Banking Information Security Podcast

What are the top fraud trends facing financial institutions in 2010? Gartner's Avivah Litan shares her insights in an exclusive interview with Information Security Media Group's Linda McGlasson, discussing: Increased number of attacks on strong authentication; How to handle ACH fraud; The biggest security challenges for banking institutions. Litan has more than 30 years of experience in the IT industry and is a Gartner Research vice president and distinguished analyst. Her areas of expertise include financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications, as well as other areas of information security and risk. She also covers the security related to payment systems and PCI compliance.

Dena Haritos Tsamitis has an ambitious goal for the year: to improve cyber awareness among 10 million people globally. The Director of Education, Training and Outreach at Carnegie Mellon University's CyLab, Dena discusses: The cyber awareness challenge among people of all ages; Effective techniques for improving awareness; How organizations can improve and maximize their own efforts. Dena oversees education, training and outreach for Carnegie Mellon CyLab, the university's cybersecurity research center. She leads the MySecureCyberspace initiative to raise "cyber awareness" in Internet users of all ages through a portal, game and curriculum. She guides the education initiatives of the NSF Situational Awareness for Everyone center, which explores ways to improve computer defenses by incorporating models of human, computer and attack interactions into the defenses themselves. Also through CyLab, she serves as Principle Investigator on two NSF-funded programs: the Scholarship for Service (SFS) program and t

Interview with James Van Dyke of Javelin Strategy & Research Identity fraud crimes expanded at a 12% rate in 2009. What can we expect to see in 2010? Javelin Strategy & Research is out with its latest Identity Fraud Study. For insight on the study results and what they mean to organizations across industry, James Van Dyke of Javelin discusses: Headlines from this year's study; Trends and threats to watch; What organizations and individuals can do to better protect themselves. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

When it comes to enterprise security, an organization gets its tone from the top - even when the tone is set accidentally. How do you set the right tone? That's the topic of the new book from former CISO Jennifer Bayuk: "Enterprise Security for the Executive: Setting the Tone from the Top." In an interview about her book, Bayuk discusses: The key audience she wants to reach; The main message for enterprise leaders; Today's top enterprise security challenges and how leaders should tackle them. Bayuk is an independent consultant on topics of information confidentiality, integrity and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. She has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Se

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerab

What's one of the biggest threats to Florida banking institutions? Regulatory reform, according to Alex Sanchez, head of the Florida Bankers Association. "We're easy targets," says Sanchez, who fears Main Street institutions will take it on the chin from legislators for economic mistakes made by Wall Street and non-banking firms. In an interview on the state of banking in Florida, Sanchez discusses: Top banking challenges; Biggest security threats; The potential impact of regulatory reform. Sanchez serves as President and Chief Executive Officer of the Florida Bankers Association (FBA). Founded in 1888, and located in Tallahassee, the FBA is the leading voice for Florida's banking industry. Sanchez' responsibilities include representing and advocating for Florida's banking industry before all legislative and regulatory bodies in Tallahassee and in Washington. Before joining the FBA, he was an attorney at Sinclair Louis, a Miami based law firm, specializing in business law; Consolidated Bank, Assistan

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in ass

What's the cost of a data breach? The Ponemon Institute is out with its 5th annual "Cost of a Data Breach" study, and in an exclusive interview Dr. Larry Ponemon discusses: The current cost of a data breach - and how it's risen since 2009; Data breach trends across industry; What organizations should do to respond to or prevent breaches. Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Co

President Obama this past week made strong remarks to spur Congress and populist support toward banking regulatory reform. But what's likely to happen? And when? "There might be stronger regulatory reform than people thought six months ago," says Christie Sciacca, formerly with the Federal Deposit Insurance Corporation, currently a director with LECG in Washington, D.C.. In an exclusive interview, Sciacca discusses: The substance of Obama's proposals; What's likely to occur in regulatory reform; Whether reform will occur in 2010. Sciacca spent 13 years at the FDIC, where he led examination, supervisory and bank rescue transaction projects in Detroit, New York, and Washington DC. From 1983-1986, Sciacca was Assistant to the Chairman, representing the Chairman on interagency matters, at bank trade association meetings and on all operational and policy matters. Sciacca served as the FDIC's representative on the Vice President's Task Group on the Regulation of Financial Services. In 1996, he returned to t

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening e

Interview with Lydia Parnes, Former Director of the FTC's Bureau of Consumer Protection Privacy, data security and consumer protection - three of the top concerns to organizations everywhere. And they are three of the topics nearest and dearest to Lydia Parnes, former director of the Federal Trade Commission's (FTC) Bureau of Consumer Protection. Now a partner in the Washington, D.C. office of Wilson Sonsini Goodrich & Rosati, Parnes works with organizations to ensure their privacy and security policies. In an exclusive interview, Parnes discusses: Current trends in privacy, data security and consumer protection; The greatest challenges to organizations entrusted with ensuring these protective measures; How the public and private sectors are likely to work together to tackle these challenges this year. Parnes' current practice focuses on privacy, data security, Internet advertising, and general advertising and marketing practices. The former director of the Bureau of Consumer Protection (BCP) at the

Interview with Brian Hurdis, EVP Technology Services, FIS Third-party service providers are a staple of banking services in the information era. How can banking institutions get the most from these relationships? Brian Hurdis, executive vice president of technology services at FIS, discusses: The biggest information security challenges facing banking institutions in 2010; Solutions to help overcome these challenges; How institutions and service providers can collaborate to get the most out of the vendor relationship. Hurdis joined FIS in October 2009 with the company's acquisition of Metavante Corporation. Previously, Hurdis served as senior executive vice president of operations and service delivery and chief information officer for Metavante, a position to which he was appointed in July 2008. In this role, Hurdis was responsible for service delivery, development operations, project management, call center and item processing operations. He was also a member of the company's Executive Committee. Hurd

What are the key risk management challenges for the nation's credit unions, and how can they best meet them? Wendy Angus, Director of Risk Management at the National Credit Union Administration (NCUA), discusses: The biggest risk management issues facing credit unions today; How credit unions can overcome these challenges; Advice to institutions looking to improve their approach to risk management. Prior to joining NCUA in 1996, Angus worked as an examiner with the Office of Thrift Supervision and an auditor in the securitization and asset sale operation at the Resolution Trust Corporation. During her 13 years at NCUA, she has played many roles within the agency. Beginning December 14, 2009, she became the Director of Risk Management in the Office of Examination and Insurance. In this position, she serves as the primary caretaker of the National Credit Union Share Insurance Fund, oversees administrative action nationwide, quarterly call report data collection and analyses, and works with the regional

What are the new year's top trends in banking, payments and security? Javelin Strategy & Research has just released its Top 10 Trends report for 2010. James Van Dyke, president of Javelin, discusses: Top headlines from the new report; Biggest threats to banks, payments and security; The "next big thing" in banking. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

Information security is the hot career option for professionals in 2010 and beyond. This is the prediction of David Foote of Foote Partners, the FL-based consultancy that tracks IT skills and competencies. In a look ahead at 2010 and beyond, Foote discusses: the security careers "bubble" and how it began; the wave that has driven the surge in security jobs; predictions for 2010-2012. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives, in advising governments and corporations worldwide on increasing performance and managing IT's impact on their businesses and custome

Malware is increasingly sophisticated, and social media are the common new venues for attacks. These are the headlines from the latest Cisco Annual Security Report. Patrick Peterson, Cisco senior fellow, offers highlights of the report, discussing: Top trends and threats; The risks to specific vertical industries and government agencies; The message to information security professionals looking to stay ahead of the threats. Peterson, Chief Security Researcher, is also a Cisco Fellow -- a position that is reserved for individuals whose technical contribution has made a material impact not only within Cisco, but also in the industry as a whole. As a security technology evangelist, Peterson leads research projects to understand cutting-edge criminal attacks and business models and developing the technologies to combat them. Peterson chairs the technical committee for the Messaging Anti-Abuse Working Group (MAAWG) and the authentication committee for the Authentication and Online Trust Alliance. He is a frequ

In the fall of 2008, we first spoke with Mike Jacobson, chair of the Nebraska Bankers Association, asking him about the state of customer confidence on Main St., vs. on Wall Street. One year later, we reconnect with Jacobson to discuss: The state of banking in Nebraska now; How community banks have been hurt by Heartland and other fraud incidents; The major challenges for banking institutions in 2010. Jacobson, a lifelong resident of Nebraska, is chairman, president, and CEO at NebraskaLand National Bank in North Platte, and he currently is serving out a term as chair of the Nebraska Bankers Association.

The Advanced Persistent Threat - what exactly is it, and how are organizations vulnerable? Ron Gula, CEO of Tenable Network Security, explains the threat and the challenges to mitigating it. In an exclusive interview, Gula discusses: Why some organizations are especially vulnerable; Strategies and solutions that are most effective against the threat; Where to start if you feel your organization is exposed.

It's been over one year now since banking regulators began examining institutions for compliance with the Identity Theft Red Flags Rule. What have been the common deficiencies, and what will examiners be expecting in year two? Jeff Kopchik, senior policy analyst with the Federal Deposit Insurance Corporation (FDIC), discusses: The three key deficiencies of Red Flags compliance; How examiners will approach Red Flags exams in 2010; Ways institutions can improve their Red Flags compliance. Kopchik was the Team Leader of the FDIC's 2004 study "Putting an End to Account-Hijacking Identity Theft." He was the FDIC's primary representative on the FFIEC staff working group that drafted the 2005 guidance on Authentication in an Internet Banking Environment. Kopchik was also involved in interagency rulemaking efforts to comply with the Fair and Accurate Credit Transactions (FACT) Act, and was involved in the creation and implementation of the Gramm-Leach-Bliley Act (GLBA) interagency information security guidelines