People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
"It's a crime like no other crime," says James Ratley, president of the ACFE, describing fraud. "There was not a gun involved, there was not a knife; there was in many cases a ballpoint pen or a computer."
Improved collaboration and communication between small businesses and financial institutions is the first step toward improving online security, says Mark Patterson, an ACH fraud victim. What else would help?
Security managers need the heads up from non-IT executives before they dismiss employees, some of whom might seek payback for their sacking by pilfering data or sabotaging systems, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.
Cyberhackers are increasing their efforts to target online credentials. And phishing attacks waged against accountholders at Chase in the U.S. and Barclays in the U.K. have made it clear that banking accounts are the target.
These new sites now make Information Security Media Group the largest global network of information security-focused media sites, reaching the most diverse audience of decision-makers in each of ISMG's key markets.
Fraud threats have changed little in the past decade. But their global scale has, and James Ratley, president of the ACFE, details how fraud examiners must change their approach to fighting these crimes in 2012.
The European Network and Information Security Agency has proposed a European cybersecurity month, which would require a strong commitment by EU member states in order to successfully roll out such a campaign.
If management awareness of information security issues increases, will an organization's commitment to securing practices and policies also increase? This is the question answered by an eye-opening new study.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"