In the year 2005, there were over 53 million individuals affected by security breaches wherein their personal information was compromised. The ChoicePoint incident was considered one of the first highly publicized events where notification to the individuals affected was made. As the year closed, more than half the States’ Legislatures considered or approved bills to protect citizens’ personal information. Congress considered several bills that would make notification of a security breach mandatory nationwide. The cause of security breaches varies widely from compromised passwords, to stolen laptops, to lost backup tapes, dishonest insiders, online exposure, hackers, and even inadvertent disclosures such as sending out an email containing social security numbers to a mass mailing list. The onus of protecting personal information sits squarely on the data owner’s head. What can banks do to make sure that employees do not participate either willingly or unwillingly in data disclosure?<\/p>\n","protected":false},"excerpt":{"rendered":"
While the SANS list makes End Users responsible for keeping things like anti-virus up to date and operating systems patched, these functions can be and should be automated by IT staff.<\/p>\n
Executive staff, according to the SANS article, have a much bigger responsibility. Many of the breaches that are known to have occurred in 2005 were the result of dishonest insiders, hackers, or poor security procedures (i.e., losing a backup tape). Encryption is a big deal in the world of networking and may require revamping the network in terms of encryption capable hardware and bandwidth needs. It is management’s responsibility to develop and mandate security policies, so that secure processes and procedures must be in place before systems “go live”, as well as make sure that IT is properly staffed.<\/p>\n
A comprehensive Security Awareness program would go a long way towards educating banking employees at every level.<\/p>\n
The breakdown of End User, Executive Staff, and Information Technology people is a good way to start. IT people need to understand that every time they rush to meet a deadline and put an unsecured system into production, they are jeopardizing the security and safety of the bank.<\/p>\n
http:\/\/www.bankinfosecurity.com\/articles.php?art_id=103&PHPSESSID=8af89b3eb8240a0e33ca65c806a8ac16<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-336","post","type-post","status-publish","format-standard","hentry","category-financial"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=336"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/336\/revisions"}],"predecessor-version":[{"id":2823,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/336\/revisions\/2823"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}