Banking Information Security Podcast

Interview with Adrian Davis of the Information Security Forum In terms of payments, privacy and third-party relationships, U.S. security leaders have much to learn from - and share with - their peers in the U.K. and elsewhere in the world. This is the perspective of Adrian Davis, a senior research consultant with the UK-based Information Security Forum. In an exclusive interview, Davis discusses: Top threats to public and private organizations; Insights on payments, privacy and vendor management; Advice to organizations looking to improve information security globally. Davis heads the Leadership and Management group within the Research and Services Team of the Information Security Forum, responsible for delivering client-facing projects. His team covers topics such as the role and effectiveness of information security; the role and skills of information security professionals from junior analyst to the Chief Information Security Officer and Chief Security Officer; managing and assessing information secu

Interview with Mike Urban, Sr. Director, FICO Financial institutions and their customers are experiencing a frightening range of fraud scams. Where are their greatest risks? Mike Urban, Senior Director of Global Fraud Solutions at FICO, discusses: Today's top trends; Where organizations are most vulnerable; Steps to take to reduce fraud risk. Urban has 15 years experience in fraud management. He currently serves as senior director, Fraud Solutions, for FICO. He analyzes fraud issues and trends to provide continuous improvements in fraud detection technology. He also regularly works with law enforcement to help prosecute criminals and has been responsible for uncovering several crime rings in the US. As a renowned industry expert, Urban regularly speaks about fraud trends, best practices and solutions to industry groups. He has been quoted in numerous publications including the New York Times, MSNBC, Computer World, American Banker and ATM & Debit News. He has also written articles that have appeared in

Interview with Peter Spier of Fortrex Technologies Over the past year or so, since the Heartland Payment Systems breach, we've heard a lot about the Payment Card Industry Data Security Standard (PCI DSS). What does 'PCI compliant' mean? Can a PCI compliant organization be breached? What's the role of the Qualified Security Assessor (QSA)? Peter Spier, Senior Risk Management Consultant with Fortrex Technologies, has written a recent guest blog on PCI compliance, and in an exclusive interview offers insight on: The QSA's role; What's most misunderstood about PCI compliance; How organizations can maximize their compliance efforts. Spier is President of the ISACA Western New York Chapter and a Senior Risk Management Consultant at Fortrex Technologies based in Frederick, Maryland. Peter attained his graduate degree from Syracuse University's School of Information Studies and over the course of 12 years of experience, has earned Certified Information Security Manager (CISM), Certified Information Systems S

When it comes to data loss prevention (DLP), what are the major challenges facing financial institutions and other organizations? And how can these challenges be overcome? In this exclusive interview, Jason Vander Meer of RealTick discusses his organization's DLP strategy, and the solution he deployed from Code Green Networks. Additionally, Dan Udoutch of Code Green Networks offers advice for organizations faced with similar DLP challenges. Vander Meer is currently responsible for Information Security and IT Infrastructure Project Management at RealTick®, the electronic trading industry's premier global, multi-broker, broker neutral, cross-asset Execution Management System (EMS). He joined RealTick in 2005, and has since been the lead of managing Information Security risk assessment and mitigation. Vander Meer has a MS degree in Information Technology and Information Assurance from DePaul University in Chicago. Udoutch is the President and CEO of Code Green Networks. As a 25+ year Sales, Market

Interview with Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute Insider crimes are among the biggest threats to public and private sector organizations. And yet too many groups continue to struggle to prevent or even detect these crimes. In an exclusive interview, Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute, discusses: Insider threat trends; Biggest challenges for organizations looking to prevent crimes; Steps organizations can take to reduce risk. Cappelli is Technical Manager for the Threat and Incident Management Team of the CERT Technical Staff at Carnegie Mellon University's Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERT's insider threat research, a CyLab-funded project including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT. Before joinin

We've emerged from a global financial crisis, and now regulatory reform is coming to financial services. What do these events mean for the financial regulatory agencies - especially in terms of securing access to sensitive data? John Bordwine, Public Sector CTO at Symantec, tackles this question, discussing: The critical need to secure access to sensitive data; The business benefits of enhancing security; Key takeaways for non-financial organizations. As the Symantec Public Sector CTO, Bordwine currently serves as a trusted advisor, providing guidance on the development of products and solutions that meet government requirements and certifications specifically focused on the Public Sector markets. His responsibilities also include all technical activities related to Public Sector customers, which includes federal, state, and local government agencies, and education industries. In addition to these responsibilities, he also provides guidance to other Symantec business units around specific requireme

Steve Elefant, CIO, Heartland Payment Systems One theme repeated by every major Obama administration officials speaking RSA Conference 2010, the IT security conference held in early March in San Francisco, was the need for the government and business to work together to protect the nation's critical IT systems. Among those listening to these officials was Steve Elefant, chief information officer of payment processor Heartland Payment Systems, a victim of a 2009 breach considered the largest criminal breach of card data ever, exposing information on upward of 100 million cards. In an interview with Information Security Media Group Executive Editor Eric Chabrow, Elefant discusses the impact of the breach on Heartland's relationship with the government and other financial institutions to secure critical IT systems operated by the private sector.

Interview with Terry Austin, CEO of Guardian Analytics Recent ACH fraud schemes aren't just siphoning money from business banking accounts - they're eroding the trust relationship between small-to-midsize businesses and their banking institutions. This is the main finding of the new 2010 Business Banking Trust Study conducted by Guardian Analytics and the Ponemon Institute. In an exclusive interview, Terry Austin, CEO of Guardian Analytics, discusses: Headlines from the new study; The message from businesses to banks; How banking institutions should respond. Prior to joining Guardian Analytics, Austin served as CEO and president of MarketLive, a leading provider of eCommerce platform solutions, where he created a scalable business strategy, assembled a world-class executive team and led successful fundraising efforts. He was previously president of worldwide marketing and sales at Good Technology, a provider of mobile computing solutions, where he spearheaded the company's rapid growth from 10,000

C. Warren Axelrod is a veteran banking/security executive and thought-leader, and in an exclusive interview at the RSA Conference 2010 he discusses top security trends and threats, including: Insider fraud; Application security; Cloud computing. Axelrod is currently executive advisor for the Financial Services Technology Consortium. Previously, he was a director of Pershing LLC, a BNY Securities Group Co., where he was responsible for global information security. He has been a senior information technology manager on Wall Street for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.

What are the key banking/security topics on the minds of leaders of the nation's largest banks? At the RSA Conference 2010, Paul Smocer of BITS and the Financial Services Roundtable discusses: The Roundtable's information security priorities; How regulatory reform may impact security organizations; The future of the Shared Assessments Program - in banking and beyond. Smocer, VP of Security at BITS, a division of the Financial Services Roundtable, leads the group's security program. Smocer has over 30 years' experience in security and control functions, most recently focusing on technology risk management at The Bank of New York Mellon and leading information security at the former Mellon Financial. While at Bank of New York Mellon and at Mellon, Smocer was actively engaged with BITS as a member of its Vendor Management Working Group, as 2005 Chair of its Security Steering Committee, and as 2004 Chair of its Operational Risk Committee.

Education and training are two of the key priorities of information security professionals and organizations in 2010. And professional certifications are at the heart of that training. What's new in information security certifications? In an exclusive interview at RSA Conference 2010, W. Hord Tipton, Executive Director of (ISC)², discusses: Training trends; What's new from (ISC)2; Insight into new research on the profession. Tipton is the executive director for (ISC)², the global leader in educating and certifying information security professionals throughout their careers. Tipton previously served as president and chief executive officer of Ironman Technologies, where his clients included IBM, Perot Systems, EDS, Booz Allen Hamilton, ESRI, and Symantec. Before founding his own business, he served for five years as Chief Information Officer for the U.S. Department of the Interior.

From RSA 2010: Interview with Bob Russo, GM of the PCI Security Standards Council How will the Payment Card Industry Data Security Standard (PCI DSS) be amended, and when? These are the key questions in payments security, and Bob Russo, GM of the PCI Security Standards Council, is prepared to start answering them. In an exclusive interview conducted at RSA Conference 2010, Russo discusses: Key questions about PCI; Potential solutions to enhance payments security; Timeline for the release of the next PCI standard. Russo brings more than 25 years of high-tech business management, operations and security experience to his role as the general manager of the PCI Security Standards Council. Russo guides the organization through its crucial charter, which is focused on improving data security standards for merchants, banks and other key stakeholders involved in the global payment card transaction process. To fulfill this role, Russo works with representatives from American Express, Discover Financial, JCB, Mas

When it comes to protecting your organization and your customers from a data breach, what is considered "reasonable security?" This question is at the center of several ongoing lawsuits, and how the courts answer it may be one of the biggest stories of 2010. Shedding light on this hot topic is David Navetta, founding partner of the Information Law Group and co-chair of the American Bar Association's Information Security Committee. In an exclusive interview, Navetta discusses: Current regulatory trends, including the HITECH Act; Legal issues surrounding "reasonable security;" How to use existing standards to establish "reasonable security." Prior to co-founding the Information Law Group, Navetta established InfoSecCompliance LLC ("ISC"), a law firm focusing on information technology-related law. ISC successfully served a wide assortment of U.S. and foreign clients from Fortune 500 companies to small start-ups and service providers. He previously worked for over three years in New York as assistant gener

Richard Chambers, President of the Institute of Internal Auditors (IIA) has three words of advice for organizations, executives and auditors looking to improve the role of internal audit: "Follow the risk." In an exclusive interview, Chambers discusses: Impact of the economic recession on internal audit; How the role has evolved because of recent times; Advice for organizations, executive and auditors to further maximize the role. Chambers began his career in 1976 with the U.S. General Accounting Office, where he first became an internal auditor. He firmly established himself in government internal auditing and was named Worldwide Director of Internal Review for the United States Army in 1993. He later served as Deputy Inspector General for the United States Postal Service and Inspector General for The Tennessee Valley Authority. In 2001, Chambers joined The IIA staff as vice president, Learning Center. After a brief tenure as "acting president," he left The IIA in 2004 to join PricewaterhouseCoopers,

Alex Cox, Research Consultant and Principal Analyst, NetWitness Alex Cox, a research consultant and principal analyst at the IT security firm NetWitness, discovered last month the Kneber botnet, a variant of the ZueS Trojan that he says has infested 75,000 systems in 2,500 corporate and governmental organizations worldwide. (See Botnet Strikes 2,500 Organizations Worldwide.) In an interview, Cox describes: How the Kneber botnet works. Who the malware targeted. Damage the botnet could cause. Cox was interviewed by Eric Chabrow, GovInfoSecurity.com managing editor.

Beware suspicious money entering the U.S. via politically exposed persons (PEPs). And be mindful of non-banking entities that are involved in illegal activities outside of current anti-money laundering (AML) regulations. This is the advice from AML expert Kevin Sullivan, who offers insights on the newest money-laundering trends, including: The latest threats; Which types organizations are most at risk; How to fight back against these crimes. Sullivan is a former Investigator with the NY State Police and was the state investigations coordinator assigned to the NY HIFCA El Dorado Task Force in Manhattan. He has more than 20 years of police experience. Sullivan possesses a Masters in Economic Crime Management and is both a certified anti-money laundering specialist and certified anti-money laundering professional. He is also the director of AMLtrainer.com.

Joe Bernik, a banking and security veteran, has recently joined Fifth Third Bank as its new CISO. Among his challenges: preventing external attacks and building better internal relationships with business partners. In an exclusive interview, Bernik discusses: The evolution of information security and risk management in banking; The challenge of intrusion prevention; Strategies for identity access management. Bernik is a risk professional with 15 years of experience in information security. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. He was formerly Director of Operational Risk at the Royal Bank of Scotland and CISO of ABN AMRO and its subsidiary, LaSalle Bank. He has a bachelor's degree from the University of Mary Washington and completed graduate work at the City University of New York.

From blogs to wikis, Facebook to Twitter, social media have taken over the workplace. But how do security leaders manage social media before all these new tools and technologies become unmanageable? Jerry Mechling is a prominent author and lecturer at the Harvard Kennedy School, and in an exclusive interview he discusses: Social media's impact on public and private entities; The inherent security and risk management challenges; How organizations should begin to unlock social media's potential. Mechling, Lecturer in Public Policy at the Harvard Kennedy School of Government, is Founder of the Leadership for a Networked World Program and the Harvard Policy Group on Network-Enabled Services and Government. He is also a Research Vice President of Gartner. His studies focus on the impacts of information and digital technologies on individual, organizational, and societal issues. He consults on these and other topics with public and private organizations locally and internationally. He is primary author of E

What must financial institutions do to improve security education? Identity theft expert Robert Siciliano shares his thoughts on the need to change the mindset of financial institutions when it comes to educating their customers about identity theft and security issues. Among the topics he discusses: Why "old school" approaches to security education must change; How "Soccer Moms" are now becoming "Security Moms"; Why security education must come from the financial institutions. Siciliano has 29 years of experience in the business world and has been involved in information security, personal security and identity theft issues since the early 1990s. He has presented hundreds of security presentations to businesses including GMAC, the National Association of Realtors, Dominos Pizza, United Bankers Bank, Conference of State Bank Supervisors, along with numerous state banking associations, among others. He is also a certified security instructor for numerous industry associations.

Increasingly, digital forensics is an important element of an information security program for organizations of all types and sizes. But where can security leaders find qualified forensics professionals? How can these professionals obtain the skills and expertise they need to be successful? Rob Lee of Mandiant and SANS Institute discusses forensics careers, focusing on: Hot trends of 2010; Questions hiring managers must ask; Growth opportunities for qualified pros. Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he