In a merger, it's important for both organizations to have strong communication and data protection processes in place, says Phil Romero, senior security architect of First Technology Federal Credit Union. His institution just led a $4.75 billion merger.
NIST's Ron Ross points out that its seminal security control guidance, Special Publication 800-53, contains only one privacy control, requiring agencies to conduct a privacy impact assessment. That will change by year's end.
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.
Now that the FFIEC's updated online authentication guidance is out, banking institutions need to move forward in preparation for 2012 compliance, says Julie McNelley, banking fraud analyst for Aite Group.
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-FranÃ§ois Legault, senior manager of forensics and dispute services at Deloitte.
Eddie Schwartz didn't shy away from the offer to become RSA's first chief security officer after the security firm experienced a sophisticated advanced-persistent-threat breach. Instead, Schwartz embraced the hack as the reason to take the job. (See RSA to Get Its First Chief Security Officer.)
Fraud today is global. The same problems happening in the U.S. are simultaneously occurring in other parts of the world. For interested job seekers, there's never been a better time to enter the fraud examiner profession.
Among the 12 computer-related job classifications tracked by the Department of Labor's Bureau of Labor Statistics, information security analysts was one of only two categories to report no unemployment during the second quarter of 2011.