Tag: FFIEC

Mapping Compliance Requirements to an Integrated Cloud Security Platform

Much has been written about compliance. Best practices. New regulations. Technology cure-alls. Nevertheless, regulatory compliance remains a critical and strategic business need for most companies. If you process payments online; if you store sensitive customer data; if you transit financial or health information; you are bound by the mandates of an alphabet soup of state, federal and industrial regulatory agencies. Compliance is a reality of everyday business life, but often times becomes a burdensome cost center. Over the past several months I have had the

Adaptive Risk: Making sure you are who you say you are

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist  and embedded in some of the survey prompts  hid an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and

Deploying cloud security for shifting and evolving defenses

I was watching my beloved San Diego Chargers lose in a most embarrassing way on Monday night. And in the waning seconds of blaming the quarterback for such ineffectual 2nd half play, it occurred to me, it wasn’t his fault.  It was the coach. It was the lack of planning for the type of attack the Denver Broncos would bring. It was the lack of leadership that should have easily closed the deal. In short, it was sticking to the status quo while everything around

FFIEC’s recognition of cloud security advantages is good for modest financial orgs

Last month the Federal Financial Institutions Examination Council (FFIEC) shared an opinion on the viability and security of cloud computing. In the four-page statement, the interagency body empowered to prescribe uniform principles, standards, stated that cloud computing is “another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing.” What they are offering is a back-handed endorsement of cloud computing with the caveat that if you perform your due diligence and the solution passes the security smell