Hamilton, NJ (PRWEB) October 31, 2011

“Financial Industry Threats Evolve.” said John Verry, Security Sherpa for Pivot Point Security. This has been made clear with the growth of ZueS malware. In fact, perhaps no industry is subject to more regulations or holds more sensitive Personally Identifiable Information (PII).

Pivot Point Security recently informed its customers about information security trends for the financial industry. As banks undergo their annual FDIC audits, they should be aware that an auditor is likely going to ask about wireless (WLAN) security.

“Do you have any wireless access points? If so, specify the number of Wireless Access Points, security controls in effect and your procedures for detecting rogue access points”

To address this change, financial services should consider WLAN security testing. One option is a WLAN Configuration Audit, which validates that the WLAN is designed and configured in accordance with good practices. Another option is a WLAN Survey, which confirms that the WLAN is restricted to authorized individuals, does not extend beyond intended boundaries, that no Rogue Access Points have been deployed, and that other organizations’ WLANS are not extending into the workspace and putting the business at risk.

Banks working with third-party vendors should also be looking closely at their information security. In an interview, Donald Saxinger, Senior Examination Specialist for the FDIC, said that auditors are closely monitoring service level agreements and contracts with third-party vendors in areas such as cloud computing, mobile banking and mobile payments. “The same technology that can be used to improve security is also a security risk,” said Saxinger.

Many Pivot Point Security customers using third-party vendors have been asked to prove compliance (attestation). With that in mind, Pivot Point Security has created a Third-Party Vendor Risk Management Presentation and Information Security Guide – both available as a free download.

Another trend discovered is the volume of phishing attacks reaching financial industry emails. Phishing emails come in all shapes, sizes and forms. The key is to be aware of suspicious emails that arrive in your email boxes. Attachments and linked files are common in these emails, and they often contain an embedded version of theZeuS malware.

Pivot Point Security recommends for financial institutions are undergoing their annual security testing, to consider the following:

• FDIC / FFIEC / OTS / SEC Controls Audits
• Network / Online Banking Systems Penetration Testing
• Zeus Malware Detection / Protection
• Social Engineering (e.g., Phishing)
• Security Log Monitoring & Retention

To learn more about these services, download your free copy of the Third-Party Vendor Risk Management Presentation and Information Security Guide.

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

• How to deal with increasing threats
• How to manage multiple regulatory requirements
• How to handle client requests for attestation
• To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

• Substantiate the net effectiveness of a mature control environment
• Prove to a third party that an environment is secure/trustworthy
• Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
• To validate that significant changes did not have unanticipated results

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

• Simplify compliance monitoring/reporting
• Vastly improve Incident Detection & Incident Response
• Contextualize event information with other business relevant information