Part 2: Professionals Thinking Outside of the Box
Risk-management professionals must think outside of the box in terms of innovation, research and development and partnerships.

Part 2: Professionals Thinking Outside of the Box
Risk-management professionals must think outside of the box in terms of innovation, research and development and partnerships.

Including Mobile Banking in Risk Assessments
Financial institutions need to address mobile banking security risks now, in a targeted way, rather than waiting for regulatory guidance.

The FDIC is seeking comment on a Notice of Proposed Rulemaking [NPR] to implement requirements of Section 165 (i)(2) of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

The FDIC has announced a series of steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Alabama affected by severe storms.

Healthcare breach statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.

Movement to EHRs Could Fail if Public Trust Lacking
Building public trust that electronic health records will remain private is essential to the success of federally funded efforts to boost EHRs and health information exchange.

Alisdair Faulkner of ThreatMetrix says financial institutions and businesses should focus on five key security areas. What make up the top five, and where do banks need to make the greatest fraud-prevention investments?

Company: Data Accessed, But Net Root Name Servers Unaffected
Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.

Company: Data Accessed, But Net Root Name Servers Unaffected
Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.

New NIST Guidance Targets Computer Incident Response
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.

Understanding the Merits of Google's New Privacy Policy
The uproar over Google's latest privacy policy is much ado about nothing, especially the cry from some in Congress that the Internet company won't allow users to opt out of its new policy.

New NIST Guidance Targets Computer Incident Response
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.

Attorney Offers Breach Prevention Strategies
One of the most important healthcare information breach prevention steps is to safeguard mobile devices and limit the data stored on them, says attorney David Szabo.

Networking Behavior Increases Online Bank Account Risks
Consumer behavior is the biggest concern when it comes to online risks posed by social media. But Bill Wansley of Booz Allen Hamilton says financial institutions can manage those risks. What steps does he recommend?

Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.

Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.

Why Recordings of Emergency Calls Need to Stay Private
The extensive news media coverage of a 911 emergency call about actress Demi Moore is calling attention to an important issue: The need to protect privacy.

The Federal Deposit Insurance Corp. has issued revised guidance describing potential risks associated with relationships with third-party entities that process payments for telemarketers, online businesses and other merchants.

The 2011 supplement to the FFIEC Guidance on Internet Banking Security provides an updated view of best practices for securing online banking based on today's threat landscape. The concepts addressed in the supplement are widely recognized by the financial services industry to be critical to preventing online banking fraud.

Examiners began using these enhanced expectations beginning in January 2012. These include:

• Layered Security: The concept of Layered Security extends security controls beyond the initial session login to include online banking transactions and administrative functions. This is driven by an increase in real-time attacks that target transactions, such as ACH, wire transfer, and payroll payments. A high level of importance has been placed on identifying suspicious transactions. To minimize the impact on customers, this must be coupled with an easy and effective means for customers to approve legitimate transactions. For many, this involves migrating away from OTP tokens, which the FFIEC points out, have proven to be vulnerable to attack. Instead, financial institutions will need to look to methods like fully out-of-band technologies that can be used to verify logins, transactions, and administrative functions and offer protection from keyloggers and MITM/MITB attacks.
• Stronger Authentication Methods: In addition, the updated guidance calls for an overall strengthening of authentication technologies. It notes that out-of-band authentication has taken on a new level of importance given the preponderance of malware running on customer PCs, which can defeat OTP tokens, device identification, challenge questions, and many other forms of strong authentication. In particular, closed loop methods that complete the authentication in an out-of-band channel are seen as offering a greater level of security.

This webinar will present real-world examples, starting with a case study from First Midwest Bank, of how financial institutions can leverage out-of-band transaction verification to meet the strengthened requirements set forth in the updated Guidance before their next bank examination.