The database has become the main target for hackers and negligent insiders, as the insider breach at Bank of America showed. A recent survey highlights the need for financial institutions to enhance security measures to mitigate threats and losses.
Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.
Security teams need to look at the controls they have put in place in their organization and question whether they are shifting risky behavior to different areas and perpetuating problems, says Intel CISO Malcolm Harkins.
A key factor in minimizing the risk of a breach when working with business associates is to provide these partners with the minimum amount of information they need to perform their services, says security expert Brian Lapidus.
Characterizing LulzSec as cyberterrorists, department officials confirmed that LulzSec appeared to have gained access to the e-mail accounts of at least seven department employees, with the pilfered information posted online by the group.
The new virtualization guidance issued by the PCI Security Standards Council urges organizations to take a risk-based approach when dealing with virtualization methods, especially within cardholder data environments.
Leigh Williams says preventing online data breaches requires cooperation within the online ecosystem from domestic and international organizations. Spearheading and maintaining that cooperation requires federal oversight, he contends.