A just released update to the FFIEC's Cybersecurity Assessment Tool helps make meeting regulators' demands for "baseline" cybersecurity more attainable, says Amy McHugh, a bank adviser and former IT examination analyst for the Federal Deposit Insurance Corp.
A discussion analyzing the difficulty of striking a balance between IT functionality and cybersecurity leads the latest edition of the ISMG Security Report. Also featured: Updates on sizing up weaknesses in biometrics and the potential to exploit LED lights to leak sensitive data from routers.
It's a tried and true military tradition: ISR, or Intelligence, Surveillance and Reconnaissance. But the practice is gaining traction in enterprises as well, and especially within cybersecurity, says Christopher Cleary of Tenable Network Security.
In an in-depth interview about a new study that identifies thousands of vulnerabilities in cardiac devices, security researcher Billy Rios calls on manufacturers to more carefully consider the compromises they make in balancing the usability benefits to patient care versus the cybersecurity risks.
As the adversaries develop new methods to strike at increasingly vulnerable digital infrastructures, it is time businesses take a hard look at the way defense is approached and recast security models to drive the cost to the attacker up, says Palo Alto Network's Sean Duca.
The 21st Century Cures Act presents a number of critical but challenging issues pertaining to the advancement of nationwide secure health information exchange that federal regulators must address, David Kibbe, M.D., president and CEO of DirectTrust, explains in this in-depth interview.
In this special edition of the ISMG Security Report, you'll hear an edited version of an ISMG Fraud and Breach Prevention Summit keynote panel in which current and former federal cybersecurity officials assess the IT security agenda of the Donald Trump administration.
Leading the latest edition of the ISMG Security Report: Secretary John Kelly's congressional testimony on how DHS led government efforts to mitigate the WannaCry ransomware attacks. Also, reports on ransomware defenses as well as big data and machine learning combining to secure IT.
The WannaCry ransomware outbreak was a huge "wake-up call" for the global information security community, says Dan Schiappa of Sophos. It's time to patch those legacy systems and prepare for the inevitable next big crimeware scare, he says.
The WannaCry ransomware outbreak showcases the problem: Security pros are overwhelmed by vulnerabilities that could be simple to mitigate, if only they had the right info at the right time. Humphrey Christian of Bay Dynamics discusses how to improve vulnerability risk management.
Voice biometrics: Is it good enough to protect people's bank accounts? Also, the ISMG Security Report goes to Belfast, Northern Ireland, for this year's OWASP AppSec Europe conference, including a visit to the Titanic museum - hopefully not a metaphor for the discipline.
Information security and fraud departments at financial institutions need to improve their collaboration to help fight multichannel cyberattacks, say John Buzzard and Paul Love of CO-OP Financial Services.