-
How to manage security risks in vendor contracts
Financial institutions face numerous regulatory requirements for managing vendor risk. Learn what financial firms need to include in their vendor contracts in order to conform with regulatory guidance and industry best practices for vendor risk manag... Learning Guide
-
Download presentations from Financial Information Security Decisions 2009
Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference. Conference supplement
-
Financial Information Security Decisions 2008: Presentation downloads
Download a number of the fascinating presentations from the 2008 Financial Information Security Decisions conference. Conference supplement
-
Hesitant customers want more out of network access control products
Learn why the security industry needs to extend the NAC/NAP vision beyond pre-admission control. Expert Advice
-
Citigroup attack highlights insufficient authorization error
Citigroup hackers used a common website vulnerability to bypass security controls and reap confidential banking data. News | 14 Jun 2011
-
Bank of America hires former DHS cybersecurity chief
Gregory Garcia will head the bank's cybersecurity and identity management partnerships. Article | 21 May 2010
-
New vendor risk assessment tools address cloud computing
Shared Assessments program unveils updated tools for assessing security of service providers, including cloud providers Article | 10 Nov 2009
-
Don't forget the cleaning crew in your vendor management program
Banks often overlook non-IT vendors in their vendor management program, putting their organization and customers' data at risk, experts say Article | 05 Oct 2009
-
Advocacy group looks to foster trust in foreign service providers
A formal agreement with two Indian technology organizations expands the reach of the BITS program, with the goal of fostering trust in the security controls of international service providers. Article | 23 Apr 2009
-
Shared Assessments aims to ease third-party security evaluations
Evaluating service provider controls can take a lot of time and effort, but the Shared Assessments program aims to give financial institutions and other organizations a way to streamline the process. SearchFinancialSecurity.com recently met with Mich... Interview | 16 Mar 2009
-
Financial firms focus on internal threats, employee errors
Data protection, information leakage and identity and access management were a top priority for financial industry CISOs, according to a new survey. Article | 11 Feb 2009
-
Credit unions, banks replace credit cards after Heartland breach
Financial institutions notify customers and reissue or block payment cards affected by the intrusion at payment processor. Article | 28 Jan 2009
-
State Street breach highlights encryption limits, vendor due diligence
State Street encrypted its data, but a contractor unencrypted it and lost the disk drive containing the information on thousands of accounts. Article | 30 May 2008
-
Missing backup tape prompts identity theft fears for JC Penney customers
The personal information of about 650,000 customers was put at risk after a backup tape, stored at a warehouse run by Iron Mountain Inc., disappeared. Article | 18 Jan 2008
- See More: News on Business partner and vendor security issues
-
Vendor contract management: Regulatory guidance is risk-based
From federal guidance and industry standards to state laws, financial-services firms are subject to a variety of requirements for managing vendor information security risks by contract. Andrew M. Baer explains how the regulatory guidance is risk-base... Tip
-
Data breach protection: Implementing vendor breach safeguards
A vendor breach can be extremely costly to a financial institution. Financial firms must include data breach protections in their vendor contracts, including data breach notification and reporting. Tip
-
Vendor audit and monitoring contractual rights
Federal regulations, state laws and industry standards all stress the need for financial institutions to audit and monitor third-party security as part of their vendor risk assessment. Consequently, third-party contracts must include vendor auditing ... Tip
-
Vendor risk management: process and documentation
As part of the vendor risk management process, regulators expect information security officers will document vendor relationships and have proper vendor documentation. Tip
-
Security questions to ask SaaS vendors when outsourcing services
As financial-services firms turn to Software as a Service (SaaS) offerings to save money and increase efficiency, they need to make sure their SaaS providers implement strong data security. Someone providing SaaS is also supposed to be providing you ... Tip
-
FDIC guidance: Third party security risks are manageable
FDIC guidance helps financial services firms effectively establish third-party security policies and manage third-party risk. Tip
-
Identity federation standards ease authentication pains
Federation frameworks like SAML, OpenID and Cardspace promise to make authentication easier across applications and the Web. How do these frameworks compare, and what do they offer for financial services organizations looking to ease the authenticati... Tip
-
Protecting partner processes
Financial services firms must share information with trusted partners. Follow these five steps to help ensure your information stays safe throughout the partnership. Tip
-
Downstream liability makes the case for security spending
Downstream liability is headed your way and may be help you make the business case for spending more money on security. Tip
-
Shared Assessments Program
In compliance, the Shared Assessments Program provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accur... Word
-
Vendor management process for financial services
In this video get tips from expert Eric Holmquist on how to handle vendors to optimize security and minimize risk. Topics include risk assessment, due diligence best practices, common mistakes financial firms make in their vendor management programs,... Video
-
Citigroup attack highlights insufficient authorization error
Citigroup hackers used a common website vulnerability to bypass security controls and reap confidential banking data. News
-
Vendor management process for financial services
In this video get tips from expert Eric Holmquist on how to handle vendors to optimize security and minimize risk. Topics include risk assessment, due diligence best practices, common mistakes financial firms make in their vendor management programs,... Video
-
Bank of America hires former DHS cybersecurity chief
Gregory Garcia will head the bank's cybersecurity and identity management partnerships. Article
-
New vendor risk assessment tools address cloud computing
Shared Assessments program unveils updated tools for assessing security of service providers, including cloud providers Article
-
Shared Assessments Program
In compliance, the Shared Assessments Program provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accur... Word
-
Don't forget the cleaning crew in your vendor management program
Banks often overlook non-IT vendors in their vendor management program, putting their organization and customers' data at risk, experts say Article
-
How to manage security risks in vendor contracts
Financial institutions face numerous regulatory requirements for managing vendor risk. Learn what financial firms need to include in their vendor contracts in order to conform with regulatory guidance and industry best practices for vendor risk manag... Learning Guide
-
Vendor contract management: Regulatory guidance is risk-based
From federal guidance and industry standards to state laws, financial-services firms are subject to a variety of requirements for managing vendor information security risks by contract. Andrew M. Baer explains how the regulatory guidance is risk-base... Tip
-
Data breach protection: Implementing vendor breach safeguards
A vendor breach can be extremely costly to a financial institution. Financial firms must include data breach protections in their vendor contracts, including data breach notification and reporting. Tip
-
Vendor audit and monitoring contractual rights
Federal regulations, state laws and industry standards all stress the need for financial institutions to audit and monitor third-party security as part of their vendor risk assessment. Consequently, third-party contracts must include vendor auditing ... Tip
- See More: All on Business partner and vendor security issues
About Business partner and vendor security issues
When it comes to your business partner security, you're only one mistake away from a security disaster. Learn about business partner and vendor security issues, plus how to ensure security when working with third-party providers and tips for building security into SLAs.