"Matching an implementation to the cloud definition can assist in evaluating the security properties of the cloud," says computer scientist Peter Mell, author of The NIST Definition of Cloud Computing.
What fraud and security issues does Paul Smocer, the new president of BITS, see as being top concerns in the coming year? Mobile payments, social media, and a strong need for institutions and organizations to comply with existing guidance top the list.
"The CRMA will give us a heightened awareness of our responsibility in not just evaluating operational or compliance risks, but understanding strategic risks to the business," says Denny Beran of J.C. Penney.
The growing IT security profession - which shows virtually no unemployment, according to government data - remains the domain of white and Asian men with a scarcity of women, African Americans and Latinos.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
In the areas of risk management and business continuity, security professionals have advanced significantly since Sept. 11, 2001. But there's still an issue of complacency that needs to be addressed, says Rolf von Roessing, past international vice president of ISACA.
"We find a lot of security professionals saying, 'I'm just going to get another certification, or I'm going to get deeper into this technology skill,'" says researcher David Foote. "That's not going to get you very far."
"Once you identify that person based on the unique characteristics of their face, you could then match it with other databases," privacy advocate Beth Givens says, referring to privacy gaps created by facial recognition technology.
The Reserve Bank of India issued guidance in April, 2011 for banks to mitigate the risks of use of information technology in banking operations. Here is an overview of the nine topics specifically addressed by the guidance.
"You need to understand how you are currently using social media in your organization, and how you intend to use it, before you can define policies around social media," says Erika Del Giudice of Crowe Horwath.
Provisions in legislation introduced by Sen. Richard Blumenthal, D-Conn., target companies that store online data for more than 10,000 people to assure their customers' personally identifiable information is protected.