When economists dissected July's 0.1 point drop in overall unemployment, to 9.1 percent, they attributed the decline mostly to fewer people seeking work. But that's not the case for IT security professionals. There are few discouraged workers in the information technology occupation categories these days.
The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.
Now that the FFIEC's updated online authentication guidance is out, banking institutions need to move forward in preparation for 2012 compliance, says Julie McNelley, banking fraud analyst for Aite Group.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
ThreatMetrix's Taussig says strong authentication should be part of every financial institution's layered security approach. And according to expected changes to the Federal Financial Institutions Examination Council's 2005 online authentication guidance, that means proven measures to enhance device identification.
ThreatMetrix's Taussig says device identification must be part of layered security measures. Banking regulators want financial institutions to deploy multiple layers of online security. But what does that expectation mean when it comes to investments in fraud detection?
Federal banking regulators have just released new risk management guidance on remote deposit capture. This FFIEC guidance is to be used by examiners, financial institutions and technology service providers to identify risks, evaluate controls and assess risk management practices related to remote deposit capture (RDC)...
Regulatory compliance is the backbone of a financial institution's information security program. But compliance alone isn't enough, says John Pironti of ISACA's Education Board, who advises institutions to take a risk-based, not a "checklist-based" approach to security.