- Auditing, testing and assessment for compliance
- Bank Secrecy Act compliance
- Basel II regulatory compliance and requirements
- Compliance best practices
- Electronic data discovery compliance
- FACTA law requirements
- FFIEC compliance guidelines
- GLBA compliance requirements
- HIPAA: Laws and guidelines
- PCI DSS: Audits and requirements
- Risk frameworks, metrics and strategy
- SEC and FDIC regulations
- SOX financial reporting compliance
- State data security breach laws
Premium Access
-
Cloud computing technologies and financial services
Cloud computing offers cost savings but how does it fit into the highly regulated financial services industry?Article | 02 Dec 2010
-
National Automated Clearing House Association (NACHA)
The National Automated Clearing House Association (NACHA) is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic payments.Definition
-
Data security implications of financial services regulatory reform
Industry experts weigh in on the possible ramifications of the sweeping legislation on information security and compliance professionals.Article | 29 Jul 2010
-
Seven considerations when evaluating automated GRC tools
Automated tools can help ease the compliance burden, but financial services firms must first weigh their needs. In this tip, David Strom looks at the top considerations when looking into buying a GRC tool.Tip
-
Firewall audit tools aid compliance
Enterprises are turning to firewall audit tools to automate the process of analyzing firewall rules and meet compliance requirementsArticle | 25 Feb 2010
-
Rethinking compliance audit software
After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, David Schneier says he's being forced to reconsider his position.News | 23 Feb 2010
-
IT audit reports: Why you can't handle the truth
A recent news story illustrates how some organizations try to deflect IT audits that are critical by questioning their quality.News | 15 Feb 2010
-
2009: A shift in corporate attitude towards regulatory compliance
Financial institutions have often viewed the information security required by regulatory compliance as an obligation without inherent value. In 2009, financials demonstrated true interest in meeting security requirements, writes David Schneier.News | 29 Dec 2009
-
Vendor audit and monitoring contractual rights
Federal regulations, state laws and industry standards all stress the need for financial institutions to audit and monitor third-party security as part of their vendor risk assessment. Consequently, third-party contracts must include vendor auditing and vendor monitoring rights.Tip
-
Audit requirements drive demand for privileged account management
SOX compliance requirements and data security concerns are accelerating growth of the privileged account management marketArticle | 21 Aug 2009
- VIEW MORE ON : Auditing, testing and assessment for compliance
-
Financial Crimes Enforcement Network (FinCEN)
Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury. FinCEN was established in 1990 to safeguard financial systems from abuse by promoting transparency in the U.S. and international financial systems.Definition
-
Suspicious Activity Report (SAR)
A Suspicious Activity Report (SAR) is a document that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) following a suspected incident of money laundering or fraud.Definition
-
AML compliance and money service businesses
Money service businesses are a growing part of the financial services industry but compliance with anti-money regulations is critical.Tip
-
Updated Bank Secrecy Act compliance exam guide focuses on risk
FFIEC makes it clear that financial institutions' anti-money laundering programs must account for changing risks. In this expert tip, Dan Fisher explains how to ensure your BSA program meets examiners' scrutiny.Tip
-
FinCEN reports rise in suspected identity theft scams
SARs study also shows that financial institutions are rejecting fraudulent consumer loans in majority of cases.Article | 18 Oct 2010
-
Securities firm charged with anti-money laundering violations fined $50,000
North Carolina-based firm with mostly foreign customers failed to identify and verify customer identities, officials say.Article | 03 Sep 2010
-
Regulator pressure drives demand for AML compliance software
With examiners turning up the heat on AML compliance, smaller banks and credit unions are turning to software to automate the process.Article | 15 Jun 2010
-
New Jersey bank fined $1 million for BSA violations
FinCEN penalty against Pamrapo Savings Bank comes two months after the bank pleaded guilty to conspiracy to violate the Bank Secrecy Act.Article | 03 Jun 2010
-
Making a customer identification program relevant in an online world
New banking technologies require updated procedures to ensure security and know your customer (KYC) compliance. In this tip, Dan Fisher explains non-documentary methods for creating a compliant customer identification program.Tip
-
Anti-money laundering compliance trends
In this 11-minute podcast, Neil Katkov, senior vice president at Celent, talks about anti-money laundering compliance trends, including how much companies are spending on their AML programs and what they should look for when evaluating AML software.Podcasts
- VIEW MORE ON : Bank Secrecy Act compliance
-
A step towards banking regulatory reform
A recent cooperative agreement between the FDIC and Bank of England could give oversight agencies wider authority to protect depositors from bank failures, David Schneier writes.News | 26 Jan 2010
-
Basel II's impact on information security
Managing risk is a constant pain point at financial institutions. Regulations, like Basel II, can help. This tip explains how.Tip
-
Analyst warns to keep tech talk out of security policies
It's easy to get carried away when developing or revamping a corporate security policy, but one expert at Information Security Decisions says it's actually much better to keep things short and simple.Article | 17 Jan 2008
-
Operational risk another facet of compliance
Fortune 500 summit examines operational risk management as a key challenge for financial institutions.Article | 17 Jan 2008
-
tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.Definition
-
Is your examiner a friend or foe?
Those in the banking industry often struggle to communicate with an examiner believing that by keeping to themselves they will be better off. See why expert David Schneier says that is the wrong way to think.Regulatory Reality blog | 23 Mar 2011
-
Financial security tutorials
SearchFinancialSecurity.com's tutorials provide the in-depth information and instruction on topics related to information security at financial services firms. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their financial organizations secure.Tutorial
-
How privacy and data security legislation will fare after Nov. 2
The midterm elections will likely result in a shift in political power. How will that impact pending privacy and data security bills?Article | 28 Oct 2010
-
Midmarket financial firms grapple with internal, external security threats
In the wake of the global economic crisis, many financial firms are struggling to meet tough regulations while defending against both accidental data leakage and a constant barrage of external attacks.Article | 13 Oct 2010
-
National Automated Clearing House Association (NACHA)
The National Automated Clearing House Association (NACHA) is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic payments.Definition
-
FDIC releases guidance on digital copier security and printer risks
Financial institutions need to implement policies and procedures to protect sensitive data stored on devices like copiers, agency says.Article | 16 Sep 2010
-
Data masking best practices for protecting sensitive information
Protection of customer data is critical for financial services firms but encryption isn't the only option. Learn key considerations for data masking.Tip
-
Data security implications of financial services regulatory reform
Industry experts weigh in on the possible ramifications of the sweeping legislation on information security and compliance professionals.Article | 29 Jul 2010
-
Survey: Financial pros not following FINRA guidance for social media
Financial advisors are using social networking for business but report a lack of policies, archiving, study shows.Article | 22 Jun 2010
- VIEW MORE ON : Compliance best practices
-
Organizations lag in testing their ESI discovery policies
Companies are taking steps to prepare for litigation but still falling short, according to survey.Article | 04 Oct 2010
-
electronic discovery (e-discovery or ediscovery)
Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case.Definition
-
Financial services firms face social media compliance challenges
Brokerages and other financial firms may find Facebook and Twitter useful marketing tools but they must address FINRA and other compliance requirements.Article | 07 Jun 2010
-
Piper Jaffray fined for email retention violations
FINRA fines investment firm $700,000 for email retention failures over six-year period.Article | 24 May 2010
-
Federal Rules of Civil Procedure (FRCP)
The Federal Rules of Civil Procedure (FRCP) are rules that specify procedures for civil legal suits within United States federal courts... (Continued)Definition
-
E-discovery: A primer for financial organizations
E-discovery has led to some confusion at financial firms -- What is it? Why is it important? How does it apply to my organization? What can I do about it? This primer by Forsythe analyst Clyde Hewitt answers these questions.Tip
-
Updated records retention laws met with skepticism
Amendments to rules governing electronic discovery are met with criticism by lawyers and compliance officers at a records retention event in NYC.Article | 16 Jan 2008
-
Retention policy implementation best practices
Security management expert Mike Rothman discusses best practices for implementing a successful retention policy within an enterprise.Interview | 28 Dec 2007
-
How privacy and data security legislation will fare after Nov. 2
The midterm elections will likely result in a shift in political power. How will that impact pending privacy and data security bills?Article | 28 Oct 2010
-
FTC again delays Red Flags Rule enforcement deadline
Fifth extension comes at the request of members of Congress who are considering limiting the scope of businesses covered by the law.Article | 28 May 2010
-
Red Flags Rule (RFR)
The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.Definition
-
FTC announces fourth Red Flags Rule extension
Members of Congress asked FTC to delay enforcement of identity-theft regulation for organizations the FTC governsArticle | 02 Nov 2009
-
Identity Theft Assistance Center marks five years of helping victims
The Identity Theft Assistance Center (ITAC), a nonprofit cooperative of financial-services companies, is celebrating its fifth anniversary with a reception in Washington, D.C. on Wednesday. ITAC has helped 60,000 of its 38 member companies' customers recover from identity theft. SearchFinancialSecurity.com recently met with ITAC President Anne Wallace to discuss ITAC's work, identity theft investigations, and the Red Flags Rule.Interview | 14 Sep 2009
-
Red Flags Rule and preparing for new regulations
Financial institutions face tough compliance requirements in the Red Flags Rule and the new Massachusetts data protection law. In this video, Richard Mackey discusses how companies can create an effective compliance framework.Video
-
Federal Trade Commission announces third Red Flags Rule extension
Extension gives state-chartered credit unions and other FTC-governed entities more time to develop an identity theft prevention program.Article | 30 Jul 2009
-
Regulatory reform will require much work ahead
Financial security pros will need to step it up in light of President Obama's plan to overhaul the financial regulatory system, David Schneier writes.News | 22 Jun 2009
-
Red Flags Rule compliance
Learn about Red Flags Rule compliance from John Carlson, senior vice president of regulatory affairs for BITS, a division of the Financial Services Roundtable. Carlson offers insight on common compliance pitfalls and the state of compliance in the financial services industry.Video
-
FTC extends Red Flags Rule deadline
Extension gives non-banking creditors and state-chartered credit unions more time to develop an identity theft prevention program.Article | 01 May 2009
- VIEW MORE ON : FACTA law requirements
-
Financial Crimes Enforcement Network (FinCEN)
Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury. FinCEN was established in 1990 to safeguard financial systems from abuse by promoting transparency in the U.S. and international financial systems.Definition
-
Suspicious Activity Report (SAR)
A Suspicious Activity Report (SAR) is a document that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) following a suspected incident of money laundering or fraud.Definition
-
New FFIEC exam procedures for remote deposit capture risks
Learn how to prepare for new exam procedures on managing remote deposit capture risks that are included in the updated FFIEC IT examination handbook for retail payment systems.Tip
-
Aite Group: Take action now to manage remote deposit capture risks
Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.Article | 11 May 2010
-
Regulators revisit authentication advice to thwart online banking fraud
t's been nearly five years since the Federal Financial Institutions Examination Council (FFIEC) issued its authentication guidance for online banking. Since then, cybercriminals have developed sophisticated malware that can circumvent multifactor authentication to hijack and loot online bank accounts. In the wake of the online banking fraud surge, which has targeted small and midsize businesses, federal regulators are revisiting their 2005 authentication guidance. SearchFinancialSecurity.com met with Jeffrey Kopchik, a senior policy analyst at the FDIC, to learn more about the effort.Interview | 25 Mar 2010
-
Gartner's Avivah Litan on the online banking fraud surge
The recent surge in online banking fraud and unauthorized Automated Clearing House (ACH) transfers has led to an astounding $100 million in attempted losses from small and midsize businesses so far this year, according to the FBI. SearchFinancialSecurity.com recently met with Avivah Litan, a vice president and distinguished analyst at Gartner Inc., to get her thoughts on the alarming trend and some insight into how banks can protect their customers' accounts. Litan is an expert in financial fraud, authentication, identity theft, and fraud detection and prevention technology.Interview | 30 Nov 2009
-
Multifactor authentication options to secure online banking
Banks are required to deploy multifactor authentication to secure online banking and meet FFIEC requirements. In this tip, Dave Shackleford describes some of the pros and cons associated with traditional forms of multifactor authentication as well as the benefits and drawbacks of newer systems.Tip
-
Bank Secrecy Act (BSA)
The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, is legislation passed by the United States Congress in 1970 that requires U.S. financial institutions to collaborate with the U.S. government in cases of suspected money laundering and fraud.Definition
-
FTC Red Flags Rules: How to create an identity theft prevention plan
Under FTC's Red Flags Rules, all financial institutions and creditors with covered accounts are required to create an identity theft prevention plan. But who is a creditor and what is a covered account? Learn more in this expert tip.Tip
-
Five mistakes banks make in pandemic planning
Experts cite five areas where financial institutions could improve their planning for a potential H1N1 outbreakArticle | 13 Oct 2009
- VIEW MORE ON : FFIEC compliance guidelines
-
GLBA compliance and emerging technologies
In order to meet GLBA requirements, companies must analyze the risks before moving customer information into new technologies like VoIP and cloud computing.Tip
-
Best practices and requirements for GLBA compliance
GLBA requirements to protect personal information have become more relevant than ever. In this tip, Paul Rohmeyer examines best practices for GLBA compliance.Tip
-
Regulators issue standardized privacy notice form for GLBA compliance
Model form aims to make it easier for consumers to understand banks' privacy policies and help financial institutions meet GLBA requirementsArticle | 17 Nov 2009
-
Don't forget the cleaning crew in your vendor management program
Banks often overlook non-IT vendors in their vendor management program, putting their organization and customers' data at risk, experts sayArticle | 05 Oct 2009
-
Massachusetts data protection law has mixed impact on financials
Many financial institutions are already meeting new law's requirements for protecting state residents' personal information, but some have work to do.Article | 13 Aug 2009
-
Regulatory reform will require much work ahead
Financial security pros will need to step it up in light of President Obama's plan to overhaul the financial regulatory system, David Schneier writes.News | 22 Jun 2009
-
Download presentations from Financial Information Security Decisions 2009
Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference.Conference supplement
-
Two conversations about risk assessment
A couple discussions illustrate how security professionals can have radically different understandings of risk assessment, David Schneier writes.News | 12 Jun 2009
-
For financial firms, numerous compliance requirements demand baseline controls
Financial services firms bear the burden of complying with numerous regulations. However, as compliance guru Richard E. Mackey explains, a consistent compliance program that adheres to basic principles can ease the compliance process.Tip
-
GLBA risk assessment steps to success
GLBA requires financial firms to protect their data from anticipated risks. How can those risks be determined? Follow these steps to perform a risk assessment at your financial organization.Tip
- VIEW MORE ON : GLBA compliance requirements
-
New security breach notification rules expand security requirements
The Department of Health and Human Services and the Federal Trade Commission last year issued security breach notification rules for disclosure of unsecured personal health information. In this tip, Andrew Baer explains how the new rules expand data security compliance requirements not only for HIPAA-covered entities but a wide range of other organizations.Tip
-
Download presentations from Financial Information Security Decisions 2009
Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference.Conference supplement
-
For financial firms, numerous compliance requirements demand baseline controls
Financial services firms bear the burden of complying with numerous regulations. However, as compliance guru Richard E. Mackey explains, a consistent compliance program that adheres to basic principles can ease the compliance process.Tip
-
HIPAA: Clean bill of health, or dying a slow death?
HIPAA has changed the way a lot of healthcare companies handle data, but the fact that no one has been fined or jailed for non-compliance makes one wonder if they'll keep up with it.Article | 18 Jan 2008
-
CPO: An enterprise point-person for privacy
Many companies are formally creating privacy officers to ensure the confidentiality of data transferred between companies, business partners and customers.Article | 16 Jan 2008
-
HIPAA rules force health insurers to secure sensitive data
Health insurance companies say HIPAA simply reflects rules they've had to live by all along. That doesn't mean every operation is ironclad.Article | 16 Jan 2008
-
PCI virtualisation: With new guidelines, compliance may be harder
New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible.News | 14 Jun 2011
-
tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.Definition
-
PAN truncation and PCI DSS compliance
What do Visa's PAN truncation guidelines mean for merchants and their acquiring banks? Security experts Ed Moyle and Diana Kelley provide analysis.Tip
-
Visa: Banks shouldn't force merchants to store full card data
Visa clarifies its rules and says acquirers and issuers must accept truncated numbers for dispute resolution.Article | 15 Jul 2010
-
Download presentations from Financial Information Security Decisions 2010
Learn from the industry's leading information security experts who gathered to share proven security strategies. If you couldn't make it to New York City for the event, you can catch up here.Conference supplement
-
PCI DSS requirement: Maintaining a vulnerability management program
The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place.Tip
-
Should there be PCI security requirements for bank account data?
Gartner analyst wonders why no PCI-like standard exists for bank account information, which online criminals are targeting.Article | 18 May 2010
-
Firewall audit tools aid compliance
Enterprises are turning to firewall audit tools to automate the process of analyzing firewall rules and meet compliance requirementsArticle | 25 Feb 2010
-
Rethinking compliance audit software
After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, David Schneier says he's being forced to reconsider his position.News | 23 Feb 2010
-
Weighing the pros and cons of end-to-end encryption and tokenization
With PCI DSS and other compliance requirements, organizations are looking for surefire solutions to protect payment card and other sensitive data. Tokenization and end-to-end encryption have emerged as promising technologies, but as Dave Shackleford explains, both have benefits and drawbacks that organizations must consider.Tip
- VIEW MORE ON : PCI DSS: Audits and requirements
-
international financial reporting standards (IFRS)
International financial reporting standards (IFRS) are specific organizational and monetary standards and frameworks for financial reporting that have been adopted in 113 countries including India, Australia and the European Union.Definition
-
Generally Accepted Recordkeeping Principles (GARP)
Generally Accepted Recordkeeping Principles (GARP) is a framework for managing records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements.Definition
-
Standardization key to Credit Suisse information security governance framework
The CISO of financial giant Credit Suisse says the key to successful global security and risk management is a uniform governance system supported by a common policy framework.Article | 17 Sep 2010
-
Red Flags Rule (RFR)
The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.Definition
-
How to manage security risks in vendor contracts
Financial institutions face numerous regulatory requirements for managing vendor risk. Learn what financial firms need to include in their vendor contracts in order to conform with regulatory guidance and industry best practices for vendor risk management.Learning Guide
-
Vendor risk management: process and documentation
As part of the vendor risk management process, regulators expect information security officers will document vendor relationships and have proper vendor documentation.Tip
-
Controls monitoring helps with governance, risk and compliance
Gartner says continuous controls monitoring for transactions is a GRC technology that promises to reduce compliance costs and improve financial governance.Article | 21 May 2009
-
An advancement in GRC
David Schneier says he found a product that takes governance, risk, and compliance (GRC) to a new level.News | 14 May 2009
-
Advocacy group looks to foster trust in foreign service providers
A formal agreement with two Indian technology organizations expands the reach of the BITS program, with the goal of fostering trust in the security controls of international service providers.Article | 23 Apr 2009
-
Using an information security council
Getting cross-discipline cooperation for company-wide, security related policies is a challenge many financial firms face. Expert Eric Holmquist suggests creating an information security council to overcome this problem. In this tip, learn what attributes the council should have.Tip
- VIEW MORE ON : Risk frameworks, metrics and strategy
-
Federal Deposit Insurance Corporation (FDIC)
The Federal Deposit Insurance Corporation (FDIC) is an independent agency of the United States (U.S.) federal government that preserves public confidence in the banking system by insuring deposits... (Continued)Definition
-
Survey: Financial pros not following FINRA guidance for social media
Financial advisors are using social networking for business but report a lack of policies, archiving, study shows.Article | 22 Jun 2010
-
Financial services firms face social media compliance challenges
Brokerages and other financial firms may find Facebook and Twitter useful marketing tools but they must address FINRA and other compliance requirements.Article | 07 Jun 2010
-
Man sentenced in pump and dump stock scam
Indian national receives 81 months and $2.4 million fine for fraud schemeArticle | 28 Apr 2010
-
Obama launches task force to fight financial fraud
Interagency effort will investigate mortgage fraud, Ponzi schemes and other financial crimesArticle | 17 Nov 2009
-
Regulators issue standardized privacy notice form for GLBA compliance
Model form aims to make it easier for consumers to understand banks' privacy policies and help financial institutions meet GLBA requirementsArticle | 17 Nov 2009
-
Heartland Payment Systems to vigorously defend breach claims, CEO says
Heartland CEO Robert Carr said the company still can't reasonably estimate the potential impact of the data breach on its day-to-day operations.Article | 24 Feb 2009
-
SEC cracks down on kickback schemes
Kickback schemes are a new threat for financial companies and the SEC has noticed. To ensure your company doesn't fall prey, know what they are and how to detect them.Tip
-
SEC: 404 budgets filled with waste
The SEC slaps the hand of public accounting firms -- and tells C-level execs to get a better grip on SOX 404 requirements.Article | 16 Jan 2008
-
SEC suspends trading of 35 companies over spam
The Securities and Exchange Commission (SEC) suspended the trading of 35 companies connected to spam email campaigns as part of what it calls "Operation Spamalot."Article | 16 Jan 2008
- VIEW MORE ON : SEC and FDIC regulations
-
Access certification technology helps financial firm with compliance
Fortune 500 company uses access certification technology to meet new SOX-like requirements for non-public insurance companies.Article | 28 Nov 2010
-
Frameworks to support SOX compliance requirements
Enterprises have had to deal with SOX regulatory compliance for several years, but many lack clear direction that will address SOX compliance requirements from an IT process perspective. Learn how enterprises can use IT and security tools within COSO and COBIT frameworks to meet SOX compliance requirements.Tip
-
Rethinking compliance audit software
After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, David Schneier says he's being forced to reconsider his position.News | 23 Feb 2010
-
Audit requirements drive demand for privileged account management
SOX compliance requirements and data security concerns are accelerating growth of the privileged account management marketArticle | 21 Aug 2009
-
Regulatory reform will require much work ahead
Financial security pros will need to step it up in light of President Obama's plan to overhaul the financial regulatory system, David Schneier writes.News | 22 Jun 2009
-
Infosecurity pro pitfalls
David Schneier reflects on some missteps he's seen in the infosecurity professionNews | 29 May 2009
-
Using virtualization for compliance efforts
Information security professionals at financial institutions deal with a myriad of regulatory requirements and many experts expect the compliance burden will grow in 2009 in the wake of last year's industry meltdown. To meet reporting and other auditing requirements, financial firms need a lot of computing power. In this tip, Judith Myerson explains how virtualization technology can overcome problems associated with physical servers and aid the compliance process.Tip
-
SOX Section 404 (Sarbanes-Oxley Act Section 404)
SOX Section 404 (Sarbanes-Oxley Act Section 404) mandates that all publicly-traded companies must establish internal controls and procedures for financial reporting... (Continued)Definition
-
Survey: Life back on track at financial firms after SOX
Once a major pain point for companies, a recent survey shows SOX is now part of everyday life, especially at financial firms.Article | 17 Jan 2008
-
SureWest makes the call on SOX compliance
This case study reveals how SureWest ensures financial applications, systems and services are secure so financial reports can be trusted.Tip
- VIEW MORE ON : SOX financial reporting compliance
-
Keeping up with state data protection laws
In addition to regulatory requirements and industry standards, financial institutions need to comply with applicable state data protection laws. In this podcast, legal expert Andrew Baer discusses new requirements in Massachusetts, Nevada and California, and offers advice for managing changing data protection rules. He also addresses the potential for a national data breach notification law.Podcasts
-
Massachusetts data protection law has mixed impact on financials
Many financial institutions are already meeting new law's requirements for protecting state residents' personal information, but some have work to do.Article | 13 Aug 2009
-
Download presentations from Financial Information Security Decisions 2009
Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference.Conference supplement
-
Understanding the impact of new state data protection laws
States have passed new regulations to boost data security, requiring financial-services firms and other companies to encrypt data at rest, in transit and even on portable devices like laptops. In this tip, Robert Mullins explains the impact of the new laws and how a financial industry expert believes they will add an additional costly auditing burden to an industry that's already heavily regulated.Tip
-
Data breaches jumped in 2008, ITRC report finds
The financial-services industry is better at security than others, but it still sees an uptick in breach reports, according to a new study.Article | 07 Jan 2009
-
Complying with breach notification laws
Learn the general requirements of breach notification laws modeled after the California Security Breach Information Act and strategies for compliance.Tip
-
Opinion: Government misses its chance to protect data
The unending stream of corporate and government data breaches shows no signs of slowing, and News Director Dennis Fisher writes that lawmakers and government officals are missing their chance to fill the breach.Article | 17 Jan 2008
-
Data breach law could put financial burden on retailers
Legislation being considered in Massachusetts would shift the financial burden associated with a data breach onto retailers. It would be the first of its kind in the United States.Article | 17 Jan 2008
-
Governor rejects data security law
California Gov. Arnold Schwarzenegger rejected a bill that would have placed more liability on businesses in that state to protect credit card data.Article | 17 Jan 2008
-
Flurry of state disclosure laws creates confusion for CISOs
Now that nearly three dozen states have enacted breach disclosure laws, national companies face the challenge of reconciling a vast array of guidelines and their implications.Article | 17 Jan 2008