Compliance & Regulations

#InformationSecurity News - 3/13/15

#InformationSecurity News - 1/27/15

  • Reporting HIPAA Breaches: A New Approach - The Department of Health and Human Services is taking steps to make the process of using online tools to report breaches more efficient, hoping that will help ease the launching of investigations. More at Healthcare Info Security
  • Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds. Details via InformationWeek DarkReading.  
  • The details of three high-severity vulnerabilities affecting Apple’s OS X operating system have been disclosed over the past two days by Google. The security holes were made public this week after the 90-day disclosure deadline given by Project Zero to vendors expired. Learn more at Security Week
  • As a result of President Obama's "Buy Secure" initiative, the federal government this month is kicking off its EMV rollout, which includes the issuance of chip-and-PIN cards for all federal employees and benefits programs. Read the story at Bank Info Security
  • According to the latest research by Trend Micro, a variant of Curve-Tor-Bitcoin (CTB) Locker ransomware – also known as Critroni – being distributed in a spam campaign now offers victims additional time to pay the ransom, but also requires them to pay a whole lot more than previously. Details via SC Magazine

#InformationSecurity News - 10/17/14

#InformationSecurity News - 10/3/14

  • Futuristic bracelet uses heartbeats as a password—but is it secure? Company pairing a wearer's electrocardiogram with a mobile phone makes a lot of promises. Ars Technica investigates
  • For National Cyber Security Awareness Month (NCSAM), Naked Security shares three essential security tasks you can do for your family today. 
  • CSO Online offers three steps you need to take to avoid overreacting to the bash bug, which are necessary to be effective in the wake of the recent frenzy. 
  • Bank Info Security reports that 108 different restaurants were recently compromised including Jimmy John's. 
  • Distributed-denial-of-service attacks that target the Bash flaws known as Shellshock have spiked in recent days CU Info Security says

And next Thursday, October 9 at The Bank Summit 2014 don't miss Peter Bamber, CISA, CRISC, CISSP, Vice President, Information Security Consulting Services, for Security Management Partners present "Cybersecurity Preparedness and the FFIEC Cybersecurity Intitiative at 10:15 a.m. EDT. Learn more here:

SMP to Discuss Cybersecurity Preparedness at The Bank Summit 2014

Originally appeared on PRLog (Sep. 23, 2014) 

WHO: Peter Bamber, CISA, CRISC, CISSP, Vice President, Information Security Consulting Services, for Security Management Partners (, a leading, independent information security and assurance firm

WHAT: Will exhibit and present the session, "Cybersecurity Preparedness and the FFIEC Cybersecurity Initiative” at The Bank Summit 2014.

WHEN: The Summit will take place on Thursday, October 9, 2014.

Bamber is scheduled to speak from 10:15 a.m. – 11:00 a.m. EDT.

The Bank Summit 2014
Holiday Inn Boxborough
242 Adams Place
Boxborough, MA 01719

Security Management Partners will also exhibit in Booth No. 610.

Earlier this year, the Federal Financial Institutions Examinations Council (FFIEC) launched a pilot program at more than 500 institutions, to help state and federal regulators assess how these community financial institutions manage cybersecurity preparedness in order to understand and mitigate increasing cyber risks. During The Bank Summit 2014, Peter Bamber, CISA, CRISC, CISSP, Vice President, Information Security Consulting Services, for Security Management Partners will discuss what is being learned from the FFIEC pilot program and provide an update on what financial institutions can do to protect their organizations from the threat of cyber-attacks. Bamber will highlight the aims of the program including risk management, cybersecurity controls, cyber incident management, vendor risk management, service provider oversight and understanding threat intelligence. In addition, Bamber will explain how the program is helping regulators make risk-informed decisions that will enhance the effectiveness of supervisory programs, guidance and examiner training. Session attendees will learn details of the FFIEC pilot program and what these efforts mean for their organization.

IT leaders and finance executives who are interested in learning more about the FFIEC pilot program and cybersecurity preparedness for financial institutions are encouraged to attend this informative session. Conference attendees will also have the opportunity to connect with Security Management Partners at Booth No. 610 during exhibition hours. For more information about The Bank Summit, click here