"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
A new concept called Privacy by Redesign, by Dr. Ann Cavoukian, Privacy Commissioner of Ontario, Canada, looks to bring privacy into systems that are already developed.
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
As recent incidents at Citi and BofA reinforce, most banking institutions, from large to small, have done a poor job of keeping up with inside jobs and internal threats.
RSA customers who feel victimized by last March's breach of the security vendor's computers have viable options that include continued use of the SecurID authentication tokens, those offered by competitors, or something entirely different: biometrics.
SafeNet CEO Chris Fedde says top executives, not chief information or chief information security officers, should have final say on what data to encrypt.
"It's not enough to know the architecture of the breach system," says Michael Aisenberg of MITRE Corp. "Leaders have to understand the different jurisdiction of where they do business, where their customers are and which breach law applies."
NRC CISO Patrick Howard is among three information security leaders who share their experiences, approaches and challenges from battling data breach incidents that had an impact on their organizations and their careers.
It's clear that major data breaches have become not just a topic of mainstream news, but they're occurring with such frequency and potential devastation that they're almost deserving of a 24-hour news desk.
"Just securing the data is no longer enough," says Trevor Hughes, head of the International Association of Privacy Professionals. 'Privacy professionals, in addition, need to prepare for what happens when things go wrong."
Organizations looking to improve their privacy management in the event of a breach "have to continually plan and prepare," says Nationwide's Chief Privacy Officer Kirk Herath. That means putting into writing a comprehensive plan.
The recent Sony and Epsilon breaches sent a strong reminder that companies lack transparency and aren't prepared to respond to a breach once it occurs, says Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.