Credit Union Information Security Podcast

Banking/Security Expert Shares Insights on Red Flags, Vendor Management, Other Key Challenges Facing Institutions He was the world's first Chief Information Security Officer at Citigroup in 1995, and for over 25 years he has been a true banking/security leader. Stephen Katz, founder and President of Security Risk Solutions, an information security company providing consulting and advisory services, sat down with Editor Tom Field to discuss the major issues facing banking institutions in 2008. Listen to this interview to hear his insights on: ID Theft Red Flags - are institutions giving it enough attention? Vendor Management - the need to improve oversight of vendors and their vendors; Governance - what works, what still needs work; Pandemic preparation; Many other top issues.

Debit card fraud is one of the most prevalent security threats against banking institutions and customers alike. In this interview, Daniel McIntyre, information security and business recovery analyst with Superior Bank of Birmingham, AL., shares his insight on: The magnitude of the debit card threat; Strategies for fighting fraud; Effective ways to educate consumers.

Institutions of all sizes struggle with staffing resources - having enough hands available to tend to information security matters. At America First Credit Union in Riverdale, Utah, Lane Gittins, the Systems Security Manager, has learned to overcome this challenge by working in a consultative style - directing a cross-functional team whose members come from across the institution and don't all report to him. Listen to this interview for insights on: How to establish a virtual team; Creating a culture of security awareness; Successes to target and challenges to avoid; Tips to lead a virtual team in your institution.

Interview with Fraud Expert Mike Mulholand Check fraud has long been a concern for banks, and in today's age of electronic banking one of the greatest threats is Automated Clearing House (ACH) fraud - batch-processed transactions between banks. In this interview, fraud expert Mike Mulholand, Director of Fraud Solutions Strategy at Memento, Inc., offers insights on: The types of ACH fraud being perpetrated today; How institutions are fighting back; What works and what still needs work in the battle against ACH fraud.

Based on this exclusive survey of security leaders at U.S. financial institutions, this report reveals surprising insights on the latest trends, threats and priorities, including: Vendor Management - Too much trust, too little testing; Security Awareness - Employees and customers are being short-changed; Incident Response - Plans not documented, communicated or updated sufficiently; Customer Confidence - Institutions' perception vs. stark reality. Download to hear the results of our analysis of our first annual State of Banking Information Security Survey.

Introduction from Tom Field, Editorial Director The survey results are in, and we're pleased to share them with you now, so you can see what's on the top of the agenda for U.S. financial institution security leaders in 2008. Listen to this introduction from Tom Field, Editorial Director of Information Security Media Group, as he details: The origins of the State of Banking Information Security 2008 survey; Top-line of our findings; Next steps for how these results will be analyzed and showcased.

Interview with Les Rosen, Expert in Employment Screening Background checks are increasingly conducted by financial institutions for all levels of employees. What are some of the tips to use and traps to avoid when screening job candidates? Editorial Director Tom Field recently spoke with Les Rosen, President and CEO of Employment Screening Resources, a specialist in background checks, to get his insights on: Trends in background screenings at financial institutions Common pitfalls Key considerations re: outsourcing your screenings Where to start when initiating background checks

Interview With Jerry Murphy, SVP, the Robert Frances Group In the wake of record-setting bank fraud at Societe Generale, the risk of the Insider Threat is again on the front burner at financial institutions. In this exclusive interview, Jerry Murphy of the Robert Frances Group offers insight on: The most common forms of Insider Threat at institutions today; How institutions are fighting these threats; The areas where security leaders continue to fall short in their efforts.

Rebecca Herold, privacy expert Many different types of privacy breaches continue to plague organizations and their third-party service providers. Hear Rebecca Herold discuss: Data breach response plans – where are the holes? Notification plans (or lack thereof) How to involve and ensure the security of trusted vendors.

Betsy Broder, Assistant Director in the Federal Trade Commission's Division of Privacy and Identity Protection, discusses Identity Theft from a consumer's perspective, including: The biggest areas of concern for consumers re: ID Theft The state of consumer awareness Fundamental best-practices to fight ID theft The top ID theft issues in 2008.

Matthew Speare, Senior Vice President of Information Technology, M & T Bank Corporation, discusses the practical application of computer forensics in banking institutions, including: How forensics has made a difference at his institution How to establish your own forensics program Advice for banking executives just starting to consider forensics. View more info about Matt's Forensics & E-Discovery webinar.

Greg Kyrytschenko, Information Security Manager, People's United Bank, CT., discusses identity and access management, including: • How he tackled his own institution’s identity management project • The value of automating user lifecycle management • The ROI of identity and access management projects

Philip Alexander, Information Security Officer at a Major US Financial Institution Philip Alexander hasn’t just studied data breach disclosure laws and their subtle differences state-by-state – he’s written the book on the topic (Data Breach Disclosure Laws – a State by State Perspective, Aspatore Books, 2007). In this interview, Alexander discusses: What’s most misunderstood about data breach disclosure laws Trends he sees Advice for banking/security executives just starting to consider issue. And he previews his upcoming presentation in an Information Security Media Group webinar dedicated to this topic. > More information/register for the webinar

Bill Boni, Corporate Information Security Officer and Vice President, Motorola Corporation Bill Boni shares lessons he has learned in his 30 year career in IT security and discusses how organizations should manage their IT security function in order to respond to emerging threats. He reviews: • How globalization is affecting hacking and the nature of attacks; • How to develop an effective incident response capability; • Factors to consider when deciding whether to add cyber-forensics capability to your organization; • Critical success factors for governance and management of information technology; • Why executive management needs to move beyond a risk management mindset.

Ken Baylor, Information Security Consultant and former Chief Information Security and Privacy Officer, Symantec Dr. Ken Baylor is a senior Information Security adviser to Fortune 500 companies. He is the current president of the Silicon Valley chapter of ISACA. Dr. Baylor recently served as Symantec's Chief Information Security Officer (CISO), is a CISSP, and a CISM. As CISO, he was responsible for developing all information systems security policies, overseeing the implementation of all security related policies and procedures, and for the global protection of electronic and digital assets. He also worked closely with internal product groups on security capabilities in Symantec products, and heads the Information Security department. Baylor shares his extensive experience as he discusses the development of effective privacy and compliance programs. Listeners will learn: ¢ Steps to develop effective compliance programs; ¢ Why 90% of privacy breaches happen inside your firewall; ¢ Impact

Listen to Tom Field, editorial director of BankInfoSecurity.com and CUINfoSecurity.com, discuss our first annual State of Banking Information Security Survey in the Financial Services Industry. The survey will focus on topics such as: Information Security Priorities & Roles Strategies Risk Assessment, Incident Response ID Theft Vendor Management Customer/Member Services Business Continuity/Disaster Recovery Security Budget Education & Training BSA/AML > Take the survey now Survey results will be analyzed, annotated and presented in a variety of ways across BankInfoSecurity.com and CUInsoSecurity.com. Thanks in advance for your participation in this inaugural research study. We can't wait to share the results with you!

Mark Seward, CISSP and Director Product Marketing with Qualys, Inc., discusses GLBA compliance as it relates to vulnerability management at financial institutions. Insights include: • Key GLBA compliance issues facing financial institutions; • Examples of vulnerability management specific to GLBA; • Speed bumps institutions encounter en route to GLBA compliance; • Defining the vulnerability management lifecycle and how it is relevant to all businesses.

Information Security Media Group recently attended the BAI Retail Delivery Conference 2007 in Las Vegas. Our correspondents covered the expo floor from a vendor point of view, and we spoke with a number of vendors who had products or services specific to information security. In general, the vendors that had some sort of security offering seemed to be focused on anti-fraud, and BSA/AML compliance. For those not familiar, here is a description of the conference: BAI's purpose is sharply focused: helping you strike the right balance for your organization to reconcile short-term profit pressures with your long-term growth strategies. BAI Retail Delivery Conference & Expo is the place to be for fresh insights, innovative ideas, and smart solutions for succeeding in a no-growth environment. General sessions not only with Steve Forbes Jr., Dr. Alan Greenspan and Sir Bob Geldof, but Kerry Killinger, Chairman and CEO of Washington Mutual, and Lynn Pike, President of Capital One Bank. All dynamic leaders with asto

Michael Jackson, Associate Director of Technology Supervision of the FDIC, provides early data on the impact of the recent California wildfires, including: Number of banks and other FDIC-supervised institutions impacted; Specific guidance on what the FDIC expects in a business continuity plan; Preview of the FDIC's coming publication on pandemic preparedness.

Interview with William Henley, Director of IT Risk Management, Office of Thrift Supervsion (OTS) In this interview, Henley discusses the impact of the California wildfires and reports on the number of thrifts that activated their incident management and disaster recovery plans. Henley also discusses the critical elements of an effective disaster recovery plan and highlights the need to ensure that employees can work remotely in the immediate aftermath of a disaster. He also makes recommendations for responding to possible pandemics.