Consensus Assessment Initiative Questionnaire (CAIQ)

How Shared Assessments Approached the Need to Assess the Security of Third Party Provided Software

July 24, 2014 | Security

During discussions in 2013 to determine the next risk areas that should be addressed by the Shared Assessments Program Tools, the focus rapidly turned to software security. As we polled our members we found that many of them were concerned with the security of the software being provided by their ve ....

artificial intelligence

Heartbleed Bug Sparking Concern But Have Patience

April 11, 2014 | Risk Management, Security

A newly discovered bug found in widely used web encryption technology was uncovered by researchers, prompting an announcement from Homeland Security and other regulatory agencies to review technology environments to determine if the bug posed any potential risk to their customers or data. The bug, n ....

Configuration Change Management and Vulnerability Assessments

FFIEC Issues OpenSSL “Heartbleed” Vulnerability Alert

April 11, 2014 | News, Security

The Federal Financial Institutions Examination Council (FFIEC) has issued an advisory to its member institutions advising a material security vulnerability in the OpenSSL cryptographic library that may put systems that use this encryption method at risk. OpenSSL is an open-source implementation of t ....

bigstock Business team discussing acqui 80849519

Tokens Move Up Front

March 24, 2014 | Data Breach, Payments, Security

We might be forgiven for thinking that tokens have been the Rodney Dangerfield of the payments business, but that label is changing fast. Tokens have been used in the payments business for years, mostly in the back room where they have been a preferred tool for securing customer information for merc ....

Whats Procurements Role in ESG

What’s Keeping Your CEO On Edge?

March 3, 2014 | Risk Management, Security

Data Breaches. Big Data. The Future of Privacy Media headlines and the blogosphere are in overdrive regarding privacy, security, and risk after recent events, as my fellow blogger Glen Sarvady pointed out in his recent blog: Data breaches may accelerate move to new technology. Leading the char ....

Cloud Enterprise

Insider Threats – A Need to Rethink Enterprise Security?

November 6, 2013 | Cyber Risk, News, Security, Vendor Security

Cybercriminals are targeting privileged network users in ways that are increasingly devastating to security efforts across the financial services industry. These types of insider threats have become more prevalent in the past two years due to the combination of: Increased network activity volume ....

« Previous Page