It's as much about people as it is technology for organizations to successfully implement a continuous monitoring program, says George Schu, senior vice president at Booz Allen Hamilton.
Some U.S. federal agencies seem to be going too far in monitoring their employees' communications activities on their government-issued laptop computers.
What exactly is continuous monitoring - and why is it so hard for organizations to get it right?
It is one of the most discussed and least understood concepts in enterprise risk management today. Fundamentally, continuous monitoring is about deploying systems to examine all of the transactions and data processed...
NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.
FISMA addresses security issues in a comprehensive manner, covering everything from identity management to physical building security. This white paper focuses specifically on identity and access management (IAM) issues, using the guidance provided by NIST Special Publication 800-53 recommended Security Controls for...
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
Complexity is among the most significant information risk challenges IT security practitioners face. Mobile and cloud computing, new technologies, outsourcing and growing threats from malware and people make managing risk more complex.
Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.
Documenting procedures for the State Department's custom-made, continuous-monitoring tool known as iPost will help ensure that the data collected are appropriately used to protect the agency's global IT system, a GAO audit says.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
As recent incidents at Citi and BofA reinforce, most banking institutions, from large to small, have done a poor job of keeping up with inside jobs and internal threats.
The down economy pressures organizations to reduce operational expenses and discard many capital-intensive IT and security projects. What gets left behind often is a skeletal staff dealing with very basic day-to-day IT functions, with no time or resources to dedicate toward compliance, audit and core security...
Federal banking regulators have just released new risk management guidance on remote deposit capture. This FFIEC guidance is to be used by examiners, financial institutions and technology service providers to identify risks, evaluate controls and assess risk management practices related to remote deposit capture (RDC)...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
