With the issuance of the final FFIEC Authentication Guidance, institutions need to start moving forward on conformance, and taking a risk-focused approach is the first step, says Matthew Speare, SVP of IT for M&T Bank Corp.
Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.
On June 28, the FFIEC released its final, formal version of its Authentication Guidance. Not even one month later, we've created three new training programs to help banking institutions understand and conform with the guidance.
"The action and manifestation of risk is not necessarily evident to today's users in the way it was in the past, and that creates a big inherent challenge for a CISO," says Malcolm Harkins, CISO at Intel Corp.
Dickie George of the National Security Agency has one word to describe the state of information security education today: "Spotty." And this state must improve if we hope to fill all the growing demand for security pros.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.