Access your Pro+ Content below.
McGraw: Financial services develop a proactive posture
This article is part of the Information Security magazine issue of June 2013 / Volume 15 / No. 5
Security has evolved in the 15 or so years I have been doing it, from a reactive chain of events built around “security mess response,” to a more predictive game with proactive defense based on risk management and forward-looking intelligence. Nowhere is this more evident than in the financial services industry. There, the stakes are high because bits are money; and the notion of adjusting technical infrastructure by weaving controls into the fabric of the organization is de rigueur. Increasingly in the financial sector, security is about looking forward instead of picking up the pieces in a forensic, mop-up operation. This approach is growing in popularity and gaining relevance in other verticals. I just moderated a panel on this issue at the FS-ISAC Conference in Florida. Panelists included Chauncey Holden, chief information security officer of Fidelity; Keith Gordon, vice president of information security at Capital One; and Jim Routh, the global head of application security at JP Morgan Chase. Just for the record, the idea ...
Features in this issue
As MDM products rapidly evolve to support the growth of BYOD smartphones and tablets, security professionals need to rethink mobility policies.
Will big data analytics make security better? With data scientists in short supply, solution providers rush to provide big data analytics tools.
Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far.
Columns in this issue
Philip Clarke, co-leader of the Wireless and Mobility track at Nemertes Research, reports on what’s ahead for mobile device management solutions.
The idea behind proactive security is simple: build security in the first time by following security models like BSIMM and security engineering.
If bad attitudes are spreading across the IT staff like germs, better IT security education may just be the cure.