In the areas of risk management and business continuity, security professionals have advanced significantly since Sept. 11, 2001. But there's still an issue of complacency that needs to be addressed, says Rolf von Roessing, past international vice president of ISACA.
Mobile apps and smartphone security are increasing global concerns. But Dr. Giles Hogben of ENISA says mobile malware mania is a bit overhyped, since mobile is actually more secure than most other platforms currently on the market.
"We find a lot of security professionals saying, 'I'm just going to get another certification, or I'm going to get deeper into this technology skill,'" says researcher David Foote. "That's not going to get you very far."
"Once you identify that person based on the unique characteristics of their face, you could then match it with other databases," privacy advocate Beth Givens says, referring to privacy gaps created by facial recognition technology.
"You need to understand how you are currently using social media in your organization, and how you intend to use it, before you can define policies around social media," says Erika Del Giudice of Crowe Horwath.
Provisions in legislation introduced by Sen. Richard Blumenthal, D-Conn., target companies that store online data for more than 10,000 people to assure their customers' personally identifiable information is protected.
The Sept. 11 terrorist attacks struck the U.S., but the impact and lessons affected the world and the entire information security profession, says Rolf von Roessing, past international vice president of ISACA.
A new social-media-management tool provided by the ICBA aims to help community banks monitor social media communications, streamlining posts and comments that appear about banks on and through a number of channels.
Ohio is relatively new to enterprise information security, and according to David Shaw, the state's chief information security officer, there is still much to do to ensure that all the agencies' critical infrastructure is protected.
A new California law requires that organizations experiencing a data breach provide more detailed information to the individuals affected. The law, which covers breaches involving financial, healthcare and other personal information, goes into effect Jan. 1.