The cyber threat landscape is more widespread than ever before, and cybersecurity professionals are needed in all sectors, from government to private industry, says Dickie George of the National Security Agency.
Because information security threats know no borders, the European Network and Information Security Agency is working hard to ensure the solutions span nations, too, says Prof. Udo Helmbrecht, ENISA's executive director.
Anomaly detection and behavioral monitoring are minimum requirements or mitigating online risks, and the newly-issued supplement to the FFIEC Authentication Guidance highlights why banks and credit unions should be doing more, says Terry Austin of Guardian Analytics.
The Fed's ruling on interchange, mandated by the Durbin amendment, offers financial incentives for fraud-prevention investments and could fuel a U.S. move toward new card-payment technologies, like EMV.
Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.
"The action and manifestation of risk is not necessarily evident to today's users in the way it was in the past, and that creates a big inherent challenge for a CISO," says Malcolm Harkins, CISO at Intel Corp.
Dickie George of the National Security Agency has one word to describe the state of information security education today: "Spotty." And this state must improve if we hope to fill all the growing demand for security pros.
It is no longer enough for information security professionals to secure critical information. They also need to be asking about the legitimacy of where this information comes from, says John Colley, managing director of (ISC)2 in EMEA.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
In a merger, it's important for both organizations to have strong communication and data protection processes in place, says Phil Romero, senior security architect of First Technology Federal Credit Union. His institution just led a $4.75 billion merger.
NIST's Ron Ross points out that its seminal security control guidance, Special Publication 800-53, contains only one privacy control, requiring agencies to conduct a privacy impact assessment. That will change by year's end.