Examples, Financial Services, Government and Information Security

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

But those aren’t the only laws or regulations that affect IT security teams. There are plenty of others to worry anyone with job titles that include terms like “compliance,” “privacy,” and “security,” from CSOs on down. See the Top Governance, Risk and Compliance (GRC) Tools. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. This is an important public action by the U.S. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Enterprise & operational risk management.

Compliance

Compliance Risk Government Retail

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

IT

IT Financial Services Access Risk

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. In turn, financial institutions heavily depend on ICT to be able to provide those services to begin with. It’s all too easy to forget that security breaches don’t need to involve a malicious attacker.

Risk

Risk Data breaches Authentication Financial Services

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

As such, confidential containers play a key role across industries engineered to secure data and foster innovation. This is designed to enable multiple use cases in the healthcare industry, one being secure multi-party collaboration between different institutions as shown in the following example.

Security

Security Cloud Data Privacy Financial Services

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured.

Personal data

Personal data Phishing Risk Financial Services

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

the Federal Trade Commission has long recommended that companies properly and promptly dispose of personal information once it is no longer necessary to retain it for legal or business reasons. How do you build an effective information governance program? In the U.S., Data is not just a risk.

Privacy

Privacy Compliance Personal data Risk

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Enterprise & operational risk management.

Compliance

Compliance Risk Government Retail

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

In Carpenter , the government obtained months’ worth of a suspect’s cell phone location records pursuant to the Stored Communications Act (SCA). Carpenter argues that the government is required to receive a warrant under the Fourth Amendment for his location records. SEC on Cybersecurity and Rise of Shareholder Breach Litigation.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

the Federal Trade Commission has long recommended that companies properly and promptly dispose of personal information once it is no longer necessary to retain it for legal or business reasons. How do you build an effective information governance program? In the U.S., Data is not just a risk.

Privacy

Privacy Compliance Personal data Risk

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

Further, the FCA has confirmed its position set out in the Temporary COVID Guidance that it expects the senior management or governing body of an EMI or PI to document, review, and approve — at least annually — the design and results of the firm’s stress testing. not to include uncommitted intragroup liquidity facilities.

Authentication

Authentication Paper Risk Insurance

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Furthermore, although entities that already comply with the breach notification requirements under certain state or federal laws (such as the Health Insurance Portability and Accountability Act (HIPAA), the New York Department of Financial Services cybersecurity regulations (23 N.Y.C.R.R.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules. Reportedly, the bill will become law in January 2013, enforceable after 18 months, in mid-2014.

Personal data

Personal data Financial Services Data Privacy Data breaches

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance).

Authentication

Authentication Access Risk Financial Services

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

For example, they might use keyloggers or credential-stealing malware to harvest login credentials of high-privileged users, allowing them to gain even greater control over critical systems and sensitive data. During this lateral movement, the attacker may deploy various tools and malware to further their objectives.

Phishing

Phishing Ransomware Search queries Access

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Increasingly, thought leaders, professional organizations, and government agencies are beginning to provide answers. Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. Aligning cyber risk with corporate strategy.

Cybersecurity

Cybersecurity Risk Passwords Authentication

The Hacker Mind Podcast: DEF CON Villages

ForAllSecure

AUGUST 2, 2022

Anyone who has anyone in the information security community is usually melting under the hot Nevada sun. And by de I'm an analyst at Javelin strategy and research where I do security risk and fraud for the financial services industry. For example. DEF CON 18: I'm Robert Vamosi. I'm also a blogger@forbes.com.

Computer and Electronics

Computer and Electronics IT Security Mining

Researchers shared the lists of victims of SolarWinds hack

Security Affairs

DECEMBER 22, 2020

By decoding the #DGA domain names, we discovered nearly a hundred domains suspected to be attacked by #UNC2452 #SolarWinds , including universities, governments and high tech companies such as @Intel and @Cisco. Prevasio researchers detailed the decoding process, for example considering the following address: fivu4vjamve5vfrtn2huov[.]appsync-api.us-west-2[.]avsvmcloud[.]com.

Communications

Communications Manufacturing Financial Services Insurance

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. Mr. Hall encourages more consultation between the government and the small business community. Yup – shoe store. The most money you can scam from a single attack?

Phishing

Phishing File names Security awareness Risk

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Data Matters

APRIL 21, 2020

North Korea has been subjected to comprehensive international sanctions implemented to pressure its government to denuclearize. Recent examples of cyberattacks attributed to North Korea include WannaCry 2.0, Share technical information of the North Korean cyber threat.

Cybersecurity

Cybersecurity Risk Ransomware Government

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

This is yet another example of where regulation is addressing a problem in the rear view mirror rather than looking at the road ahead…. Similarly, Know Your Customer applications within financial services are permissioned blockchains and compliance with GDPR may be based on legitimate business interests.

Blockchain

Blockchain GDPR Privacy Personal data

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

The Security Ledger

AUGUST 12, 2021

It is also no secret that sophisticated nation-state adversaries have made a habit of poking around inside sensitive government and corporate networks. . Between 1998 and today there have been countless hearings on cyber risks and countless reports documenting the federal government’s ineptitude on matters of information security.

Cybersecurity

Cybersecurity Financial Services Risk Government

Information Management Today

Security Compliance & Data Privacy Regulations

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Trending Sources

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Top 10 Governance, Risk and Compliance (GRC) Vendors

OCR Labs exposes its systems, jeopardizing major banking clients

Risk Management under the DORA Regulation

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

Multinational ICICI Bank leaks passports and credit card numbers

Summary – “Industry in One: Financial Services”

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

How ATB Financial drives agile data ops with Collibra and GCP

Top GRC Tools & Software for 2021

Privacy and Cybersecurity Top 10 for 2018

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

New York Enacts Stricter Data Cybersecurity Laws

Singapore Parliament Passes Personal Data Protection Act

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

UNRAVELING EternalBlue: inside the WannaCry’s enabler

An Approach to Cybersecurity Risk Oversight for Corporate Directors

The Hacker Mind Podcast: DEF CON Villages

Researchers shared the lists of victims of SolarWinds hack

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

Stay Connected