Credit Union Information Security Podcast

Richard Chambers, President of the Institute of Internal Auditors (IIA) has three words of advice for organizations, executives and auditors looking to improve the role of internal audit: "Follow the risk." In an exclusive interview, Chambers discusses: Impact of the economic recession on internal audit; How the role has evolved because of recent times; Advice for organizations, executive and auditors to further maximize the role. Chambers began his career in 1976 with the U.S. General Accounting Office, where he first became an internal auditor. He firmly established himself in government internal auditing and was named Worldwide Director of Internal Review for the United States Army in 1993. He later served as Deputy Inspector General for the United States Postal Service and Inspector General for The Tennessee Valley Authority. In 2001, Chambers joined The IIA staff as vice president, Learning Center. After a brief tenure as "acting president," he left The IIA in 2004 to join PricewaterhouseCoopers,

Alex Cox, Research Consultant and Principal Analyst, NetWitness Alex Cox, a research consultant and principal analyst at the IT security firm NetWitness, discovered last month the Kneber botnet, a variant of the ZueS Trojan that he says has infested 75,000 systems in 2,500 corporate and governmental organizations worldwide. (See Botnet Strikes 2,500 Organizations Worldwide.) In an interview, Cox describes: How the Kneber botnet works. Who the malware targeted. Damage the botnet could cause. Cox was interviewed by Eric Chabrow, GovInfoSecurity.com managing editor.

Beware suspicious money entering the U.S. via politically exposed persons (PEPs). And be mindful of non-banking entities that are involved in illegal activities outside of current anti-money laundering (AML) regulations. This is the advice from AML expert Kevin Sullivan, who offers insights on the newest money-laundering trends, including: The latest threats; Which types organizations are most at risk; How to fight back against these crimes. Sullivan is a former Investigator with the NY State Police and was the state investigations coordinator assigned to the NY HIFCA El Dorado Task Force in Manhattan. He has more than 20 years of police experience. Sullivan possesses a Masters in Economic Crime Management and is both a certified anti-money laundering specialist and certified anti-money laundering professional. He is also the director of AMLtrainer.com.

Joe Bernik, a banking and security veteran, has recently joined Fifth Third Bank as its new CISO. Among his challenges: preventing external attacks and building better internal relationships with business partners. In an exclusive interview, Bernik discusses: The evolution of information security and risk management in banking; The challenge of intrusion prevention; Strategies for identity access management. Bernik is a risk professional with 15 years of experience in information security. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. He was formerly Director of Operational Risk at the Royal Bank of Scotland and CISO of ABN AMRO and its subsidiary, LaSalle Bank. He has a bachelor's degree from the University of Mary Washington and completed graduate work at the City University of New York.

From blogs to wikis, Facebook to Twitter, social media have taken over the workplace. But how do security leaders manage social media before all these new tools and technologies become unmanageable? Jerry Mechling is a prominent author and lecturer at the Harvard Kennedy School, and in an exclusive interview he discusses: Social media's impact on public and private entities; The inherent security and risk management challenges; How organizations should begin to unlock social media's potential. Mechling, Lecturer in Public Policy at the Harvard Kennedy School of Government, is Founder of the Leadership for a Networked World Program and the Harvard Policy Group on Network-Enabled Services and Government. He is also a Research Vice President of Gartner. His studies focus on the impacts of information and digital technologies on individual, organizational, and societal issues. He consults on these and other topics with public and private organizations locally and internationally. He is primary author of E

What must financial institutions do to improve security education? Identity theft expert Robert Siciliano shares his thoughts on the need to change the mindset of financial institutions when it comes to educating their customers about identity theft and security issues. Among the topics he discusses: Why "old school" approaches to security education must change; How "Soccer Moms" are now becoming "Security Moms"; Why security education must come from the financial institutions. Siciliano has 29 years of experience in the business world and has been involved in information security, personal security and identity theft issues since the early 1990s. He has presented hundreds of security presentations to businesses including GMAC, the National Association of Realtors, Dominos Pizza, United Bankers Bank, Conference of State Bank Supervisors, along with numerous state banking associations, among others. He is also a certified security instructor for numerous industry associations.

Increasingly, digital forensics is an important element of an information security program for organizations of all types and sizes. But where can security leaders find qualified forensics professionals? How can these professionals obtain the skills and expertise they need to be successful? Rob Lee of Mandiant and SANS Institute discusses forensics careers, focusing on: Hot trends of 2010; Questions hiring managers must ask; Growth opportunities for qualified pros. Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he

What are the top fraud trends facing financial institutions in 2010? Gartner's Avivah Litan shares her insights in an exclusive interview with Information Security Media Group's Linda McGlasson, discussing: Increased number of attacks on strong authentication; How to handle ACH fraud; The biggest security challenges for banking institutions. Litan has more than 30 years of experience in the IT industry and is a Gartner Research vice president and distinguished analyst. Her areas of expertise include financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications, as well as other areas of information security and risk. She also covers the security related to payment systems and PCI compliance.

Dena Haritos Tsamitis has an ambitious goal for the year: to improve cyber awareness among 10 million people globally. The Director of Education, Training and Outreach at Carnegie Mellon University's CyLab, Dena discusses: The cyber awareness challenge among people of all ages; Effective techniques for improving awareness; How organizations can improve and maximize their own efforts. Dena oversees education, training and outreach for Carnegie Mellon CyLab, the university's cybersecurity research center. She leads the MySecureCyberspace initiative to raise "cyber awareness" in Internet users of all ages through a portal, game and curriculum. She guides the education initiatives of the NSF Situational Awareness for Everyone center, which explores ways to improve computer defenses by incorporating models of human, computer and attack interactions into the defenses themselves. Also through CyLab, she serves as Principle Investigator on two NSF-funded programs: the Scholarship for Service (SFS) program and t

Interview with James Van Dyke of Javelin Strategy & Research Identity fraud crimes expanded at a 12% rate in 2009. What can we expect to see in 2010? Javelin Strategy & Research is out with its latest Identity Fraud Study. For insight on the study results and what they mean to organizations across industry, James Van Dyke of Javelin discusses: Headlines from this year's study; Trends and threats to watch; What organizations and individuals can do to better protect themselves. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

When it comes to enterprise security, an organization gets its tone from the top - even when the tone is set accidentally. How do you set the right tone? That's the topic of the new book from former CISO Jennifer Bayuk: "Enterprise Security for the Executive: Setting the Tone from the Top." In an interview about her book, Bayuk discusses: The key audience she wants to reach; The main message for enterprise leaders; Today's top enterprise security challenges and how leaders should tackle them. Bayuk is an independent consultant on topics of information confidentiality, integrity and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. She has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Se

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerab

What's one of the biggest threats to Florida banking institutions? Regulatory reform, according to Alex Sanchez, head of the Florida Bankers Association. "We're easy targets," says Sanchez, who fears Main Street institutions will take it on the chin from legislators for economic mistakes made by Wall Street and non-banking firms. In an interview on the state of banking in Florida, Sanchez discusses: Top banking challenges; Biggest security threats; The potential impact of regulatory reform. Sanchez serves as President and Chief Executive Officer of the Florida Bankers Association (FBA). Founded in 1888, and located in Tallahassee, the FBA is the leading voice for Florida's banking industry. Sanchez' responsibilities include representing and advocating for Florida's banking industry before all legislative and regulatory bodies in Tallahassee and in Washington. Before joining the FBA, he was an attorney at Sinclair Louis, a Miami based law firm, specializing in business law; Consolidated Bank, Assistan

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in ass

What's the cost of a data breach? The Ponemon Institute is out with its 5th annual "Cost of a Data Breach" study, and in an exclusive interview Dr. Larry Ponemon discusses: The current cost of a data breach - and how it's risen since 2009; Data breach trends across industry; What organizations should do to respond to or prevent breaches. Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Co

President Obama this past week made strong remarks to spur Congress and populist support toward banking regulatory reform. But what's likely to happen? And when? "There might be stronger regulatory reform than people thought six months ago," says Christie Sciacca, formerly with the Federal Deposit Insurance Corporation, currently a director with LECG in Washington, D.C.. In an exclusive interview, Sciacca discusses: The substance of Obama's proposals; What's likely to occur in regulatory reform; Whether reform will occur in 2010. Sciacca spent 13 years at the FDIC, where he led examination, supervisory and bank rescue transaction projects in Detroit, New York, and Washington DC. From 1983-1986, Sciacca was Assistant to the Chairman, representing the Chairman on interagency matters, at bank trade association meetings and on all operational and policy matters. Sciacca served as the FDIC's representative on the Vice President's Task Group on the Regulation of Financial Services. In 1996, he returned to t

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening e

Interview with Lydia Parnes, Former Director of the FTC's Bureau of Consumer Protection Privacy, data security and consumer protection - three of the top concerns to organizations everywhere. And they are three of the topics nearest and dearest to Lydia Parnes, former director of the Federal Trade Commission's (FTC) Bureau of Consumer Protection. Now a partner in the Washington, D.C. office of Wilson Sonsini Goodrich & Rosati, Parnes works with organizations to ensure their privacy and security policies. In an exclusive interview, Parnes discusses: Current trends in privacy, data security and consumer protection; The greatest challenges to organizations entrusted with ensuring these protective measures; How the public and private sectors are likely to work together to tackle these challenges this year. Parnes' current practice focuses on privacy, data security, Internet advertising, and general advertising and marketing practices. The former director of the Bureau of Consumer Protection (BCP) at the

Interview with Brian Hurdis, EVP Technology Services, FIS Third-party service providers are a staple of banking services in the information era. How can banking institutions get the most from these relationships? Brian Hurdis, executive vice president of technology services at FIS, discusses: The biggest information security challenges facing banking institutions in 2010; Solutions to help overcome these challenges; How institutions and service providers can collaborate to get the most out of the vendor relationship. Hurdis joined FIS in October 2009 with the company's acquisition of Metavante Corporation. Previously, Hurdis served as senior executive vice president of operations and service delivery and chief information officer for Metavante, a position to which he was appointed in July 2008. In this role, Hurdis was responsible for service delivery, development operations, project management, call center and item processing operations. He was also a member of the company's Executive Committee. Hurd