"Today's risk management professionals really need to take a strategic view of managing risk to be relevant in achieving the organization's expected outcome," says Philip Alexander of Wells Fargo Bank.
Speculation about the pending update to online authentication guidance has been circulating around water coolers for months now. "A [disclosure] like this could make it more challenging for the regulators," says attorney David Navetta.
"It's interesting to see regulators putting the onus on the financial companies for fraud that occurs after the theft has already happened," says David Navetta, co-chairman of the American Bar Association's Information Security Committee.
The co-chair of the Commission on Cybersecurity for the 44th President praises the Obama administration's commitment to IT security, but says the administration has much more work to do to develop a comprehensive strategy to combat cyber threats.
Describing it as the capstone publication of a partnership with the defense and intelligence communities, NIST publishes new guidance on managing security risk associated with the operation and use of IT systems.
In case you weren't one of the more than 31,000 who attended this year's Healthcare Information and Management Systems Society Conference in Orlando, here's a rundown of some of the privacy and security news from the show.
A team headed by Senior Computer Scientist Ron Ross will update one of NIST's premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations.
A preliminary draft of new authentication guidance puts greater responsibility on financial institutions, and the ACH/wire fraud case between Experi-Metal Inc. and Comerica Bank marks the first major corporate account takeover incident to hit a courtroom.