Credit Union Information Security Podcast

It was the scandal that rocked the banking world. French Bank Societe Generale recently revealed details of a disaster created by a rogue insider who cost the institution $7.2 billion in fraudulent trades. It was the biggest such scandal in history. We recently spoke with Linda Najim and Jason Gaswirth of Diamond Management & Technology Consultants, authors of a new report, "Notes on a Scandal: Lessons in Operational Risk Management from Societe Generale." Listen to this interview for insights on: How Soc Gen happened; Why it can happen again; How the fraud could have been prevented; Actions institutions can take to prevent such crimes in the future.

It's never easy arising from security or technology to become a business leader in a financial institution. In this exclusive interview, Paul Perini - who came to security from the business side - offers practical insight on: The qualities an information security leader needs to possess in order to be a successful business leader; How to avoid getting sucked into the IT weeds; The skills one needs to develop in a business-focused security organization; How to groom an IT or security team to be more strategic.

The insider threat is at the forefront of financial institution concerns these days, and a huge part of mitigating that threat is improving identity and access management. Listen to this interview to hear Subhash Tantry, CEO of Fox Technologies, on: Five principles of an effective access control management program; How these principles also help with IT audits and regulatory compliance; Future trends in identity and access management.

Banking/Security Expert Shares Insights on Red Flags, Vendor Management, Other Key Challenges Facing Institutions He was the world's first Chief Information Security Officer at Citigroup in 1995, and for over 25 years he has been a true banking/security leader. Stephen Katz, founder and President of Security Risk Solutions, an information security company providing consulting and advisory services, sat down with Editor Tom Field to discuss the major issues facing banking institutions in 2008. Listen to this interview to hear his insights on: ID Theft Red Flags - are institutions giving it enough attention? Vendor Management - the need to improve oversight of vendors and their vendors; Governance - what works, what still needs work; Pandemic preparation; Many other top issues.

Debit card fraud is one of the most prevalent security threats against banking institutions and customers alike. In this interview, Daniel McIntyre, information security and business recovery analyst with Superior Bank of Birmingham, AL., shares his insight on: The magnitude of the debit card threat; Strategies for fighting fraud; Effective ways to educate consumers.

Institutions of all sizes struggle with staffing resources - having enough hands available to tend to information security matters. At America First Credit Union in Riverdale, Utah, Lane Gittins, the Systems Security Manager, has learned to overcome this challenge by working in a consultative style - directing a cross-functional team whose members come from across the institution and don't all report to him. Listen to this interview for insights on: How to establish a virtual team; Creating a culture of security awareness; Successes to target and challenges to avoid; Tips to lead a virtual team in your institution.

Interview with Fraud Expert Mike Mulholand Check fraud has long been a concern for banks, and in today's age of electronic banking one of the greatest threats is Automated Clearing House (ACH) fraud - batch-processed transactions between banks. In this interview, fraud expert Mike Mulholand, Director of Fraud Solutions Strategy at Memento, Inc., offers insights on: The types of ACH fraud being perpetrated today; How institutions are fighting back; What works and what still needs work in the battle against ACH fraud.

Based on this exclusive survey of security leaders at U.S. financial institutions, this report reveals surprising insights on the latest trends, threats and priorities, including: Vendor Management - Too much trust, too little testing; Security Awareness - Employees and customers are being short-changed; Incident Response - Plans not documented, communicated or updated sufficiently; Customer Confidence - Institutions' perception vs. stark reality. Download to hear the results of our analysis of our first annual State of Banking Information Security Survey.

Introduction from Tom Field, Editorial Director The survey results are in, and we're pleased to share them with you now, so you can see what's on the top of the agenda for U.S. financial institution security leaders in 2008. Listen to this introduction from Tom Field, Editorial Director of Information Security Media Group, as he details: The origins of the State of Banking Information Security 2008 survey; Top-line of our findings; Next steps for how these results will be analyzed and showcased.

Interview with Les Rosen, Expert in Employment Screening Background checks are increasingly conducted by financial institutions for all levels of employees. What are some of the tips to use and traps to avoid when screening job candidates? Editorial Director Tom Field recently spoke with Les Rosen, President and CEO of Employment Screening Resources, a specialist in background checks, to get his insights on: Trends in background screenings at financial institutions Common pitfalls Key considerations re: outsourcing your screenings Where to start when initiating background checks

Interview With Jerry Murphy, SVP, the Robert Frances Group In the wake of record-setting bank fraud at Societe Generale, the risk of the Insider Threat is again on the front burner at financial institutions. In this exclusive interview, Jerry Murphy of the Robert Frances Group offers insight on: The most common forms of Insider Threat at institutions today; How institutions are fighting these threats; The areas where security leaders continue to fall short in their efforts.

Rebecca Herold, privacy expert Many different types of privacy breaches continue to plague organizations and their third-party service providers. Hear Rebecca Herold discuss: Data breach response plans – where are the holes? Notification plans (or lack thereof) How to involve and ensure the security of trusted vendors.

Betsy Broder, Assistant Director in the Federal Trade Commission's Division of Privacy and Identity Protection, discusses Identity Theft from a consumer's perspective, including: The biggest areas of concern for consumers re: ID Theft The state of consumer awareness Fundamental best-practices to fight ID theft The top ID theft issues in 2008.

Matthew Speare, Senior Vice President of Information Technology, M & T Bank Corporation, discusses the practical application of computer forensics in banking institutions, including: How forensics has made a difference at his institution How to establish your own forensics program Advice for banking executives just starting to consider forensics. View more info about Matt's Forensics & E-Discovery webinar.

Greg Kyrytschenko, Information Security Manager, People's United Bank, CT., discusses identity and access management, including: • How he tackled his own institution’s identity management project • The value of automating user lifecycle management • The ROI of identity and access management projects

Philip Alexander, Information Security Officer at a Major US Financial Institution Philip Alexander hasn’t just studied data breach disclosure laws and their subtle differences state-by-state – he’s written the book on the topic (Data Breach Disclosure Laws – a State by State Perspective, Aspatore Books, 2007). In this interview, Alexander discusses: What’s most misunderstood about data breach disclosure laws Trends he sees Advice for banking/security executives just starting to consider issue. And he previews his upcoming presentation in an Information Security Media Group webinar dedicated to this topic. > More information/register for the webinar

Bill Boni, Corporate Information Security Officer and Vice President, Motorola Corporation Bill Boni shares lessons he has learned in his 30 year career in IT security and discusses how organizations should manage their IT security function in order to respond to emerging threats. He reviews: • How globalization is affecting hacking and the nature of attacks; • How to develop an effective incident response capability; • Factors to consider when deciding whether to add cyber-forensics capability to your organization; • Critical success factors for governance and management of information technology; • Why executive management needs to move beyond a risk management mindset.

Ken Baylor, Information Security Consultant and former Chief Information Security and Privacy Officer, Symantec Dr. Ken Baylor is a senior Information Security adviser to Fortune 500 companies. He is the current president of the Silicon Valley chapter of ISACA. Dr. Baylor recently served as Symantec's Chief Information Security Officer (CISO), is a CISSP, and a CISM. As CISO, he was responsible for developing all information systems security policies, overseeing the implementation of all security related policies and procedures, and for the global protection of electronic and digital assets. He also worked closely with internal product groups on security capabilities in Symantec products, and heads the Information Security department. Baylor shares his extensive experience as he discusses the development of effective privacy and compliance programs. Listeners will learn: ¢ Steps to develop effective compliance programs; ¢ Why 90% of privacy breaches happen inside your firewall; ¢ Impact

Listen to Tom Field, editorial director of BankInfoSecurity.com and CUINfoSecurity.com, discuss our first annual State of Banking Information Security Survey in the Financial Services Industry. The survey will focus on topics such as: Information Security Priorities & Roles Strategies Risk Assessment, Incident Response ID Theft Vendor Management Customer/Member Services Business Continuity/Disaster Recovery Security Budget Education & Training BSA/AML > Take the survey now Survey results will be analyzed, annotated and presented in a variety of ways across BankInfoSecurity.com and CUInsoSecurity.com. Thanks in advance for your participation in this inaugural research study. We can't wait to share the results with you!

Mark Seward, CISSP and Director Product Marketing with Qualys, Inc., discusses GLBA compliance as it relates to vulnerability management at financial institutions. Insights include: • Key GLBA compliance issues facing financial institutions; • Examples of vulnerability management specific to GLBA; • Speed bumps institutions encounter en route to GLBA compliance; • Defining the vulnerability management lifecycle and how it is relevant to all businesses.