|
Solution Search:
One of the unfortunate truths about any information security program is that it is only as strong as the most incompetent or ill-intended employee. History has recorded countless examples of financial businesses that spent millions incorporating state-of-the-art technology, policies...
More...
More than ever information security in financial services requires a thorough combination of governance elements, including policies, procedures, technology and, most importantly, training and awareness. In this session, Eric Holmquist explores the key elements of sound information...
More...
To better protect your financial enterprise system, you have firewalls in many areas of a network topology, mostly found guarding the perimeters of your networks. The reality is that is not enough.
Today's firewall technologies are getting more complex and harder to configure and administer... More... Financial institutions are unique as they are driven by countless regulations and other factors that make it essential to create a framework on which to base corporate and business-unit based risk management. In this session from our 2008 Financial Information Security Decisions...
More...
Mobile payments are being touted as the easiest, most convenient way to swap funds, make purchases and pay bills electronically from almost anywhere. With a mobile device, a user can pay for purchases or bills with a click of a button or waving the device near a point-of-sale system. This process...
More...
Businesses constantly struggle with the question of whether to create, host and manage a business function internally, or trust a third party to do the heavy lifting. With increasing frequency, a financial analysis argues for outsourcing. But with more than 217 million records compromised... More... Managing email regulatory compliance and security in the financial services sector can be a daunting task. To be certain, email speeds up the business and makes servicing customers and partners easier, but there is a dark side. Consider one high-profile case, which involved a star investment... More... By the time the Gramm-Leach-Bliley Act (GLBA) passed in 1999, Nationwide Insurance Companies' Kirk Herath was already a privacy veteran studying the European Union's strict privacy laws. Given that the insurer handled more than 16 million policies, any one of which was a potential security... More... In the heavily regulated financial services industry, the encryption and protection of data is paramount in securing network operations. The storage infrastructures financial organizations deploy are complicated, ranging from simple networks using network attached and an assortment... More... In May 2006, Google released Google Notebook, a Web-based application with which users can save information they find on the Web, including snippets of Web pages, related notes, search results, images, and almost anything else. Google Notebook is similar to Web services like Yahoo's MyWeb, Ask.com's...
More...
Jonathan Hassell, author of Hardening Windows, recently conducted a checklist-style webcast that outlined 15 steps you can take right now to harden Windows Server 2003 against various threats. Here's a look at Jonathan's 15 steps and some of the main points he discussed.
Step 1: Be rigid on... More... Those responsible for enterprise information security often do not have an in-depth understanding of how the applications that need to be protected actually work. This tends to lead to overly defensive security controls being introduced, and one reason why information security is so often...
More...
When it comes to the crowned jewels of business networks, I can't think of any systems more critical than storage servers. Whether you've got an advanced SAN, NAS or simply run-of-the-mill file servers housing your organization's information, your systems must become and remain as secure as possible...
More...
Information security standards can provide your financial organization with tools to strengthen its security posture – if you use them properly. Just as you don't need to invent, design and build a hammer and nail each time you hang a picture, you don't have to build corporate security... More... Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to... More... The recent TJX Companies Inc. data breach refocused attention on credit card security, retailers and the Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS is to the credit card industry what Sarbanes-Oxley (SOX) has been to publicly held companies. It's pushing them to comply with the... More... In almost a century of business, SureWest has morphed from a traditional ILEC to a provider of a full range of telephony, video and data services for customers across metropolitan Sacramento, Calif. Since the Sarbanes-Oxley Act has passed, section 404 in particular, SureWest has worked hard to... More... Selection, placement and maintenance of intrusion detection systems (IDS) are based on the requirements and current infrastructure of a company. One product may work well for one company and fail for the next. Selection is typically the most difficult decision, for products MUST meet business... More... It couldn't get much worse for TJX Companies. The breach of the retail giant's credit card payment systems in January was bad enough. Then TJX's Form 10-K filing with the Securities and Exchange Commission in late March revealed that a total of 46.5 million card numbers had been stolen, making it the...
More...
It's often said but rarely followed: The security manager isn't accountable for security; rather, he is accountable for making sure everyone else in the company is accountable for security. In this presentation, Tom Doughty, vice president of information systems at Prudential Financial, shows... More... There is a huge misconception among information security professionals today that data privacy laws are not applicable to private companies, but are only designed for publicly traded companies, government organizations or financial institutions. This is not the case. Whether your company...
More...
Do you think you've got your enterprise patching problems solved because you push critical Windows patches once a month and within a day or so of their release?
Good for you, but what about all of those third-party applications running on your Windows machines? I'm talking about tools like Acrobat... More... Instant messaging (IM) platforms, such as AIM, Yahoo! Messenger and Google Talk, have moved beyond the world of high school chatter and into the world of corporate communications. Yet, in many cases, security policies and processes haven't caught up to this technology. It's now time to consider how... More... Two thousand six was the year of laptop theft. In February, a laptop was stolen from an Ernst & Young employee's car containing tens of thousands of Social Security numbers belonging to its clients' employees. Also, in December, a Boeing Co. employee's laptop that contained the SSNs, dates of birth... More... |
Financial Security Whitepapers
|