A lack of ongoing HIPAA compliance training increases the risk of internal breaches, says Terrell Herzig, information security officer at UAB Medicine.
Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.
An estimated 650,000 customers have recently switched from big banks to community banks and credit unions. But are these smaller institutions prepared for the new demand for security and fraud prevention?
Improving regulatory compliance efforts is the No. 1 information security priority for healthcare organizations in the year ahead. That's a key finding of the inaugural Healthcare Information Security Today survey.
As the Bank of America website outage proved, "Assuming it's an attack or breach is now the default response," says ID theft expert Neal O'Farrell. So, how can organizations change that perception?
"Forensics in the cloud is not necessarily a new field, but requires a new skill set and being able to learn on the fly," says Rob Lee, curriculum lead for digital forensics at SANS Institute.
Ohio is relatively new to enterprise information security, and according to David Shaw, the state's chief information security officer, there is still much to do to ensure that all the agencies' critical infrastructure is protected.
Give a man a fish, you feed him for today, the proverb says. Teach a man to fish; and you feed him for a lifetime. That adage can be applied to information security, as well.
"The more that you could focus in on computer science topics, to understand programming, network-based technology and mobile-based technology, the better off you're going to be," says Rob Lee of SANS Institute.
"There are still a lot of inexperienced people out there that are passing themselves off as experts," says Scott Laliberte, managing director of Protiviti, outlining the common challenges of penetration testing.
Yahoo's Justin Somaini believes his fellow CISOs in business and government do a good job keeping their bosses informed of proper information security practices, but could do better in educating the rank and file about them.
Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
A new concept called Privacy by Redesign, by Dr. Ann Cavoukian, Privacy Commissioner of Ontario, Canada, looks to bring privacy into systems that are already developed.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
