Credit Union Information Security Podcast

Texas attorney Richard Coffman was the first to file a class action suit against Heartland Payment Systems (HPY) after its data breach was announced publicly this past January. In an exclusive interview, Coffman discusses: The status of legal actions against Heartland; What's unique about the Heartland case; What consumers and financial institutions can expect to see going forward. After practicing several years as a CPA with two international accounting firms, Coffman received his law degree from the University of Texas in 1989. He began his legal career in Houston with a large Texas law firm where he represented plaintiffs and defendants in commercial litigation. Since that time, his own law practice, the Coffman Law Firm, has focused on business cases, consumer cases, complex commercial litigation and class actions.

Email security is an issue for businesses and agencies of all sizes. To tackle that challenge, BITS and eCert Inc. have just released a new paper entitled "Email Sender Authentication Deployment." In an exclusive interview, Paul Smocer, VP of Security at BITS, discusses: Top email security challenges facing organizations; Ways to tackle those challenges; How the information in this new paper will help. Smocer was hired in early 2008 by BITS, a division of the Financial Services Roundtable, to lead its security program. Smocer has over 30 years' experience in security and control functions, most recently focusing on technology risk management at The Bank of New York Mellon and leading information security at the former Mellon Financial. While at Bank of New York Mellon and at Mellon, Smocer was actively engaged with BITS as a member of its Vendor Management Working Group, as 2005 Chair of its Security Steering Committee, and as 2004 Chair of its Operational Risk Committee.

Data and privacy protection - there's much that government, industry and consumers alike can do to improve information security. And the Federal Trade Commission (FTC) is at the heart of education and enforcement efforts. In an exclusive interview, the FTC's Joel Winston discusses: Top privacy risks facing consumers and businesses; How the agency is battling privacy risks; The latest on Identity Theft Red Flags Rule compliance. Winston is Associate Director of the Division of Privacy and Identity Protection of the Federal Trade Commission's Bureau of Consumer Protection. That Division has responsibility over consumer privacy and data security issues, identity theft and credit reporting matters, among other things. Mr. Winston serves on the federal government's Identity Theft Task Force, which was created by President Bush in March 2006. He also is a member of the Advisory Board for the BNA Privacy & Security Law Reporter, and served on the Editorial Board and as an author for a treatise published in 200

In the face of fraud, enterprise authentication is the key to helping to prevent information security breaches. But how do you deploy solutions that are at once versatile, compliant and cost-effective? Steve Neville, Director of Identity Products and Solutions at Entrust, discusses: The top enterprise authentication challenges for financial institutions; How banking institutions are tackling these challenges; How to make the best business case for enterprise authentication. Neville draws on more than nine years of hi-tech marketing and product management experience to drive the strategic direction of both products and solutions for Entrust. Prior to joining Entrust, Neville was Director of Marketing at an innovative Web technology company, NetPCS Networks, where he was responsible for all market-facing activities, including direct, channel and corporate marketing. He also was responsible for the company's critical web presence and oversaw the launch of NetPCS' leading-edge online interaction product.

Identity and Access Management (IAM) - it's a challenge for banking institutions of all sizes. And with institutions continually merging, acquiring and establishing new partnerships, the IAM challenge is only growing. In an exclusive interview, Jay Arya, 1st VP of Information Security at Investors Savings Bank, discusses: How his bank is tackling IAM; Technology solutions that will improve IAM; Advice to other institutions facing the same issues. Arya was promoted First Vice President in charge of Information Security on Jan. 1. Prior to this appointment he worked in Investors Savings Bank's IT Group since 2001 and handled a wide range of IT and Security responsibilities. As the Bank's Information Security Officer, Arya focuses on managing data security and enhancing the overall security posture of the Bank. Prior to joining Investors, he worked at Prudential Insurance in Finance. Investors Savings Bank, with over $7 billion in assets and a network of 58 branches, has been serving New Jersey residents

Doug Brown Discusses Mobile Strategy, New Products, Biometric Security Bank of America was one of the first institutions to move toward mobile banking in a big way. Two years into the initiative, Doug Brown, SVPO of Mobile Product Development, discusses: Mobile trends at BoA; Security hurdles the institution has faced; Advice for other institutions now getting into mobile banking. Brown leads the eCommerce Product Development team at Bank of America, where he is responsible for strategy and new product development for online banking, mobile banking and ATM. Most recently, Brown led the successful launch of the Bank of America mobile banking and bill pay products. He has an extensive background in marketing and technology strategy in the financial services, software and telecommunications industries.

Vendor management was one of the hot regulatory topics going into 2009, and it's only gotten hotter as the year has unfolded. James Christiansen, a longtime financial services/security leader and currently CEO of Evantix, discusses: Vendor management trends at financial institutions; How the Heartland breach has increased regulatory pressure to improve vendor management; What institutions need to do now to improve their vendor management practices.

From the president on down, the nation has a renewed focus on cybersecurity. Nadia Short of General Dynamics, a major government/defense contractor, discusses: The types of cybersecurity positions GD is filling; Requirements for qualified personnel; Potential career paths in cybersecurity. Nadia D. Short is vice president of strategy & business development at General Dynamics Advanced Information Systems. In this role, she is responsible for strategic planning, business development, international business, marketing and public relations, and customer and corporate relations.

In these times of mergers and acquisitions in the banking industry, identity and access management (IAM) is a huge challenge. Mike Del Giudice of Crowe Horwath LLP shares insights on: IAM trends in financial services; How banking institutions are tackling IAM challenges; The 'gotchas' to avoid. Del Giudice is a Senior Security Manager with Crowe Horwath's (Crowe) Risk Consulting Group, specializing in Information Security and Security Strategy, including data privacy, network auditing, External and Internal Penetration Testing, and compliance related to governmental regulations. Mike also has an extensive knowledge of policy and procedure development and has implemented effective information security solutions for a variety of clients.

Steve Katz was the world's first CISO, and he has unique insight on the information security profession - how it's developed and where it's headed. In an exclusive interview, Katz discusses: How the information security role has evolved; Which trends are changing the role; The skillsets necessary for today's security professionals to succeed tomorrow. Katz is a prominent figure in the network security discipline. Since 1985, he has served as the senior security executive for Citibank/Citigroup, JP Morgan, and most recently Merrill Lynch - and has been a force in raising the visibility and shaping the direction of the security industry at industry and government levels. Deeply respected within both the financial services and security industries, Katz has testified to Congress on information security issues and was appointed as the Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. Other credentials include: Founder and Chairman of the Financial

According to the 2009 Banking Information Security Today survey, banking institutions - despite the economy - are investing in new banking services, i.e. mobile banking and remote capture. To gain further insight into spending trends, we spoke with Christine Barry, research director with Aite Group, on: Mobile banking trends; Other new banking services; Post-recession growth areas. Christine Barry serves as a Research Director at Aite Group LLC, focusing on the strategies and technology implementations of global banks of all sizes. Her recent research has addressed remote deposit capture, best-practices for credit unions, capturing the valuable small-business customer, global cash management trends, and core banking system replacement. She is an acknowledged banking industry expert with more than a decade of experience in financial services products and technologies. She has worked with a broad range of U.S. and international clients analyzing industry trends and identifying market opportunities, produc

Hard times have taken a toll everywhere - even when it comes to internal audit practices at financial institutions. Yet, in the wake of security breaches and questionable business practices at some financial institutions, federal regulators are cracking down on auditors. In an exclusive interview, Holly Kidder, a director of the Institute if Internal Auditors, discusses: The state of internal auditing at banking institutions; How the practices has been impacted by the recession; Programs/services offered by the IIA to help member organizations. Kidder has almost 15 years of experience within the field of internal auditing as well as practical knowledge in the financial services industry, having worked in various roles from teller to Vice President. She is currently a Technical Director within Standards and Guidance at The Institute of Internal Auditors (IIA) Global Headquarters. The IIA, established in 1941, is an international professional association of more than 160,000 members in 165 countries with

For thousands of years, people have attempted to hide sensitive information from competitors or enemies. Since January, critics of the Heartland Payment Systems data breach have called out for tougher encryption standards for financial institutions and their third-party service providers. Applications for encryption are all around us from encrypting email traffic to board communications, remote access and mobile & Internet banking. In an exclusive interview, Matthew Speare of M&T Bank discusses his webinar on the topic, touching upon: Encryption trends; How to decide when to encrypt/when not to; Advice to financial institutions struggling with the challenge. Speare oversees security for M & T Bank Corporation, the nation's 17th largest bank holding company, based in Buffalo, New York. He is responsible for developing and sustaining an information risk program that effectively protects the personal information of millions of M & T Bank customers. His responsibilities include information security managemen

Electronic communication is at the heart of every organization, but one compromised e-mail can damage your corporate brand, compromise intellectual property or put you in non-compliance with laws and industry regulations. Do you want to explain to your customers how you lost control of their personal financial information? In an exclusive interview, Matthew Speare of M&T Bank discusses: Internal and external factors that drive the need for secure communication; The "gotchas" that await you; Where to get started. Speare oversees security for M & T Bank Corporation, the nation's 17th largest bank holding company, based in Buffalo, New York. He is responsible for developing and sustaining an information risk program that effectively protects the personal information of millions of M & T Bank customers. His responsibilities include information security management, IT compliance and risk management, corporate emergency and incident response, and business continuity management. Matt is also a Major in the Ar

There are more opportunities than ever for skilled information security professionals. This is the belief of Gerald Masson, Director of Johns Hopkins University Information Security Institute, and in an exclusive interview he discusses: Job prospects for information security professionals in the public and private sectors; Growing opportunities in the healthcare field; What students need to know if they're either starting or re-starting their careers. Masson received his PhD from Northwestern University in 1971. He has developed and taught numerous graduate and undergraduate courses addressing various aspects of the field of computer networking and systems architecture. He has published over 150 technical papers, co-authored two books and is an inventor on six patents. His research addresses a range of issues dealing with the foundations and implementations of distributed systems regarding issues such as survivability, real-time performance monitoring techniques, and security mechanisms used for networ

Individually, banking institutions, law enforcement agencies and regulatory boards understand the risks of money-laundering crimes. But collectively, in active collaboration, they could do much more to prevent, detect and investigate these crimes, says AML expert Kevin Sullivan. In an exclusive interview in advance of his latest AML webinars, Sullivan discusses: Anti-money laundering trends; The greatest challenges facing investigators; What's most misunderstood about AML legislation - including the Bank Secrecy Act (BSA). Sullivan is a former Investigator with the NY State Police and was the state investigations coordinator assigned to the NY HIFCA El Dorado Task Force in Manhattan. He has more than 20 years of police experience. Sullivan possesses a Masters in Economic Crime Management and is both a certified anti-money laundering specialist and certified anti-money laundering professional. He is also the director of AMLtrainer.com.

Verizon Business investigated 90 major data breaches in 2008, including 285 million compromised records. Nearly ¾ of those breaches were external hacks, and 99.9 percent of the records were compromised via servers and applications. These are among the findings of Verizon's new 2009 Data Breach Investigations Report. In an exclusive interview, Dr. Peter Tippett, VP of Technology and Innovation at Verizon Business, discusses: The survey results; What these results mean to financial institutions and government entities; Which threats to watch out for most in the coming months. Tippett is the chief scientist of the security product testing and certification organization, ICSA Labs, an independent division of Verizon Business. An information security pioneer, Tippett has led the computer security industry for more than 20 years, initially as a vendor of security products, and over the past 16 years, as a key strategist. He is widely credited with creating the first commercial anti-virus product

As the swine flu outbreak triggers new fears of a global pandemic, security organizations must dust off and review their emergency management plans. For insight on how to prepare for swine flu, pandemic expert Regina Phelps offers expert insight on: What you need to know about swine flu; How your organization should respond - internally and with customers; Where and what to watch for updates over the coming days. Regina Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety. Resources Swine Flu Update Swine Flu FAQ

To this point, information security professionals have been generalists. Going forward, they'll have to be specialists. At least this is the opinion of John Rossi, professor of systems management/information assurance. In an exclusive interview on the future of the information security profession, Rossi discusses: Why information security is headed toward specialization; The new capacities security professionals must develop; How academic institutions and industry groups must change how they educate security pros. Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assess

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.