What can organizations do to improve security after a network attack? Post-breach investigations help security leaders trace steps and strengthen weak points, says investigator Erin Nealy Cox.
Britain has an IT skills gap problem, not unlike its American cousin's, as well as nearly every other nationality. Besides technical experts, society needs psychologists, law enforcers, strategists, risk managers, lawyers and accountants with cyber know-how.
Managers and internal auditors don't necessarily see eye-to-eye when it comes to the results of an IT audit. PricewaterhouseCoopers' Carolyn Holcomb explains the challenges and solutions.
By combining responsible management, risk management and compliance functions and internal audits, organizations will go far in securing their data and systems, says PricewaterhouseCoopers Partner Carolyn Holcomb.
What exactly is continuous monitoring - and why is it so hard for organizations to get it right?
It is one of the most discussed and least understood concepts in enterprise risk management today. Fundamentally, continuous monitoring is about deploying systems to examine all of the transactions and data processed...
In healthcare, financial services and other sectors, information breaches are an epidemic. More than 400 major healthcare breaches have been reported since late 2009. And headline-grabbing breaches in the financial services sector, such as the Sony and Global Payments incidents, illustrate why preventing breaches -...
Fraud threats have changed little in the past decade. But their global scale has, and James Ratley, president of the ACFE, details how fraud examiners must change their approach to fighting these crimes in 2012.
Want more money to spend on your enterprise's information security programs? Deloitte's Mike Brown and Amry Junaideen say IT security managers must show their non-IT bosses how the lack of IT security would adversely affect their operations.
Since the summer of 2009, financial institutions and their corporate customers have been defrauded by increased incidents of account takeover. These incidents have pitted banks and customers against one another in court, and they were a key impetus behind the release of the new FFIEC Authentication Guidance. So, how...
An enterprise risk management (ERM) program is more than a collection of organizational functions. ERM integrates all risk efforts under one set of common definitions, process framework, and system solutions. Join a banking/security leader to hear how she developed and grew her institution's ERM program, including...
Software applications are the lifeblood of every organization, and today's #1 IT security threat is vulnerabilities in these applications. Complexity, interconnection and criticality of source code have resulted in a dangerous proliferation of vulnerabilities and risks.
Register for this session to learn:
How...
Layered security is one of the core tenets of the new FFIEC Authentication Guidance - and it's perhaps the most effective strategy for detecting and preventing banking fraud schemes. But what are some of today's most mature approaches to layered security, and how are banking institutions employing them to detect and...
Documenting procedures for the State Department's custom-made, continuous-monitoring tool known as iPost will help ensure that the data collected are appropriately used to protect the agency's global IT system, a GAO audit says.
The non-standardized collection device is responsible for 13 percent of the biometric records maintained by DOD, representing some 630,000 DoD records that cannot be searched automatically against FBI's database of about 94 million records.
Auditors find that the SEC's IT office documented and incorporated National Institute of Standards and Technology patch requirements in its policies and procedures but that guidance wasn't always followed.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.