Credit Union Information Security Podcast

Listen to this podcast by the Information Security Media Group as David Nelson, FDIC Examination Specialist shares his research and insight on current trends in cyber fraud and financial crimes and the their impact on the financial industry. Nelson discusses his observations on other data from FDIC and other government sources that he analyzes to determine trends, frequency, and impact of fraudulent activity at financial institutions. He also shares his ideas on what skills and experience is needed by information security professionals. Nelson works in the FDIC’s Cyber Fraud and Financial Crimes Section. He has a total of 21 Years with FDIC, and served 13 Years as Safety and Soundness Examiner, three years as a Compliance Examiner, two years as an IT Examiner, and three years as an Examination Specialist in Washington Headquarters in the Technology Supervision and AML/Terrorist Financing Branches. Nelson is a graduate of Temple University and ABA Stonier Graduate School of Banking at Geor

Listen in to this Information Security Media Group podcast as Dr. Eugene Spafford, Executive Director of Purdue University’s University Center for Education and Research in Information Assurance and Security (CERIAS) shares his views on gaps in cybersecurity education; why lack of attention to security issues may hurt all of us later; why we avoid the pain of fixing the hard problems, especially in information security. Dr. Spafford covers why the lack of good security metrics have hindered the decision makers; why we have to do a better job on law enforcement in order to fight the flood of fraud; and the need for more attention to privacy protection mechanisms. Dr. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, inc

Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be require

The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification

Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances betwee

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "re

US retailer TJ Maxx revealed that more than 45 million credit cards were stolen from company servers, with data theft going as far back as 2003. In April, the Massaccusetts Banking Association (MBA), Connecticut Bankers Association (CBA), and the Maine Association of Community Banks (MACB) retaliated with a class-action lawsuit seeking to recover damages for card reissuance and reputation costs associated with the massive data breach. In this latest podcast from CUInfosecurity.com, you'll hear Joe Christensen, Vice President of Security and Compliance at PayByTouch Payment Solutions, reveal an insider's look at: - The payment card relationship between banks, merchants and credit associations. - What every bank should do in the event of a TJX-type breach. - The future outlook for merchants in light of TJX. > View more information about the webinar “Preventing TJX-type Data Breaches".

In this podcast you’ll hear what’s driving regulatory compliance at financial institutions from Susan Orr, a seasoned bank examiner. Hear Susan lays out a roadmap on approaching information security, and why it’s important to look beyond one regulation or compliance guidance issue and see the bigger picture. During this podcast Susan also outlines what will be covered in the scheduled webinar, “Key Information Security Regulations Driving Compliance at Financial Institutions”. > View more information about the webinar “Key Information Security Regulations Driving Compliance at Financial Institutions".

In this latest podcast from CUInfosecurity.com, you'll hear Richard Swart, Information Systems professor at Utah State University reveal the skill gap between what the Information Security industry demands, and the current state of most college curricula. His research into this topic takes on the following: - What is being taught in colleges today about information security, and how it fails to meet industry standards. - The growing need for convergence between information security and business management. - What are the highlights of an effective college program to prepare a student for the information security industry. - What the aspiring student needs to know to break into the information security industry.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Tom Walsh, CISSP, and a business continuity expert give his insights on the following: - Have the lessons learned from 9-11 been retained? - Why FFIEC has a strong emphasis on testing a Business Continuity Plan - Common mistakes and assumptions made by organizations about BCP - Difference between a regular disaster and a pandemic for a financial institution - What scenarios and timetables institutions should plan for to handle a pandemic > Click here to register for the Business Continuity Best Practices webinar.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Rhonda MaClean, former CISO of Bank of America's take on the following: · The TJX data breach - these kinds of problems are not going away · What's important about getting back to basics of information security · Customers' trust in the financial institutions and online banking · Handling the expectations between regulatory bodies and financial institutions · What hasn't reared its full and ugly head yet - botnets. Rhonda has more than 25 years of IT industry experience, and travels the globe consulting for Fortune-ranked business enterprises, governments, industry associations and risk management solution companies. Rhonda serves as an Adjunct Distinguished Senior Fellow with Carnegie Mellon University's CyLab, helping CyLab to continue to pursue an aggressive research and development agenda that integrates technology, policy and management by bringing together security pr

Banks and credit unions need to do a better job to protect their customers from phishing, and strong authentication is only one part of the equation, says Aaron Emigh during a CUInfoSecurity.com podcast. Aaron Emigh is a well known expert in information security. He’s the author of the U.S Secret service SF Electronic Crimes Task Force report on anti-phishing technology, as well as the report on online identity theft countermeasures from the US department of homeland security. He’s been involved as a consultant in anti-spam and anti-phishing technologies for several years, and has presented email security research at numerous conferences and research forums. Most recently, he contributed several chapters to “Phishing and Countermeasures.” (Wiley Publishing). While phishing is still hitting financial institutions and their customers, Emigh says that the net is going wider and phishers are becoming more sophisticated and audacious in their

Information Security Media Group interviews Wyatt Starnes, a pioneer in computer network intrusion detection. Wyatt Starnes is the founder of TripWire, a tool for host-based intrusion detection. The interview includes his views on information security in the financial services industry, the trusted computing movement, emerging cyber threats and the way institutions should protect their expanding perimeters and his work on the advanced technologies for NIST. Starnes’ nearly 30 years in high technology with eight different startups has honed his view of information security. Currently he’s the Chairman and Chief Executive Officer of SignaCert, and is focusing on commercial work in the trusted computing area. He’s also the cofounder of RAINS (Regional Alliances for Infrastructure and Network Security), a nonprofit public/private alliance formed to accelerate development, deployment and adoption of innovative technology for homeland security. Prior to

In this podcast especially for the credit union community, CUInfoSecurity.com interviews Kevin Davies, vice president of professional development of the Credit Union Executives Society (CUES). CUES is a Madison, WI-based, independent, not-for-profit membership association for credit union executives. It aims to advance the professional development of credit union CEOs, senior management and directors. During Davies’ interview he talks about the new partnership between CUInfoSecurity.com and CUES. Davies also speaks to some of the issues that are getting attention from credit unions including disaster recovery preparation, the move to implement multifactor authentication on voice transaction systems, and the threat that credit card and debit card fraud pose for credit unions.

Catherine Allen is CEO of BITS, a financial service industry consortium made up of 100 of the largest financial institutions in the US. She is a noted innovator and visionary in the financial services industry. Named as one of 16 unsung heroes and rising stars by Fast Company Magazine, she led BITS from a fledgling organization in 1996 to its current status as key industry forum for cutting edge issues in financial services. She is frequently consulted as an expert on the subjects of security, e-commerce, and payments. She sits on the Boards of the Financial Services Technology Consortium, the Financial Services Sector of Coordinating Council, MIST, and Hudson Ventures, and serves on taskforces as well as a number of industry groups. In this interview Allen discusses with CUInfoSecurity.com the state of information security in the financial services industry, fighting cyber crime, threats on the horizon for financial institutions, and the initiatives BITS is working on to provide help for mid and smalle

Information Security Media Group recently attended the RSA Conference 2007, the premier information security conference representing more than 200 comprehensive educational sessions and close to 400 of the top vendors in the infosec industry. The following audio is a selection of recordings taken on the expo floor where industry-leading vendors of all shapes and sizes presented their products and services to attendees. We encountered all kinds of vendor solutions ranging from multi-factor authentication to database encryption and security to automated regulatory compliance. We hope you find their take on specifically the banking and finance industry as intriguing as we did. Vendor interviews and recordings are presented in alphabetical order and please note that we are not endorsing any particular vendor or product, we are just reporting on their take on the finance industry.

Information Security Media Group recently attended the RSA Conference 2007, the premier information security conference representing more than 200 comprehensive educational sessions and close to 400 of the top vendors in the infosec industry. The following audio is a selection of recordings taken on the expo floor where industry-leading vendors of all shapes and sizes presented their products and services to attendees. We encountered all kinds of vendor solutions ranging from multi-factor authentication to database encryption and security to automated regulatory compliance. We hope you find their take on specifically the banking and finance industry as intriguing as we did. Vendor interviews and recordings are presented in alphabetical order and please note that we are not endorsing any particular vendor or product, we are just reporting on their take on the finance industry.

Listen to CUInfoSecurity’s latest podcast as a leading phishing researcher explains some of his newest findings on phishing. Dr. Markus Jakobsson is a professor at Indiana University, and a research fellow with the Anti Phishing Working Group (AWPG). Dr. Jakobsson is also Associate Director of the Center of Applied Cybersecurity Research, and a founder of RavenWhite Inc, and he heads the efforts at www.stop-phishing.com. Author and inventor of more than fifty patents, Jakobsson’s research delves into not the technical aspects of phishing and other types of cyber attacks, but also focuses on the human aspect. His latest paper, “The Human Factor in Phishing” is discussed in this two-part podcast. During the interview Dr. Jakobsson describes the research he is doing on fraud, social engineering and phishing, and the prevention of these attacks. His interview is not to be missed, as he explains some of the new ways attackers are targeting th

Listen to CUInfoSecurity’s latest podcast as a leading phishing researcher explains some of his newest findings on phishing. Dr. Markus Jakobsson is a professor at Indiana University, and a research fellow with the Anti Phishing Working Group (AWPG). Dr. Jakobsson is also Associate Director of the Center of Applied Cybersecurity Research, and a founder of RavenWhite Inc, and he heads the efforts at www.stop-phishing.com. Author and inventor of more than fifty patents, Jakobsson’s research delves into not the technical aspects of phishing and other types of cyber attacks, but also focuses on the human aspect. His latest paper, “The Human Factor in Phishing” is discussed in this first part of a two-part podcast. During the interview Dr. Jakobsson describes the research he is doing on fraud, social engineering and phishing, and the prevention of these attacks. His interview is not to be missed, as he explains some of the new ways attackers

Listen to Susan Orr CISA, CISM, CRP - ex-FDIC examiner respond to some of the FAQs from our IT risk assessments webinar. See below for a sampling of the questions asked.