Credit Union Information Security Podcast

Listen to Tom Field, editorial director of BankInfoSecurity.com and CUINfoSecurity.com, discuss our first annual State of Banking Information Security Survey in the Financial Services Industry. The survey will focus on topics such as: Information Security Priorities & Roles Strategies Risk Assessment, Incident Response ID Theft Vendor Management Customer/Member Services Business Continuity/Disaster Recovery Security Budget Education & Training BSA/AML > Take the survey now Survey results will be analyzed, annotated and presented in a variety of ways across BankInfoSecurity.com and CUInsoSecurity.com. Thanks in advance for your participation in this inaugural research study. We can't wait to share the results with you!

Mark Seward, CISSP and Director Product Marketing with Qualys, Inc., discusses GLBA compliance as it relates to vulnerability management at financial institutions. Insights include: • Key GLBA compliance issues facing financial institutions; • Examples of vulnerability management specific to GLBA; • Speed bumps institutions encounter en route to GLBA compliance; • Defining the vulnerability management lifecycle and how it is relevant to all businesses.

Information Security Media Group recently attended the BAI Retail Delivery Conference 2007 in Las Vegas. Our correspondents covered the expo floor from a vendor point of view, and we spoke with a number of vendors who had products or services specific to information security. In general, the vendors that had some sort of security offering seemed to be focused on anti-fraud, and BSA/AML compliance. For those not familiar, here is a description of the conference: BAI's purpose is sharply focused: helping you strike the right balance for your organization to reconcile short-term profit pressures with your long-term growth strategies. BAI Retail Delivery Conference & Expo is the place to be for fresh insights, innovative ideas, and smart solutions for succeeding in a no-growth environment. General sessions not only with Steve Forbes Jr., Dr. Alan Greenspan and Sir Bob Geldof, but Kerry Killinger, Chairman and CEO of Washington Mutual, and Lynn Pike, President of Capital One Bank. All dynamic leaders with asto

Michael Jackson, Associate Director of Technology Supervision of the FDIC, provides early data on the impact of the recent California wildfires, including: Number of banks and other FDIC-supervised institutions impacted; Specific guidance on what the FDIC expects in a business continuity plan; Preview of the FDIC's coming publication on pandemic preparedness.

Interview with William Henley, Director of IT Risk Management, Office of Thrift Supervsion (OTS) In this interview, Henley discusses the impact of the California wildfires and reports on the number of thrifts that activated their incident management and disaster recovery plans. Henley also discusses the critical elements of an effective disaster recovery plan and highlights the need to ensure that employees can work remotely in the immediate aftermath of a disaster. He also makes recommendations for responding to possible pandemics.

John Pironti discusses the fundamental steps that a financial organization must take to design an effective risk management program. He emphasizes the danger of focusing on the technology, instead of on the data flows in an organization. In this interview, you will learn strategies to minimize your risk from data leakage while building a robust risk management program. You also will learn: The importance of business process mapping Questions to ask 3rd party vendors to reduce your risk How to utilize IT governance practices to help minimize your risk

Betsy Broder offers practical advice for financial institutions on best practices to protect their customer information, and explains the federal government's efforts to address ID theft. She also addresses possible legislation that could affect a financial institution's data security and identity theft prevention programs. Listen to learn: (1) What the FTC expects from financial institutions re: data security; (2) How financial institutions can cooperate with the FTC; (3) Strategies for assisting your customers and keeping their loyalty when they are victims of Identity Theft.

Featuring Elan Winkler, Director of Messaging Product Marketing, Secure Computing Listen to this interview for insights on how to create a "culture of compliance", building the right systems, processes and skills to solidify your regulatory compliance program today - and for the future. Among the topics tackled: - What is "future-proofing", and how do you show its business value? - How does one get started "future-proofing" a compliance program? - What are the speedbumps one might hit along the way? - What are the early results to expect - and how do you grow them?

Steven Jones is the Director of Information Security for Synovus, a bank holding company with 39 banks in the Southeast United States. In this podcast interview Mr Jones discusses the comprehensive risk management process he had created that provides best in class residual risk reporting and metrics. He discusses alignment of risk management and incident response with business processes and shares advice to other Information Security Officers on building key capabilities. Effective metrics for risk management and security governance Two surprising key indicators of success

Rebecca Herold is a nationally-known author and consultant who won national awards for her successful risk management and information protection programs while directing the information security program for Principal Financial Group. She shares her experience building effective information protection programs and also highlights management responsibilities and liabilities if the program is not developed correctly. You will learn: (1) What regulatory penalties senior management might incur if data is lost or unsecured (2) How to rebuild or rejuvenate a risk management program (3) The five most common ways data leaks from organizations (4) Best practices for developing and securing employee buy-in for a successful enterprise level information protection program

Mark Bernard is the Security & Privacy Officer at Credit Union Central of British Columbia. In this podcast he talks about risk management and ISO 27001 Certification Mark Bernard has extensive experience in the IT security industry, both in the US and Canada. He is currently the Security and Privacy Officer for the Credit Union Central of B.C., and is leading the credit union to become the first financial institution to achieve ISO 27001 certification. Mark has a reputation for improving organizational security without increasing costs or adding layers of controls. During this podcast Mark discusses: -- How to manage a risk management program in a way that does not increase costs but adds to your organization's security -- What ISO 27001 certification entails and the benefits to your bank or credit union -- Why ISO 270001 certification can actually save you money -- The essential business skills that allow a security manager to excel

Bruce Sussman, Senior Manager at Crowe Chizek's Risk & Attest Group speaks on meeting the challenges of PCI compliance and stopping data leakage. Sussman draws upon his extensive experience as a VP of Audit, Fraud and Risk for one of the leading payment card networks and as a thought leader for the PCI compliance practice at Crowe Chizek. He shares his insights on managing to maintain PCI compliance and help stop data leakage in companies. You will learn: -- key factors to successful PCI DSS compliance -- to what extent PCI compliance will actually improve your security and data privacy -- best practices to prevent data leakages

Dan Manley, Senior Manager, KPMG LLP's Risk Advisory Services Information Protection practice on lowering your risks though improving your IT and security governance. Dan Manley has over 19 years of experience in IT security and currently is a senior manager with KPMG's risk advisory practice focusing on IT governance. In this podcast you will learn how improving your IT governance process can help you to reduce risks, as well as improve your IT performance. You will learn about: creating an effective and efficient IT governance structure the tangible benefits from improved IT governance managing the identity theft crisis

Ed Zeitler discusses the results of a recently announced survey of a recently conducted Global Information Security Workforce survey. It shows that over 85% of managers are hiring certified information security professionals. Mr Zeitler cautions against sending staff to certain types of training and discusses the areas that will be receiving increased attention in the next few years. He also discusses new tests and certifications beyond the CISSP that your security staff may need. · What role certification plays in today information security industry · Certifications for entry level IT security staff as well as senior professionals · Advanced certifications beyond the CISSP and their importance · Warnings about what training to avoid and what to look for in reputable information security training

Ken Newman discusses the challenges of getting employees to buy into training programs and some of the successful strategies he has used to deliver timely and effective training that focuses on protecting customer data. He also discusses the changes in the information security field and how this impacts an organizations’s training and education needs, from the board room to the newest hire. Managing the lack of time to deliver training Strategies when presenting to or training boards What your training program should focus on What skills IT security professionals lack How the field of IT security is changing and what implications this has for training needs

No matter what your industry - finance, government, education - Infosecurity delivers over 175 companies offering the very latest state-of-the-art technologies. Infosecurity NY. ISC East. Totally secure. Once again, Infosecurity NY was held alongside ISC East, the premier physical security event in the East. With more companies adopting physical security over IP networks, Infosecurity attendees now have the opportunity to learn more about the evolving convergence of traditional IT security. Infosecurity NY is the leading IT event for: IT Security Manager/Director C-Levels including CEO/COO/President - Owner/Principal/Partner Consultant System Architects and Developer System Administrators and Analysts

The Information Security Media Group podcast with Debbie Wheeler, CISO of Fifth Third Bank focuses on the role of effective risk management for IT security and data leakage prevention. Debbie Wheeler, CISO of Fifth Third Bank discusses recent challenges and changes in the banking community. She highlights provisioning and options for preventing data leakage. The discussion includes how the role of the CISO is to overcome organizational resistance, and she also provides career advice for women in information security. · Their strategy for addressing data loss and leakage · Cost of adopting bleeding edge technologies · Why they offered a "business of banking class" to their IT staff · Aligning your controls to your actual level of risk

In this Information Security Media Group podcast Mark Lobel of PriceWaterhouseCoopers speaks to our audience and updates on recent trends in info security and the importance of effective benchmarking. Mark Lobel is a nationally known expert in information security who leads the PriceWaterhouseCoopers annual survey of Information Security trends. This podcast summarizes his latest findings regarding changing threats, convergence of security functions, and why despite a decrease in certain attacks many organizations are unable to know what is happening on their networks. He also discusses the importance of benchmarking and the components of effective metrics and benchmarking programs. The importance of actionable information and use of Security Information Management systems Changes in information security convergence and its return to an IT focus What factors predict fewer breaches and lower downtime Why many firms admit they really don't know what is occurring on their networks

This is the latest Information Security Media Group podcast with William Henley, Office of Thrift Supervision: Guidance on effective security program management including outsourcing and incident response functions. William Henley, director of IT risk management for the Office of Thrift Supervision discusses the OTS’s guidance for thrifts and other financial institutions on security program management, governance, and management of outsourcing and vendors. Listen to this podcast to learn about the OTS’s expectations for incident response and customer notification and for an up to the minute perspective on IT risk management for thrifts and smaller financial institutions · Specific guidance on using the FFIEC IT Examination Handbook and OTS examination handbooks to develop effective programs · Expectations and best practice for managing third party relationships and outsourcing · Components of an effective incident response pr

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on: Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.