NEW YORK (11/14/08)--Security vulnerabilities often are not directly a technology issue, but a business issue, according to two IBM security executives. “There is no silver bullet, and the worst enemy is a lack of awareness,” said Phil McHugh, IBM ISS security executive, and Guy Denton, IBM ISS executive consultant, during a recent webinar that focused on security challenges faced by financial services providers. Risks can be data-driven, business-driven, or event-driven. Data-driven problems include viruses, worms, and disk failure. Business-driven problems include application outages, network problems and lack of governance. Event-driven problems stem from terrorism, natural disasters, power failures, fires or a pandemic, the webinar said. Increased collaboration among businesses also poses risks, McHugh said. Credit unions that want to guard against risks can undergo assessments. Vulnerability assessments provide penetration testing to see if vulnerabilities exist, and information security assessments comprehensively evaluate organizations’ information policies, procedures, controls and mechanisms. Five other initiatives that financial services providers are undergoing to prevent risks are:
* Access and identity management; * Security regulatory compliance; * Security training and awareness; * Governance for security, including frameworks; and * Disaster recovery and business continuity.