Credit Union Information Security Podcast

Betsy Broder offers practical advice for financial institutions on best practices to protect their customer information, and explains the federal government's efforts to address ID theft. She also addresses possible legislation that could affect a financial institution's data security and identity theft prevention programs. Listen to learn: (1) What the FTC expects from financial institutions re: data security; (2) How financial institutions can cooperate with the FTC; (3) Strategies for assisting your customers and keeping their loyalty when they are victims of Identity Theft.

Featuring Elan Winkler, Director of Messaging Product Marketing, Secure Computing Listen to this interview for insights on how to create a "culture of compliance", building the right systems, processes and skills to solidify your regulatory compliance program today - and for the future. Among the topics tackled: - What is "future-proofing", and how do you show its business value? - How does one get started "future-proofing" a compliance program? - What are the speedbumps one might hit along the way? - What are the early results to expect - and how do you grow them?

Steven Jones is the Director of Information Security for Synovus, a bank holding company with 39 banks in the Southeast United States. In this podcast interview Mr Jones discusses the comprehensive risk management process he had created that provides best in class residual risk reporting and metrics. He discusses alignment of risk management and incident response with business processes and shares advice to other Information Security Officers on building key capabilities. Effective metrics for risk management and security governance Two surprising key indicators of success

Rebecca Herold is a nationally-known author and consultant who won national awards for her successful risk management and information protection programs while directing the information security program for Principal Financial Group. She shares her experience building effective information protection programs and also highlights management responsibilities and liabilities if the program is not developed correctly. You will learn: (1) What regulatory penalties senior management might incur if data is lost or unsecured (2) How to rebuild or rejuvenate a risk management program (3) The five most common ways data leaks from organizations (4) Best practices for developing and securing employee buy-in for a successful enterprise level information protection program

Mark Bernard is the Security & Privacy Officer at Credit Union Central of British Columbia. In this podcast he talks about risk management and ISO 27001 Certification Mark Bernard has extensive experience in the IT security industry, both in the US and Canada. He is currently the Security and Privacy Officer for the Credit Union Central of B.C., and is leading the credit union to become the first financial institution to achieve ISO 27001 certification. Mark has a reputation for improving organizational security without increasing costs or adding layers of controls. During this podcast Mark discusses: -- How to manage a risk management program in a way that does not increase costs but adds to your organization's security -- What ISO 27001 certification entails and the benefits to your bank or credit union -- Why ISO 270001 certification can actually save you money -- The essential business skills that allow a security manager to excel

Bruce Sussman, Senior Manager at Crowe Chizek's Risk & Attest Group speaks on meeting the challenges of PCI compliance and stopping data leakage. Sussman draws upon his extensive experience as a VP of Audit, Fraud and Risk for one of the leading payment card networks and as a thought leader for the PCI compliance practice at Crowe Chizek. He shares his insights on managing to maintain PCI compliance and help stop data leakage in companies. You will learn: -- key factors to successful PCI DSS compliance -- to what extent PCI compliance will actually improve your security and data privacy -- best practices to prevent data leakages

Dan Manley, Senior Manager, KPMG LLP's Risk Advisory Services Information Protection practice on lowering your risks though improving your IT and security governance. Dan Manley has over 19 years of experience in IT security and currently is a senior manager with KPMG's risk advisory practice focusing on IT governance. In this podcast you will learn how improving your IT governance process can help you to reduce risks, as well as improve your IT performance. You will learn about: creating an effective and efficient IT governance structure the tangible benefits from improved IT governance managing the identity theft crisis

Ed Zeitler discusses the results of a recently announced survey of a recently conducted Global Information Security Workforce survey. It shows that over 85% of managers are hiring certified information security professionals. Mr Zeitler cautions against sending staff to certain types of training and discusses the areas that will be receiving increased attention in the next few years. He also discusses new tests and certifications beyond the CISSP that your security staff may need. · What role certification plays in today information security industry · Certifications for entry level IT security staff as well as senior professionals · Advanced certifications beyond the CISSP and their importance · Warnings about what training to avoid and what to look for in reputable information security training

Ken Newman discusses the challenges of getting employees to buy into training programs and some of the successful strategies he has used to deliver timely and effective training that focuses on protecting customer data. He also discusses the changes in the information security field and how this impacts an organizations’s training and education needs, from the board room to the newest hire. Managing the lack of time to deliver training Strategies when presenting to or training boards What your training program should focus on What skills IT security professionals lack How the field of IT security is changing and what implications this has for training needs

No matter what your industry - finance, government, education - Infosecurity delivers over 175 companies offering the very latest state-of-the-art technologies. Infosecurity NY. ISC East. Totally secure. Once again, Infosecurity NY was held alongside ISC East, the premier physical security event in the East. With more companies adopting physical security over IP networks, Infosecurity attendees now have the opportunity to learn more about the evolving convergence of traditional IT security. Infosecurity NY is the leading IT event for: IT Security Manager/Director C-Levels including CEO/COO/President - Owner/Principal/Partner Consultant System Architects and Developer System Administrators and Analysts

The Information Security Media Group podcast with Debbie Wheeler, CISO of Fifth Third Bank focuses on the role of effective risk management for IT security and data leakage prevention. Debbie Wheeler, CISO of Fifth Third Bank discusses recent challenges and changes in the banking community. She highlights provisioning and options for preventing data leakage. The discussion includes how the role of the CISO is to overcome organizational resistance, and she also provides career advice for women in information security. · Their strategy for addressing data loss and leakage · Cost of adopting bleeding edge technologies · Why they offered a "business of banking class" to their IT staff · Aligning your controls to your actual level of risk

In this Information Security Media Group podcast Mark Lobel of PriceWaterhouseCoopers speaks to our audience and updates on recent trends in info security and the importance of effective benchmarking. Mark Lobel is a nationally known expert in information security who leads the PriceWaterhouseCoopers annual survey of Information Security trends. This podcast summarizes his latest findings regarding changing threats, convergence of security functions, and why despite a decrease in certain attacks many organizations are unable to know what is happening on their networks. He also discusses the importance of benchmarking and the components of effective metrics and benchmarking programs. The importance of actionable information and use of Security Information Management systems Changes in information security convergence and its return to an IT focus What factors predict fewer breaches and lower downtime Why many firms admit they really don't know what is occurring on their networks

This is the latest Information Security Media Group podcast with William Henley, Office of Thrift Supervision: Guidance on effective security program management including outsourcing and incident response functions. William Henley, director of IT risk management for the Office of Thrift Supervision discusses the OTS’s guidance for thrifts and other financial institutions on security program management, governance, and management of outsourcing and vendors. Listen to this podcast to learn about the OTS’s expectations for incident response and customer notification and for an up to the minute perspective on IT risk management for thrifts and smaller financial institutions · Specific guidance on using the FFIEC IT Examination Handbook and OTS examination handbooks to develop effective programs · Expectations and best practice for managing third party relationships and outsourcing · Components of an effective incident response pr

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on: Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.

Analysts at Gartner and IDC identify “super user” access as the root of three of the top eight common sources of compliance risks. But what can you do about it? Listen to this podcast addressing the following questions: What is the super user? What security risks do super user accounts create? What steps can organizations take to limit super user account threats? This podcast takes a closer look at super user accounts and discusses what can be done to protect against it.

Here’s a podcast from Information Security Media Group on a hot security topic: Web Applications. Listen as information security expert James Kist answers questions regarding how important web app security is for a financial institution. James Kist, CISSP, CCSI, CCSE, CCSA, is a senior Information Security Engineer with Icons, Inc. With more than 13 years experience in Information Technology, Kist has expertise in information security, application development, security system design and implementation, training, development and delivery of information security courseware. In the interview Kist talks about things that financial institutions don’t normally think of as being a risk to security and how penetration testing and the choice of right monitoring tools helps measure security.He also covers regulatory issues surrounding Gramm-Leach Bliley, the Payment Card Industry Data Security Standards and Sarbanes Oxley from an institution’s perspective. He

Join Information Security Media Group’s Richard Swart in a podcast with Ben Chisolm, the former Chief Information Security Officer of the United States Treasury. Listen as Chisolm shares his insight and experiences of more than 16 years in federal government where he coordinated information security projects on a national scale for a number of agencies, including the IRS and the Commerce department. In this podcast he shares how Treasury interacts with other financial institutions from an information security perspective, and what rules the Treasury has to enforce and follow at the same time. He shares the challenges he faced trying to be an “enabler” rather than an impediment to business, along with some of his best practices (more people, less technology), advice to new entrants in the field of information security and much more!

Information Security Media Group was one of the sponsors of this year's Black Hat 2007 briefing held in Las Vegas on August 1st and 2nd. Black Hat is recognized as the premier event at which to release information on newly discovered security vulnerabilities in the hacking community. Forty vendors from across the United States and Europe sent representatives to demonstrate their latest product offerings, and answer the often difficult questions of how their products meet the evolving threat picture. The interviews were taken on the floor of the show by our staff. Our staff noticed a broad range of offerings, including a significant increase in vendors offering web application firewalls and web application vulnerability scanners. We had the opportunity to sit down with a number of vendors to get their take on the issues facing the banking and finance industry and to ask them about evolving threats and compliance solutions. The interviews were conducted with the firms' lead developers, chief scientists, or

Listen to National Credit Union Administration board member Gigi Hyland as she shares with the Information Security Media Group audience what’s important to the NCUA in regard to information security at credit unions. Hyland, a NCUA board member since 2005, explains why written information security policies are needed and shares her view of annual review of risk assessments at credit unions as well as her ideas on access controls and need for encryption. Hyland, who prior to her NCUA board appointment spent 14 years in the credit union community, details why employees, front end to back end, need information security training; how a holistic view of information security at a credit union will help; and what it takes to manage third party services and why a due diligence review is stressed. Hyland expresses NCUA’s view on external threats and how to best fight them, including phishing and other online scams. She also speaks to the importance of credit union board members

The Information Security Media Group offers a podcast with Rob Pate, Deputy Director of Outreach and Awareness of the National Cyber Security Division of the Department of Homeland Security. Pate explains the role of the NCSD and how it is related to the US Center for Emergency Response Team (US CERT) and its 24X 7 watch and warning center. He also talks to how NCSD helps the financial service industry and DHS's responsibilities in protecting US cyberspace. Pate also speaks to the real consequences of cyber attacks and why education is important. Listen as he describes the cyberterrorists of today as having Ph.D.-level skill sets, compared to the script kiddies of years past. He continues with his lessons learned about incident response, what are the key parts of an incident response plans and the need for sustainability of any institution's incident response plan. Pate has worked tirelessly behind the scenes to help federal agencies wage war against cyberthreats. He led efforts to develop metrics that allo