FROM BANK TECHNOLOGY NEWS…

The primary driver of information security is-surprise, surprise-regulatory compliance. A new survey by Ernst & Young cites the “sheer number of regulations and the consequences of not complying with them” as the reasons that information security is now a boardroom issue. More than three-fourths (76 percent) of banking respondents to the survey cited compliance as the “primary driver” of information security in their companies the past year.

Respondents were asked by Ernst & Young to rank the top three types of regulations or requirements that affect their bank’s information security practices. Operational risk was cited as the primary driver (69 percent), followed by internal controls (63 percent) and privacy (49 percent). Industry-specific regulations ranked fourth at 44 percent.

While bankers remain hyper-focused on compliance, Ernst & Young officials maintain that industry players are missing an opportunity to strategically align information security within their organizations.

The reason?

To read the complete article, click HERE…

From the Security Pipeline…

Enterprises should expect a continued move toward stealthier, smaller, more focused attacks on their computer security, IBM said Monday, with the weakest link - workers’ gullibility - increasingly the focus of hacker efforts.

In its annual “Security Threats and Attack Trends Report” for 2005, IBM laid out the major events of the past year and made security predictions for the next.

It won’t be pretty.

Read the complete article HERE…

From Bank Systems & Technology Online…<!-StartFragment ->

 Here we go again.

On the heels of a string of high-profile customer data breaches that have consumers scrambling and privacy advocates saying “I told you so,” People’s Bank says that a backup tape containing personal information on 90,000 customers was lost while being transported by UPS to credit reporting bureau TransUnion.

The tapes, which are the focus of a joint investigation by People’s Bank, TransUnion, and UPS, contained names, addresses, and bank account and Social Security numbers for customers who have a form of checking account overdraft protection called personal credit lines. The bank says that information is not sufficient to gain unauthorized access to customer accounts, and that data such as account balances, debit card numbers, passwords, PINs and birthdates were not on the tape. People’s Bank has sent letters to affected customers alerting them to the data loss, and it’s offering them a year’s worth of credit-monitoring services free, a step that has become customary when such breaches occur.

To read the entire article, click here…

From the Slashdot.org web site…

An anonymous reader writes “Researchers have found several security holes in Blackberry handheld devices and the servers that power them, according to a story at Washingtonpost.com. The research points out serious flaws in the BlackBerry server, which could be exploited by convincing Blackberry handheld users to click on an image file attachment. From the article: ‘Lindner’s slides from his presentation - which he agreed not to release until RIM has fully fixed this problem - show that the Blackberry server which manages all of the encryption keys needed to unscramble e-mail traffic to and from all Blackberry devices registered on the network stores them on a Microsoft SQL database server in plain, unencrypted text. Lindner found that by convincing a Blackberry user to click on a special image attachment, that handheld device could be made to pass on malicious code to the Blackberry server, which could then be taken over and used to intercept e-mails or as a staging point for other attacks within the network.’”