Regulators need to do a better job of notifying banks promptly when they find severe security flaws at third parties, especially core banking processors. And community banks need to collaborate on assessments of third-party risks.
In the wake of an ongoing stream of merchant and payment processing breaches, the FDIC is reminding smaller banking institutions that they are ultimately responsible for ensuring the security of cardholder data.
It's been four years since federal officials began tracking major healthcare data breaches. What important lessons can be learned from the causes of these breaches as well as HIPAA enforcement actions by federal regulators?
This document provides you with an understanding of common cybersecurity tests and assessments organizations can use to evaluate their security posture and the distinctions between them. It will help you more accurately determine which assessment may be appropriate for your organization's needs.
Use this white...
John Streufert, the DHS director overseeing the rollout of a federal continuous diagnostic initiative to mitigate IT systems vulnerabilities, expects that many state and local governments will participate in the program.
Citi's settlement with two states over a breach that exposed 360,000 cards will likely set an example for other states. One expert says banking institutions will likely pay more damages when accounts are compromised.
The massive initiative to deploy continuous monitoring at U.S. federal government agencies will be done in phases, with the initial rollout occurring over three years, the Department of Homeland Security's John Streufert says.
White House Cybersecurity Coordinator Michael Daniel sees significant savings in continuous diagnostics because the automated approach to identifying systems vulnerabilities could replace costly checklist compliance reporting.
The Obama administration is floating the idea that critical infrastructure owners would more likely adopt voluntary security best practices if the government engages the insurance industry to help develop its cybersecurity framework.