{"id":31,"date":"2017-02-28T19:47:15","date_gmt":"2017-02-28T19:47:15","guid":{"rendered":"http:\/\/www.patchadvisor.com\/blog\/?p=31"},"modified":"2017-03-02T20:47:33","modified_gmt":"2017-03-02T20:47:33","slug":"banks-shuffle-toward-formal-vulnerability-assessment-and-security-awareness-training-to-fulfill-on-security-leadership-best-practices","status":"publish","type":"post","link":"http:\/\/www.patchadvisor.com\/blog\/?p=31","title":{"rendered":"Banks Shuffle Toward Formal Vulnerability Assessment and Security Awareness Training to Fulfill on Security Leadership Best Practices"},"content":{"rendered":"<p>The loss of brand reputation over data breaches due to lack of risk management strategies looms as a major issue for many banking executives, according to a 2017 <a href=\"http:\/\/www.itbusinessedge.com\/blogs\/data-security\/majority-of-organizations-dont-have-risk-management-plan.html\">Ponemon Institute Study<\/a><u>.<\/u>\u00a0 But, the industry remains unclear as to just what security leadership should look like.\u00a0 About half have not put any budget dollars to security planning for risk management for this year, according to the study.<\/p>\n<p>Still, banks of all sizes are going to pay even more attention in 2017, according to financial cyber industry reports:<\/p>\n<ul>\n<li>Financial cybersecurity systems are predicted to grow to $68 billion by 2020.<\/li>\n<li>US financial industry cybersecurity ranked No. 4 out of 18 of the US economy\u2019s industries in 2016.<\/li>\n<\/ul>\n<p>We encourage the banking community to begin that security planning for risk management with us.\u00a0 On Feb. 21<sup>st<\/sup>, Aspectx, PatchAdvisor, and ATAATA took a closer look at how the right measure of vulnerability assessment and security awareness training in the rank and file of your banking environment can make the difference.<\/p>\n<p>The companies offered a free webinar which has been archived for on demand viewing, for banking executives looking for the right mix of activities.\u00a0 This is a follow-up of\u00a0an Aspectx 2017 series to be held every other month.\u00a0 The first <a href=\"http:\/\/info.bsgfinancial.com\/shaping-your-future-in-banking-cybersecurity\">seminar,<\/a> entitled \u201cShaping Your Future in Banking Cybersecurity,\u201d was held in conjunction with BSG Financial Group.<\/p>\n<p><strong>Tune In Now to <a href=\"http:\/\/www.patchadvisor.com\/img\/webinar_201702.mp4\">Listen<\/a> to the Webinar on Demand<\/strong><\/p>\n<p>Internal communications plays a key role in syncing up what must be done this year.\u00a0 It\u2019s still the first quarter, so jump into the important components for success drivers with us.\u00a0 \u201cEmployees make bad security decisions, largely because they don\u2019t have a reason to care about security. We need to show them why their actions (or inactions) matter and how their choices can impact the company and their own lives,\u201d said Jann Yogman, VP of Marketing for ATAATA.<\/p>\n<p><strong>Assign It and Own IT:\u00a0 Appoint a CISO and Understand the Role<\/strong><\/p>\n<p>The answer for banks, and other industry sectors, may be the appointment of a CISO that can run down his or her checklist in understanding risk and moving into action-oriented decisions, according to Vickie Miller, VP and CISO at FICO.\u00a0 In the February 2017 edition of <a href=\"http:\/\/searchsecurity.techtarget.com\/feature\/Role-of-CISO-FICO-enlists-CISO-in-security-product-management\">Information Security<\/a> she talks about how \u201cunderstanding ramifications\u201d surrounding security requires a certain breadth of knowledge.<\/p>\n<p>This is where experts can come in.\u00a0 She cites diplomacy and \u201cthick skin\u201d as being a part of the process leading to security leadership best practices.<\/p>\n<p>While the banking community looks to discover its best practices for 2017, one need only look to the White House for what not to do. Democratic members of the House Science, Space and Technology Committee seek Congressional leaders to investigate cybersecurity lapses by the Trump Administration, including President Trump\u2019s Android unsecured phone from which he tweets.<\/p>\n<p><strong>On Finding Best Practices: NIST guidelines Takes Us Back to Basics<\/strong><\/p>\n<p>Recent new NIST digital identity guidelines for passwords for security authentication and lifecycle management came with a recommendation <a href=\"https:\/\/pages.nist.gov\/800-63-3\/sp800-63b.html\">to make policies more user-friendly<\/a>.\u00a0 All passwords should be \u201chashed, salted and stretched when stored,\u201d and \u201cnot all passwords should expire in a pre-set period,\u201d as reported by Michael Cobb, CISSP-ISSAP, a renowned security author in Information Security magazine, February 2017.<\/p>\n<p>And, users should be encouraged to create longer phrases instead of hard-to-remember passwords.<\/p>\n<p>Sometimes the first marching order toward planning outside the boardroom for proper network security is the hardest.\u00a0 But, don\u2019t compromise and look to begin a plan for risk management, which we know &#8212; in 2017 &#8212; will include vulnerability assessment, and security awareness training, even password review.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The loss of brand reputation over data breaches due to lack of risk management strategies looms as a major issue for many banking executives, according to a 2017 Ponemon Institute Study.\u00a0 But, the industry remains unclear as to just what security leadership should look like.\u00a0 About half have not put any budget dollars to security [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":57,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,4],"tags":[15,19,14,17,18,20,16,7,13],"_links":{"self":[{"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/31"}],"collection":[{"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=31"}],"version-history":[{"count":7,"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/31\/revisions"}],"predecessor-version":[{"id":51,"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/31\/revisions\/51"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=\/wp\/v2\/media\/57"}],"wp:attachment":[{"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.patchadvisor.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}