Credit Union Information Security Podcast

It's a simple proposition for successful applicants to the Scholarship for Service (SFS) Program: Get your information security education paid for, and then come work for the U.S. government. "It's one of the most generous scholarships I've ever seen," says Victor Piotrowski, Lead Program Director of SFS for the National Science Foundation. In an exclusive interview, Piotrowski discusses: The origins of SFS; How students can apply; Where graduates are finding jobs. Before joining NSF, Piotrowski served as a Professor and Chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.

At a time when many businesses are contracting because of the recession, Investors Savings Bank in New Jersey is continuing to grow its consumer and commercial banking operations - and without federal government investment. The goal, says Kevin Cummings, President and CEO, is to be a different kind of bank - one that makes a difference in its community. "We have to be leaders who serve - not self-serving leaders," Cummings says. In an exclusive interview, Cummings discusses: His top banking/security agenda items for 2009; The impact of the recession on his institution; How he plans to grow his company base; The future of regulatory reform. Cummings was appointed President and CEO of Investors Savings Bank on Jan. 1, 2008. He was also appointed to the Board of Directors at that time. Prior to that, he was the bank's executive vice president and COO from July 2003. Before joining Investors Savings Bank, he had a 26-year career with KPMG LLP. Investors Savings Bank is an Independent, full-service communi

From the Heartland data breach to the new Massachusetts data protection law, privacy is the hot topic in business and government. In an exclusive interview, Peter Kosmala, assistant director of the International Association of Privacy Professionals (IAPP), discusses: The top privacy topics in business and government; How organizations are tackling these issues; The potential impact of state and federal privacy legislation; The value of the Certified Information Privacy Professional (CIPP) credential. Kosmala oversees product management for the IAPP with specific oversight of distance learning products, privacy certifications and industry awards programs. He also manages business development efforts between the IAPP and peer organizations in the information security, information auditing and legal compliance arenas as well as organizations based in the Asia-Pacific region. The IAPP, based in York, Maine, was founded in 2000 with a mission to define, promote and improve the privacy profession globally.

Endpoint virtualization is one of the hottest emerging technologies for financial institutions, which are looking to maximize secure access to and management of key applications - while also controlling costs. In this Emerging Technologies Insights panel, we hear from: Matthew Speare of M&T Bank on how a banking institution leverages virtualization; Tom Wills of Javelin Strategy & Research on current security trends that impact endpoint virtualization efforts; Brian Duckering of Symantec on strategies and solutions being employed across industry. In this 30-minute panel discussion, the panelists discuss successful virtualization strategies for banking institution, offering unique perspectives from the practitioner's vendor's and market researcher's points of view. They also tackle a series of questions on endpoint virtualization, including: What is the economic imperative for financial institutions to explore virtualization? What are the biggest security challenges and opportunities from virtualization t

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated iden

Insights on the Obama Administration's Early Efforts to Strengthen Financial Services And so it begins. With Treasury Secretary Geithner's appearance before Congress, requesting greater authority over non-banking institutions, the Obama Administration is starting to flex its muscles in preparation for a complete re-shaping of financial services regulation. In an exclusive interview, Jim Eckenrode, Banking Executive at TowerGroup, discusses: Reaction to Geithner's initial moves; How regulatory reform likely will unfold - and when; Why the banking industry is on the verge of creating what he calls "a new hierarchy." Jim Eckenrode is the Banking & Payments Research Executive at TowerGroup. He focuses his research and advisory activities on the major trends and directions in the global banking industry and, through that research, provides guidance and advice to senior-level banking and technology executives. TowerGroup, a wholly owned subsidiary of MasterCard Worldwide, is the leading research and ad

The financial markets responded positively to Treasury Secretary Timothy Geithner's newly-announced plan to buy up bad bank assets and ease the credit crunch. And so does industry expert Peter Vinella, global head of consulting for LECG's financial services sector, who likens it to a "financial Marshall Plan" for rebuilding the industry. In an exclusive interview, Vinella discusses: The positive ramifications of Treasury's plan; What the plan needs to succeed - and what could threaten it; Why this plan is good news for community banking institutions. Peter U. Vinella is a managing director in LECG's Emeryville office and has more than 20 years of experience in the financial industry. He has worked with the US Congress and GAO on a variety of issues including TARP/ESSA, program trading, derivatives regulations and the impact of September 11th on the US financial system. LECG, a global expert services and consulting firm, provides independent expert testimony, original authoritative studies and strategic

Treasury Secretary Timothy Geithner has now outlined the Obama Administration's plan - this time with specificity -- to buy up bad bank assets and ease the credit crunch. But what's it mean to individual financial institutions? In an exclusive interview, John Jay of Aite Group discusses: First reactions to Treasury's plan; How the plan could succeed, and what could derail it; What it all means to mainstream banks and credit unions. Jay is a senior analyst at Aite Group, LLC. He specializes in fixed-income-structured products and technological applications involved in the structured products space. Aite Group is a leading independent research and advisory firm focused on business, technology and regulatory issues and their impact on the financial services industry.

TJX, Hannaford, Heartland Payment Systems. We know the names of the most infamous data breaches, but what have they really cost financial institutions? And what types of fraud should institutions look out for in the months ahead? Perimeter eSecurity recently conducted a study of financial institution data breaches. Kevin Prince, Chief Architect of Perimeter eSecurity, discusses that study, offering insights on: The most common types of data breaches; What financial institutions can do to prevent them; Fraud trends to look out for in 2009. A well known expert in the security industry, Prince regularly trains Federal Examiners at the National Credit Union Administration (NCUA) and the Federal Financial Institutions Examination Council (FFIEC) on such topics as firewall security, remote access, virtual private networks, intrusion detection and prevention systems, and on what the examiners should look for when they examine a financial institution.

The Heartland Payment Systems data breach has brought extra attention to the Payment Card Industry Data Security Standard - PCI DSS. How well embraced is the standard, and what happens to companies if they're found to not be PCI compliant? In an exclusive interview, Tony Bradley, co-author of the book PCI Compliance: Understand and Implement Effective PCI Data Security Standard, discusses: The state of PCI compliance; What's most misunderstood about the standard; The top three PCI-related stories we'll see unfold in 2009. Bradley is Director of Security for Evangelyze Communications, a global voice and unified communications products and professional services organization. He also is the lead-author and tech editor of PCI Compliance, currently co-authoring PCI Compliance - 2nd edition with Dr. Anton Chuvakin.

Warren Buffett says the economy has "fallen off a cliff." But where does the fall end, and how badly bruised will financial institutions be when they pick themselves off the ground? In an exclusive interview, Steven Weisbart, SVP and Chief Economist, the Insurance Information Institute, discusses: The true impact of the recession on financial institutions; TARP monies and nationalization of banks; Signs of recovery to watch for in the months ahead. Weisbart is senior vice president and chief economist for the Insurance Information Institute. Weisbart oversees the Institute's program of economic research and analysis, preparing studies in support of the organization's communications mission, speaking to media and conducting briefings for member companies, industry organizations and public policymakers. A specialist in annuities, pensions, and life, disability and long-term care insurance, Weisbart frequently also makes presentations on property/casualty issues to industry audiences as well as legislative

Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources. In an exclusive interview, Joe Restoule, President of the Risk and Insurance Management Society (RIMS), discusses: The top risk management issues of 2009; How risk managers should focus their available resources; Advice for professionals looking to start a career in risk management. Restoule currently serves as RIMS president. He has served on RIMS board since 2001 in various capacities, including vice president and secretary. RIMS is a not-for-profit organization dedicated to advancing the practice of risk management. Founded in 1950, RIMS represents more than 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 10,500 risk management professionals around the world.

Despite the recession and record job losses, information security remains a top concern for public and private sector organizations. But what can security professionals do to protect their careers and be considered for these jobs? In an exclusive interview, Pat Myers, chair of (ISC)2, discusses: Top security and risk management issues facing organizations; How security professionals can protect and invest in their careers; Advice for people looking to either start or move into an information security career. An (ISC)² Board member since 1999, Myers has more than 23 years experience in all facets of information security, working extensively in financial services for such companies as Charles Schwab, Inc., Wells Fargo Bank, American Express, and Williams-Sonoma, Inc. She was previously a Director with RedSiren and was "CyberDean" of their Information Security University.

The U.S. Treasury's Office of Foreign Assets Control (OFAC) maintains a list of individuals and organizations that represent security risks to the U.S., and businesses are required to screen their customers and transactions against this list. But how does one filter correctly and interpret aliases properly to stay in OFAC compliance? In an exclusive interview, Geff Vitale, AML Education Manager, Metavante Risk and Compliance Solutions, discusses: OFAC challenges for financial institutions; The ramifications of being out of compliance; Strategies and solutions that help financial institutions be compliant. Vitale manages training of Anti-Money Laundering and Prime Compliance Suite for Risk and Compliance Solutions of Metavante Corporation. He is responsible for leading the development and delivery of training services to help financial institutions meet regulatory requirements for AML training, develop implementation procedures for the Prime Compliance Suite and develop training programs for end users. He

Cybersecurity is a major priority of the Obama Administration, and at Carnegie Mellon University's Software Engineering Institute, it's a key component of the CERT Program's Survivability and Information Assurance (SIA) curriculum. In an exclusive interview, Lawrence Rogers, chief architect of the SIA program, discusses: The need for cybersecurity education; The greatest cybersecurity needs in government and business; Potential career paths for cybersecurity professionals. Lawrence R. Rogers is a senior member of the technical staff in the CERT Program (also the home of the CERT Coordination Center). He has been writing articles for the non-computer professional for several years and was the chief architect and main contributor to the CERT Survivability and Information Assurance (SIA) Curriculum. He is currently a member of the Cyber Forensics team and teaches courses on system administration, cyber forensics, and incident handling.

Banking was a major topic in President Barack Obama's first address to the American people. What will be his administration's approach to banking in this recession, and what can we come to expect for policy and regulations throughout 2009? In an exclusive interview, Kathleen Khirallah, managing director of TowerGroup's Banking practice, discusses: The significance of the President's attention to banking; Why bank nationalization is unlikely to occur; The impact of the Heartland data breach on banks and consumers' perception of financial institutions. Kathleen Khirallah is the Managing Director and Practice Leader of TowerGroup's Banking practice. She has over 25 years of financial services industry experience. Prior to joining TowerGroup in 1997, she was senior principal at Marketing PLUS Inc., a consulting firm that specializes in maximizing the revenue potential from marketing customer information file (MCIF) and operational customer information file (CIF) systems. She has an extensive background in th

We all know the risk of the insider threat is high, but what are the specific vulnerabilities for which organizations should be particularly vigilant? In an exclusive interview, Randy Trzeciak of Carnegie Mellon's CERT program discusses recent insider threat research, including: Patterns and trends of insider crimes; Motives and means displayed in real insider cases; What employers and staffs can do to prevent and detect crimes. Trzeciak is currently a Senior Member of the Technical Staff for the Threat and Incident Management Team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. He is a member of a team in CERT focusing on insider threat research, including insider threat studies being conducted with the US Secret Service National Threat Assessment Center, DOD's Personnel Security Research Center (PERSEREC), and Carnegie Mellon's CyLab.

The failing economy and the Heartland Payment Systems data breach have focused all of us on the risks of fraud. But what are today's biggest fraud risks to banking institutions, and how can these risks be mitigated? In an exclusive interview, Steve Neville, Director of Identity Solutions with Entrust, discusses: The top fraud risks threatening banking institutions; How to approach the heightened insider threat; Ways banking institutions can better protect themselves and their customers. Neville draws on more than nine years of hi-tech marketing and product management experience to drive the strategic direction of both products and solutions for Entrust. Prior to joining Entrust, Neville was Director of Marketing at an innovative Web technology company, NetPCS Networks, where he was responsible for all market-facing activities, including direct, channel and corporate marketing. He also was responsible for the company's critical web presence and oversaw the launch of NetPCS' leading-edge online interact

Fearful of man-made, natural and pandemic disasters, organizations everywhere are adopting or improving business continuity/disaster recovery programs. And at Norwich University, there now is a Master's of Science in Business Continuity program for mid-career professionals to hone their skills in this in-demand area. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Master's of Science in Business Continuity, discussing: What's unique about this program; Requirements for students entering the program; How the MSBC will evolve to meet industry/government needs.

It's become a cliché: Information security professionals need to get closer to the business. Now it's also a Master's degree program in which instructors base their whole curriculum on helping security professionals get closer to - and rise higher in the ranks of - their companies and agencies. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Masters of Science in Information Assurance, discussing: What's unique about this program; Requirements for students entering the program; How the MSIA helps security professionals advance their careers.