resources over the last decade can potentially be rendered useless on an employee-owned device. Learn the importance of each control and the implementation challenges in a large-scale environment.
Privacy - The controls you place on an employee-owned device could potentially compromise the individual's privacy (knowing which sites they visit, or whom they e-mail in their off-hours, for instance). How do you achieve the right balance to protect the enterprise's security and the employee's privacy?
Compliance - Certain international regulations and standards spell out standards for how data is collected and stored, as well as how it must be made available for legal requests. Are you prepared to address these and other top-level compliance issues when it comes to employees storing enterprise data on their own devices? Learn how to weigh the risks and benefits.
Policy - Beyond making employees aware of your policy, how do you enforce it? Awareness is key - make sure employees understand your policies around device usage, access, software licensing and other critical issues. But you also need to articulate specific areas of non-compliance and then monitor appropriately for violations subject to disciplinary action, including termination.
Opportunity - Beyond securing devices, BYOD is an opportunity to improve data and access security in the enterprise, web, mobile, and SaaS applications. The opportunity is for organizations to still have strong security and authentication, but in a way that is "outsourced" to the device owner for all of their applications. This outsourcing can save the company IT budget, as well as reduce help desk support.

In this session, mobile security experts will discuss these topics and more, sharing insights on how today's leading-edge organizations are embracing BYOD as a means of improving employee productivity and creating new business value.

Why Boards of Directors Don't Get It

IT risk management, cyber insurance, privacy - these are hot topics for security leaders, but not for their boards of directors. Why do senior executives still fail to see IT risks as business risks?

How to Respond to Hacktivism

Hacktivist attacks will increase, and researcher Gregory Nowak says organizations can take proactive steps to reduce exposure and protect brand reputation. Why, then, are many organizations failing?

4 Security Priorities for Banks

From mobile and the cloud to DDoS attacks and risks surrounding big data, what should banks and credit unions do now to mitigate exposure? Gartner's Anton Chuvakin offers his top recommendations.

Intelligent Defense Against Intruders

Imagine a computer network that can fool intruders into seeing configurations that in reality don't exist, making it hard for them to invade the system. That's what Scott DeLoach is trying to figure out how to do.

The Facts on Occupational Fraud

How to Detect and Prevent Insider Crime
The statistics revealed in the ACFE's new 2012 Report on Occupational Fraud and Abuse are all very real. Here are my insights on occupational fraud and steps leaders can take to detect these crimes.

The Business Case for Continuity Planning

Small, Mid-Size Enterprises Especially Need to Develop Strategy
Why do so many small and mid-sized enterprises continue to believe that business continuity planning is just for the big guys? And how do we go about convincing them otherwise? Here are some tips.

Measuring the Immeasurable: IT Security

A Year After Its Debut, Index of Cybersecurity Rises by 30 Percent
Factors driving up the index vary from month to monthly, but the clear takeaway of the survey of IT security practitioners is that they're getting more apprehensive about safeguarding IT.

Can You Define Cybersecurity?

Answering That Question Isn't So Easy
The lack of common definitions, understandings and approaches among countries may hamper international cooperation on cybersecurity, a need acknowledged by most countries.