Credit Union Information Security Podcast

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on: Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.

Analysts at Gartner and IDC identify “super user” access as the root of three of the top eight common sources of compliance risks. But what can you do about it? Listen to this podcast addressing the following questions: What is the super user? What security risks do super user accounts create? What steps can organizations take to limit super user account threats? This podcast takes a closer look at super user accounts and discusses what can be done to protect against it.

Here’s a podcast from Information Security Media Group on a hot security topic: Web Applications. Listen as information security expert James Kist answers questions regarding how important web app security is for a financial institution. James Kist, CISSP, CCSI, CCSE, CCSA, is a senior Information Security Engineer with Icons, Inc. With more than 13 years experience in Information Technology, Kist has expertise in information security, application development, security system design and implementation, training, development and delivery of information security courseware. In the interview Kist talks about things that financial institutions don’t normally think of as being a risk to security and how penetration testing and the choice of right monitoring tools helps measure security.He also covers regulatory issues surrounding Gramm-Leach Bliley, the Payment Card Industry Data Security Standards and Sarbanes Oxley from an institution’s perspective. He

Join Information Security Media Group’s Richard Swart in a podcast with Ben Chisolm, the former Chief Information Security Officer of the United States Treasury. Listen as Chisolm shares his insight and experiences of more than 16 years in federal government where he coordinated information security projects on a national scale for a number of agencies, including the IRS and the Commerce department. In this podcast he shares how Treasury interacts with other financial institutions from an information security perspective, and what rules the Treasury has to enforce and follow at the same time. He shares the challenges he faced trying to be an “enabler” rather than an impediment to business, along with some of his best practices (more people, less technology), advice to new entrants in the field of information security and much more!

Information Security Media Group was one of the sponsors of this year's Black Hat 2007 briefing held in Las Vegas on August 1st and 2nd. Black Hat is recognized as the premier event at which to release information on newly discovered security vulnerabilities in the hacking community. Forty vendors from across the United States and Europe sent representatives to demonstrate their latest product offerings, and answer the often difficult questions of how their products meet the evolving threat picture. The interviews were taken on the floor of the show by our staff. Our staff noticed a broad range of offerings, including a significant increase in vendors offering web application firewalls and web application vulnerability scanners. We had the opportunity to sit down with a number of vendors to get their take on the issues facing the banking and finance industry and to ask them about evolving threats and compliance solutions. The interviews were conducted with the firms' lead developers, chief scientists, or

Listen to National Credit Union Administration board member Gigi Hyland as she shares with the Information Security Media Group audience what’s important to the NCUA in regard to information security at credit unions. Hyland, a NCUA board member since 2005, explains why written information security policies are needed and shares her view of annual review of risk assessments at credit unions as well as her ideas on access controls and need for encryption. Hyland, who prior to her NCUA board appointment spent 14 years in the credit union community, details why employees, front end to back end, need information security training; how a holistic view of information security at a credit union will help; and what it takes to manage third party services and why a due diligence review is stressed. Hyland expresses NCUA’s view on external threats and how to best fight them, including phishing and other online scams. She also speaks to the importance of credit union board members

The Information Security Media Group offers a podcast with Rob Pate, Deputy Director of Outreach and Awareness of the National Cyber Security Division of the Department of Homeland Security. Pate explains the role of the NCSD and how it is related to the US Center for Emergency Response Team (US CERT) and its 24X 7 watch and warning center. He also talks to how NCSD helps the financial service industry and DHS's responsibilities in protecting US cyberspace. Pate also speaks to the real consequences of cyber attacks and why education is important. Listen as he describes the cyberterrorists of today as having Ph.D.-level skill sets, compared to the script kiddies of years past. He continues with his lessons learned about incident response, what are the key parts of an incident response plans and the need for sustainability of any institution's incident response plan. Pate has worked tirelessly behind the scenes to help federal agencies wage war against cyberthreats. He led efforts to develop metrics that allo

Listen to this podcast by the Information Security Media Group as David Nelson, FDIC Examination Specialist shares his research and insight on current trends in cyber fraud and financial crimes and the their impact on the financial industry. Nelson discusses his observations on other data from FDIC and other government sources that he analyzes to determine trends, frequency, and impact of fraudulent activity at financial institutions. He also shares his ideas on what skills and experience is needed by information security professionals. Nelson works in the FDIC’s Cyber Fraud and Financial Crimes Section. He has a total of 21 Years with FDIC, and served 13 Years as Safety and Soundness Examiner, three years as a Compliance Examiner, two years as an IT Examiner, and three years as an Examination Specialist in Washington Headquarters in the Technology Supervision and AML/Terrorist Financing Branches. Nelson is a graduate of Temple University and ABA Stonier Graduate School of Banking at Geor

Listen in to this Information Security Media Group podcast as Dr. Eugene Spafford, Executive Director of Purdue University’s University Center for Education and Research in Information Assurance and Security (CERIAS) shares his views on gaps in cybersecurity education; why lack of attention to security issues may hurt all of us later; why we avoid the pain of fixing the hard problems, especially in information security. Dr. Spafford covers why the lack of good security metrics have hindered the decision makers; why we have to do a better job on law enforcement in order to fight the flood of fraud; and the need for more attention to privacy protection mechanisms. Dr. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, inc

Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be require

The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification

Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances betwee

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "re

US retailer TJ Maxx revealed that more than 45 million credit cards were stolen from company servers, with data theft going as far back as 2003. In April, the Massaccusetts Banking Association (MBA), Connecticut Bankers Association (CBA), and the Maine Association of Community Banks (MACB) retaliated with a class-action lawsuit seeking to recover damages for card reissuance and reputation costs associated with the massive data breach. In this latest podcast from CUInfosecurity.com, you'll hear Joe Christensen, Vice President of Security and Compliance at PayByTouch Payment Solutions, reveal an insider's look at: - The payment card relationship between banks, merchants and credit associations. - What every bank should do in the event of a TJX-type breach. - The future outlook for merchants in light of TJX. > View more information about the webinar “Preventing TJX-type Data Breaches".

In this podcast you’ll hear what’s driving regulatory compliance at financial institutions from Susan Orr, a seasoned bank examiner. Hear Susan lays out a roadmap on approaching information security, and why it’s important to look beyond one regulation or compliance guidance issue and see the bigger picture. During this podcast Susan also outlines what will be covered in the scheduled webinar, “Key Information Security Regulations Driving Compliance at Financial Institutions”. > View more information about the webinar “Key Information Security Regulations Driving Compliance at Financial Institutions".

In this latest podcast from CUInfosecurity.com, you'll hear Richard Swart, Information Systems professor at Utah State University reveal the skill gap between what the Information Security industry demands, and the current state of most college curricula. His research into this topic takes on the following: - What is being taught in colleges today about information security, and how it fails to meet industry standards. - The growing need for convergence between information security and business management. - What are the highlights of an effective college program to prepare a student for the information security industry. - What the aspiring student needs to know to break into the information security industry.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Tom Walsh, CISSP, and a business continuity expert give his insights on the following: - Have the lessons learned from 9-11 been retained? - Why FFIEC has a strong emphasis on testing a Business Continuity Plan - Common mistakes and assumptions made by organizations about BCP - Difference between a regular disaster and a pandemic for a financial institution - What scenarios and timetables institutions should plan for to handle a pandemic > Click here to register for the Business Continuity Best Practices webinar.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Rhonda MaClean, former CISO of Bank of America's take on the following: · The TJX data breach - these kinds of problems are not going away · What's important about getting back to basics of information security · Customers' trust in the financial institutions and online banking · Handling the expectations between regulatory bodies and financial institutions · What hasn't reared its full and ugly head yet - botnets. Rhonda has more than 25 years of IT industry experience, and travels the globe consulting for Fortune-ranked business enterprises, governments, industry associations and risk management solution companies. Rhonda serves as an Adjunct Distinguished Senior Fellow with Carnegie Mellon University's CyLab, helping CyLab to continue to pursue an aggressive research and development agenda that integrates technology, policy and management by bringing together security pr

Banks and credit unions need to do a better job to protect their customers from phishing, and strong authentication is only one part of the equation, says Aaron Emigh during a CUInfoSecurity.com podcast. Aaron Emigh is a well known expert in information security. He’s the author of the U.S Secret service SF Electronic Crimes Task Force report on anti-phishing technology, as well as the report on online identity theft countermeasures from the US department of homeland security. He’s been involved as a consultant in anti-spam and anti-phishing technologies for several years, and has presented email security research at numerous conferences and research forums. Most recently, he contributed several chapters to “Phishing and Countermeasures.” (Wiley Publishing). While phishing is still hitting financial institutions and their customers, Emigh says that the net is going wider and phishers are becoming more sophisticated and audacious in their

Information Security Media Group interviews Wyatt Starnes, a pioneer in computer network intrusion detection. Wyatt Starnes is the founder of TripWire, a tool for host-based intrusion detection. The interview includes his views on information security in the financial services industry, the trusted computing movement, emerging cyber threats and the way institutions should protect their expanding perimeters and his work on the advanced technologies for NIST. Starnes’ nearly 30 years in high technology with eight different startups has honed his view of information security. Currently he’s the Chairman and Chief Executive Officer of SignaCert, and is focusing on commercial work in the trusted computing area. He’s also the cofounder of RAINS (Regional Alliances for Infrastructure and Network Security), a nonprofit public/private alliance formed to accelerate development, deployment and adoption of innovative technology for homeland security. Prior to