A Helpful Guide to SOX Compliance for Financial Institutions

The Sarbanes-Oxley (“SOX”) Act of 2002 is a crucial piece of legislation aimed at protecting the confidentiality, integrity, and availability of information that impacts a corporation's stakeholders.

Ensuring ongoing SOX compliance is a fundamental risk management task for any publicly-traded, or even privately-held, company in the United States.

Read More…

Protecting Your Customer's Personal Data

Sixty percent (60%) of organizations surveyed acknowledge that data loss is a recurring problem, according to Accenture's study on "How Global Organizations Approach the Challenge of Protecting Personal Data." The study reminds us that "data privacy and protection shortcomings can do irreparable harm to companies’ balance sheets, not to mention

Read More…

In Banks We Trust?

Guardian Analytics in conjunction with Ponemon recently released their 2010 Business Banking Trust Study (details here). I am intrigued that the headline touts that “banks have a new troubled asset – their customers.” Forgive me if I am wrong, but customers did not just become a “troubled asset”: not this year…not last year, nor the year before

Read More…

The Value of Collaboration

Just recently a news headline screamed “Customers flock to iPhone banking!” I immediately thought the only way a bank could do this is through collaboration and partnering with third parties. Institutions that fail to understand this are leaving money on the table. After a recent chat with a financial institution I fear that many are still missing

Read More…

The Only Fraud We've Seen in Online Banking....lately

It seems like we say it at least every other week, "The only fraud we've seen for online banking has been compromises at commercial customer sites." And is evidenced by two breaches of high profile banks out of Dallas over the past month.

Plains Capital Bank had a breach at one of their customer's sites, resulting in over $800,000 being

Read More…

Security Buzz Words | Money Mules

An interesting article in Wired drew my attention to this post on the Internet Crime Complaint Center (IC3) website. Here's the Cliff Notes version: Bad people put malware consisting of remote control software and key loggers on a targeted business user's computer. They gather ID's and passwords and other authentication data. The bad people then

Read More…

One Man's Trash

One Man’s Trash… is another man’s access into your secure environment.

I’m currently working on an engagement for social engineering with a bank, and what I’ve found is surprising. We go to great lengths to warn our clients about shredding sensitive information but so often, employees are unaware of what can really cause an informational leak in

Read More…

Keylogger spying at work on the rise, survey says

The number of companies reporting a spyware infestation has increased by almost half in the past 12 months, according to a new survey.

In addition, 17 percent of companies with more than 100 employees have spyware such as a keylogger on their networks, said the authors of the annual Websense Web@Work survey, published on Tuesday.

“This is almost

Read More…

'Crossover' malcode could jump from PC to handheld

From SearchSecurity.Com….

New proof-of-concept malcode designed to spread from desktop computers to wireless mobile devices has been discovered, according to the Mobile Malware Researchers Association (MARA).

Jonathan Read, a New Zealand-based CISSP and member of MARA - a group formed last year to find and raise awareness regarding mobile device

Read More…

Attackers To Go After 2006's Weakest Link: People

From the Security Pipeline…

Enterprises should expect a continued move toward stealthier, smaller, more focused attacks on their computer security, IBM said Monday, with the weakest link - workers’ gullibility - increasingly the focus of hacker efforts.

In its annual “Security Threats and Attack Trends Report” for 2005, IBM laid out the major

Read More…