New Guidance Released by NIST Redefines Assurance & Trustworthiness for Financial Institutions

On April 30th, 2013 the National Institute of Standards and Technology (NIST) issued their latest version of essential guidance: Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations.  Led by Ron Ross, a NIST fellow and the project leader, a team of computer scientists spent the past two years […]

2013 Insider Threat to Banks and Credit Unions – Data Leakage

The following is an excerpt from an article regarding the “Top IT Security Threats for 2013” “One of the areas we see a dramatic increase of concern is over data leakage,” says Michael Bruck of Chicago-based BAI Security.  “The ease in which an individual can export sensitive information from an internal network is chilling for […]

Live Experiment Demonstrates Disregard for Bank Security Policy

An experiment carried out within London’s financial district has demonstrated what security experts have been saying for years: employees – even those working with ultra-sensitive financial data – are unaware of or are far too loose with basic security practices. In the experiment, Flash Drives were handed out to commuters as they entered the city. […]

4 Tech Tips for Organizations Planning a Merger

Mergers, Acquisitions and Divestitures require special handling when bringing together two distinct organizations or separating a business from the remaining IT infrastructure. The technical environment can be rife with unsecure access points, un-patched servers, and incorrectly configured firewall settings. Information on the acquired company technical environment may be non-existent or incomplete and depending on the […]

Warning: Large Banks face DoS threats – Small Banks Take Action

When the Financial Services – Information Sharing and Analysis Center (FS-ISAC) raises its threat level from “elevated” to “high”, banks need to take action.  The combination of the recently publicized rise in cyber-attacks against financial institutions and the number of institutions increasingly vulnerable make this a time for action. While the headlines are focusing on […]

Real World Social Engineering Attacks … In the Trenches with an Auditor

How well are your users prepared for modern-day social engineering attacks?  If you’re like the majority of management personnel I speak with during our pre-audit consultations you’re wary, but confident that your staff has properly prepared your employees from this threat to your organization. In response, I routinely explain that it is admirable that you […]

Many Banks And Credit Unions Fail The Vulnerability Testing Component Of Their IT Security Audit Due To Weak Patch Management

Do you have a patch management plan?  If so, how effective is it?  Many companies either lack a comprehensive plan or the necessary tools to properly automate the processing of updates.  In fact, the underlying reasons many banks and credit unions fail the vulnerability testing component of their IT security audit is this lack of […]

15% Of Users Will Divulge Logon Credentials To Strangers – Social Engineering Attacks

Social engineering is the art of manipulating people into performing actions or divulging confidential information and/or proprietary information, non-disclosed information or usernames and passwords. It is the classic approach of the confidence man, convincing someone he or she is something they are not.  If you think your personnel would never be fooled, you’re fooling yourself. […]

7 out of 10 Bank IT Audits Inadequate – Banking Cyber Security Standards

Are your IT auditors using best-of-breed commercial grade products or do they use freeware and open source IT Assessment tools? Vulnerability Assessment Tools – IT Audits and Banking Cyber Security Standards Based on BAI Security’s review of previous IT auditor’s results, the majority of banks are being left exposed with potentially serious undiscovered vulnerabilities. The […]