Credit Union Information Security Podcast

Leading Technology Vendor Discusses the Need for Vulnerability Assessments & Remediation Processes for Applications Whether Developed In-House or By a Third-Party Application security is a key focus of regulatory agencies - ensuring that financial institutions pay as much attention to third-party applications as they do to those they develop and manage in-house. In a recent survey conducted by Information Security Media Group, respondents say they are more confident in their own applications vs. those developed by third-party service providers ... yet, they really don't demonstrate vulnerability assessment or remediation processes to justify any level of confidence. In this exclusive interview, Roger Thornton, founder and CTO of Fortify Software, discusses the survey results and his own market perspective, discussing: How the survey results jibe with what he sees from customers; What's beneath the disconnect between confidence and processes? What are some of the proactive, cost-effective ways compa

Interview with Matt Bishop, Professor of Computer Science, UC-Davis Career opportunities abound for people interested in entering information security as an entry-level or mid-career position. In this exclusive interview, Matt Bishop, Professor of Computer Science at UC-Davis, discusses: His current projects, including vulnerability analysis and the insider threat; Opportunities for information security students; Advice for individuals looking to enter the field.

Interview With AML Expert Ross Delston Anti-money laundering has been one of the dominant stories in financial services this year, and the trend isn't likely to abate anytime soon. In this exclusive interview, attorney and AML expert Ross Delston discusses: The latest AML trends, including Trade-Based Money Laundering; How institutions are fighting back; Career opportunities for security professionals looking to pull the plug on money launderers.

Interview With Crime/Security Expert Dana Turner Resource allocation - the people, places and things - is one of the most overlooked aspects of Business Continuity planning. In this exclusive interview, crime and information security expert Dana Turner offers insights on: What resource allocation truly means for financial institutions; Unique challenges depending on size of institution and type of disaster; Main takeaways from a new webinar on just this topic.

Interview with Jennifer Bayuk, Former CISO at Bear Stearns & Co. Governance is a term increasingly used in financial institutions, as banking/security leaders try to introduce new processes and disciplines to their organizations. In this exclusive interview, Jennifer Bayuk, an information security specialist and former CISO at Bear Stearns & Co., discusses: What governance means to a security organization; Elements of good governance; Speedbumps en route to success; Potential short- and long-terms rewards of good governance.

To quote from his own biography, Eugene H. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including two Presidents of the United States. In this exclusive interview, Spafford discusses: The state of information security education today; The communication gap between businesses who need security professionals and schools that educate them; Trends in information security education.

Interview with Brent Rickles, SVP, First National Bank of Bosque County, on Securing Financial Data and Systems Through Application Whitelisting "Whitelisting" is a new twist on information security. Instead of trying to find a software solution that keeps all of the potential bad guys out of your systems, whitelisting allows you to establish a protection layer that grants access to only your finite list of good guys - individuals or applications. In this exclusive interview sponsored by Lumension Security, Brent Rickles, SVP of First National Bank of Bosque County, Texas, discusses: What led him to a whitelisting security solution; The quantifiable results he's seen since deploying the solution; Reaction he's received from bank examiners since taking this approach.

Interview with Cyber Crime Expert Eric Fiterman In the wake of the arrests of 11 hackers tied to the TJX data breach, security experts everywhere are warning of bigger, bolder threats to come. So, what should banking institutions have learned from TJX-style breaches, and what can they do now to protect their customers and critical financial/informational assets? In this interview, former FBI agent Eric Fiterman, founder of Methodvue, offers: Insights on the TJX and other breach investigations; How banking institutions can better protect their assets; The types of crimes institutions need to look out for in the months ahead.

Interview with William Henley, Director at the Office of Thrift Supervision The downturn in the U.S. economy has financial institutions challenged to "do more with less." While the focus continues to be on the mortgage crisis, William Henley, Director, IT Risk Management for the Office of Thrift Supervision, discusses the need for continued investment in: Information security; Regulatory compliance; Customer confidence.

Interview with Tom Field, Editorial Director at Information Security Media Group As Nov. 1 looms, Identity Theft Red Flags Rule compliance is an absolute must for financial institutions. Information Security Media Group recently surveyed 300 banking and credit union leaders to gauge their progress toward compliance. The results have proven intriguing, even surprising. In this interview, Information Security Media Group Editorial Director Tom Field provides: Overview of the findings; Analysis of what they mean; Insight into challenges banking institutions face before and after Nov. 1.

Interview with Nathan Johns of Crowe Chizek and Company Gramm-Leach-Bliley - it's at the heart of every financial institution's security program. In this exclusive interview, Nathan Johns, formerly of the FDIC, discusses current GLBA compliance trends, including: Where institutions are most challenged to meet compliance; Where they are seeing successes; Vendor management; How a risk-based approach helps to maximize scant resources.

Excerpt of a Q&A with William Henley of OTS and Jeff Kopchik of FDIC In conjunction with the recent Identity Theft Red Flags Rule Roundtable webinar, we conducted an interview session with William Henley of OTS and Jeff Kopchik of FDIC. Topics ranged from: What should institutions expect on Nov. 1? What have been the biggest compliance challenges? What should institutions pay most attention to re: Identity Theft Red Flags? This is an excerpt of that Q&A session. To hear the entire dialogue, please register for the Identity Theft Red Flags Rule webinar, which also features practitioners' perspectives on compliance, as well as our own new survey results on where banking institutions stand in their efforts to meet the Nov. 1 compliance deadline.

How to Put the "Business" back into Business Continuity Planning Planning for disaster - whether a simple service disruption or a pandemic event - is paramount to any financial institution. But where does the responsibility fall? Roger Batsel, SVP, Managing Director of Information Systems at Republic Bank, Louisville, KY., says it's time to separate duties: let IT handle system outages and put business continuity planning in the hands of the business folks. In this exclusive interview, Batsel discusses the positive impact this novel approach has had on his bank.

Interview with Evelyn Royer of Purdue Employees FCU Everyone knows the date: Nov. 1 - that's when U.S. financial institutions must be in compliance with the Identity Theft Red Flags Rule. With institutions now racing to meet or beat the deadline, Information Security Media Group is launching a new webinar, ID Theft Red Flags Roundtable - Tips from Regulators and Practitioners on How to Meet Nov. 1 Compliance. As a sneak preview of this webinar, we caught up with participant Evelyn Royer, VP Risk Management/Support Services, Purdue Employees FCU, to discuss: First steps toward Red Flags compliance; Biggest obstacles to overcome; How well institutions are/are not for the Red Flags deadline.

Interview with Investigator Kevin Sullivan At the heart of the Bank Secrecy Act (BSA) and the core of any good Anti-Money Laundering (AML) program is the Suspicious Activity Report (SAR), which all financial institutions - banks, credit unions, brokers, casinos, insurance companies, etc. - must file when confronting questionable transactions. In this exclusive interview, anti-money laundering investigator Kevin Sullivan discusses: Erroneous perceptions of SARs; Examples of effective SARs in successful investigations; Bad habits to avoid when preparing SARs. Also, be sure to check out Sullivan's upcoming webinar: Expert's Guide to Suspicious Activity Reports (SARS): Tips to Avoid Regulatory Pitfalls & Penalties

Interview with John Pironti of ISACA's Education Board Security leaders are quickly evolving in their roles to focus more on the business of banking, less on the technology of information security. This is the main message delivered by the results of ISACA's recent Information Security Career Progression Survey of 1400 Certified Information Security Managers (CISMs) in 83 countries. To learn more about the survey results and the trends they identify, listen to this interview with John Pironti, Chief Information Risk Manager with Getronics, and a member of ISACA's Education Board. Pironti touches on: The survey results; Trends impacting security professionals; What it all means specifically for security leaders at financial institutions.

Interview with Nalneesh Gaur, Chief Information Security Architect, Diamond Management & Technology Consultants Mergers and acquisitions are a way of life for financial institutions, and so many pertinent business issues bubble up whenever an M&A is discussed. But when does information security enter the discussion? Not early enough, says Nalneesh Gaur of Diamond Management & Technology Consultants. In this interview, Gaur discusses the importance of information security in an M&A, sharing his insight on: When information security should enter the M&A discussion; Who should lead that discussion; 7 key questions to ask re: information security in an M&A activity.

Information Security Media Group recently attended the Gartner IT Security Summit 2008 in Washington, D.C. where the theme of the conference was information security 5-10 years from now. We interviewed vendors on the floor of the expo hall and heard about solutions focusing on topics ranging from application security to GRC to automated compliance. Click on the following links to listen to our exclusive interviews with these vendors. Applied Identity Download MP3 | Streaming BigFix Download MP3 | Streaming BT Download MP3 | Streaming LogLogic Download MP3 | Streaming McAfee Download MP3 | Streaming NetIQ Download MP3 | Streaming PGP Download MP3 | Streaming Protegrity Download MP3 | Streaming Rapid7 Download MP3 | Streaming ScanSafe Download MP3 | Streaming Tricerion Download MP3 | Streaming Click here to download a ZIP file of all Interviews

Interview with David Jevans, Director, Anti-Phishing Working Group Phishing, vishing, whaling - there are a growing number of electronic social engineering threats to unsuspecting consumers and their identities. Financial institutions and their customers increasingly are targets of these attacks. But they're also fighting back. Listen to this interview to hear: What are the major phishing trends? What kinds of anti-phishing solutions are proving effective? How do institutions reach prospective victims and educate them about phishing?

Philip Alexander, Information Security Officer at a Major US Financial Institution Data leakage - it's one of subtle insider threats to information security at financial institutions. It's tough for leaders to know exactly where their critical data resides - never mind how it's being treated when it leaves the corporate environment in the hands of well-intentioned employees and vendors. Listen to this interview for insights from Phil Alexander, ISO at a major U.S. banking institution, on: The biggest data leakage challenges; How to determine where data resides; What happens when sensitive data leaves the corporate environment? Best practices in data disposal?