Describe five key financial data security issues as determined by a National Cybersecurity Institute and Dell Corporation survey.
- [Instructor] Information on how financial services organizations approach data security was drawn from primary research on the views of enterprise chief information security officers in the finance industry vertical, collected by the National Cybersecurity Institute and Dell Corporation in the spring of 2015. More detailed information is available in Practical Cloud Security: A Cross Industry View, published by CRC Press, and available in bookstores, and online. The lifeblood of a banking or financial services firm is data, and this data includes customer financials and account information, cardholder data and transactions, and non-public personal information. Almost all the information generated or used by a financial services firm is regulated, potentially sensitive, or private. The data security compliance and regulation challenges alone are daunting. These include data at rest protection requirements, which are found within the PC-DSS, GLBA, SOX, J-SOX, NCUA, the USA Patriot Act, a litany of alphanumeric rules and regulations that drive data privacy and data residency laws. Each requirement adds to the need to protect sensitive information wherever it resides. Safeguarding critical financial data with maximum return and minimum risk is paramount. Financial institutions must continually adjust security postures as external attacks on financial infrastructure and online properties increase and change. They must also meet the need to protect from the traditional concerns with insiders and privileged users, while also dealing with the additional hazards that compromising these accounts may bring.
- Cloud computing drivers
- Deployment and services models
- Attack vectors
- Cyberthreats to financial services
- Regional requirements for data privacy and protection
- Regional risk and compliance requirements
- Case studies in financial cloud security