Banking Information Security Podcast

Steven Elefant Discusses the Breach, End-to-End Encryption Steven Elefant joined Heartland Payment Systems as a consultant in November 2008. Two months later, the company announced it had been the victim of the biggest reported data hack in history. Now CIO of Heartland, Elefant appeared at the BAI Retail Delivery Conference & Expo in Boston and sat down with Tom Field to discuss: The impact of the breach on Heartland; How Heartland is different today as a result of the breach; The future of payments security - and why Heartland is betting on end-to-end encryption. Elefant was the founder of several successful Silicon Valley startup and venture capital firms. He is co-founder and former chief executive officer of ICVerify, Inc., a leader in payments processing integration of PC-based POS software. The company merged with CyberCash, Inc. in 1998 to form an Internet and physical service provider for electronic payments software. He has been an active member of the US Secret Service Electronic Crimes Ta

Allan Bachman has fought fraud since the early 1970s, and he's seen the crimes evolve in both sophistication and scale. In an exclusive interview, Bachman, Education Manager for the Association of Certified Fraud Examiners (ACFE), discusses: The evolution of fraud schemes; The most common types of fraud seen today; Types of training available to help detect and prevent fraud. Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on several IT implementations specializing in security. His largest fraud investigation for over $1.5 million was conducted during this time. Previously Bachman worked in or consulted for retail, real estate, manufacturing and has done extensive small business consulting where he has actively worked a number of fraud cases. His fraud investigation experience extends back to the mid- 70's and has continued th

This year's BAI Retail Delivery Conference & Expo, beginning Nov. 3 in Boston, is the 32nd annual event - and it very much will reflect the times that financial institutions have experienced over the past year. Risk management, social networking, customer confidence - these all will be major themes at this year's event, says Debbie Bianucci, President and CEO of BAI. In an exclusive interview, Bianucci discusses: The major themes of the BAI event; Specific programs related to risk management and security; What to expect at the event and in the expo. Bianucci leads the BAI team to find new and innovative ways to provide high-value, objective information and education to the financial services industry. She has been in financial services for over 30 years, including senior positions with several major financial services companies. Before being appointed CEO, Bianucci was responsible for a variety of functions over the course of her nearly 20 years with BAI, most recently having executive responsibility for

From ACH to ATM, payments to phishing, fraud schemes abound. And bank customers and businesses are the targets. So what can banking institutions do to fight back? Bob Neitz is the senior vice president in charge of the Fraud Corporate Risk Management Program at Wells Fargo. In an exclusive interview, Neitz discusses: The types of fraud he fights; How managers, employees and customers can prevent fraud; What other banking institutions can be doing to improve their own fraud prevention efforts. Neitz is a manager of the Fraud Corporate Risk Management Program at Wells Fargo, responsible for providing leadership and direction around cross-organizational fraud risk management for the enterprise, including all consumer, small business and wholesale businesses. With more than 14 years of experience in a Risk Management capacity, Neitz has held several other positions at Wells Fargo with various business groups, including online banking, consumer products and credit card businesses.

Malware, Consumer Technology, Social Networks Head the List of Vulnerabilities Know what scares security expert John Pescatore the most? The image of a remote employee sitting at a home office or public setting, plugging into an unsecured network, accessing critical business data via a personal laptop or PDA. Organizations have never had so many security risks in so many remote locations, says Pescatore, VP and Distinguished Analyst with Gartner, Inc. Mitigating these risks will be among the primary challenges for information security leaders in 2010. In a discussion of security trends, Pescatore offers insight on: Emerging threats; Emerging solutions; The role of education and training to help meet security needs. Pescatore has 31 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 year

Interview with Pete Fahrenthold of Continental Airlines, RIMS Enterprise Risk Management (ERM) is a topic of interest throughout an organization - and increasingly at the board of director level. But how does a security leader engage the board on ERM - and keep it engaged? Pete Fahrenthold of Continental Airlines and RIMS discusses: The top current ERM issues; How to engage the board - what works, what doesn't? How to measure the ongoing engagement of the board. Fahrenthold is the Managing Director of Risk Management and the ERM Team Leader for Continental Airlines. He has over 20 years of risk management experience. Prior to entering the risk management field, he worked in public accounting and in various corporate functions including financial reporting, treasury operations, and employee benefits management. He is currently the Vice Chair of the RIMS ERM Development Committee, and he is the Chair of the AFP Risk Newsletter Editorial Advisory Board.

The fall flu season has begun in the U.S., and the news each day is filled with stories about H1N1 (swine flu) outbreaks at schools and businesses. But how bad is the outbreak? Is it on a par with a typical flu season? Far better or far worse? To help separate fact from fiction, noted pandemic expert Regina Phelps discusses: Current realities of H1N1; What organizations should be doing now - especially with Halloween approaching; Lessons learned and what to expect next. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

We all can see the technological and market forces converging to necessitate and enable electronic healthcare records. But how does this transition impact privacy and compliance within an organization? What are the ramifications for IT and security departments? Kim Singletary, Solutions Marketing for McAfee, discusses: The electronic healthcare records revolution; Impact on privacy and compliance; How IT departments must respond. Singletary was Director of Compliance Solutions for Solidcore prior to the McAfee acquisition. She has 15 years of Product Management and Marketing roles with companies specializing in outsourced IT services for critical infrastructure both traditional datacenter services, MSSP and SAAS. Her expertise has been in developing and growing security, compliance and managed services for the Fortune 500 which included roles at SAVVIS Communications, Frontier Communications and Global Crossing.

Interview with Rep. Yvette Clarke, Chair, House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology To quell the rising tide of information breaches and to protect government and key civilian IT systems, the idea of regulating IT and data is gaining ground among those who shape federal law and policies. If such regulation comes about, Rep. Yvette Clarke, D-N.Y., will be involved in shaping authorizing legislation, by virtue of her chairmanship of the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. Clarke, in an interview with GovInfoSecurity.com, said any such law or regulation must not hamper innovation. In the interview, Clarke discusses: Key elements of what she terms the National Data Breach Law. The deliberate approach the House is taking to implementing cybersecurity legislation. President Obama's need to appoint a cybersecurity coordinator now. Clarke represents one of the country's most ethnically diverse Congressional

Governance, risk and compliance - GRC - are priorities for information security leaders of all organizations. And these priorities have only been underscored by the economic recession and elevated scrutiny of businesses and government agencies. In an exclusive interview on GRC trends, Chris McClean, analyst with Forrester Research, discusses: Specific trends in governance, risk and compliance; How organizations are most challenged to respond to these trends; Corporate Social Responsibility - what it is, and how information security leaders should respond. McClean contributes to Forrester's offerings for the Security & Risk professional, leading the company's coverage of governance, risk, and compliance (GRC). He is also a thought leader on the related issues of corporate social responsibility (CSR) and sustainability. He is a frequent speaker on these subjects at vendor events as well as conferences run by industry organizations such as the Risk Management Association.

Social networking. Cyberbullying. Identity theft. There are myriad threats to children as they explore their online universe. And to counter these threats is Safe and Secure Online, a new interactive presentation that brings information security professionals into classrooms to give sound advice to 11-14-year-old children. Delivered by (ISC)2, Safe and Secure Online relies on material developed by former school teachers, but delivered by certified information security professionals. David Melnick of Deloitte and (ISC)2 discusses: The need for Safe and Secure Online; How the program will be delivered and measured; Ways businesses, government agencies and information security professionals can help. Melnick is a principal in security and privacy services within the audit and enterprise risk services practice in the Los Angeles office of Deloitte and brings more than 17 years of experience designing, developing, managing and auditing large scale secure technology infrastructure. Melnick has authored sever

Interview with Dave Jevans of the Anti-Phishing Working Group On Oct. 7, the U.S. government announced the results of "Operation Phish Phry," which saw 100 suspects in two countries charged with being part of a major multinational phishing ring. And although these indictments are the most ever in a cyber crime case, Dave Jevans of the Anti-Phishing Working Group (APWG) says, in the grand scheme of global phishing scams ... this is a tiny catch, indeed. In an exclusive interview on phishing trends, Jevans discusses: The latest phishing trends; Lessons learned from the latest incidents; What banking institutions and businesses can do to protect themselves. Jevans is the Chairman and Founder of the Anti-Phishing Working Group, the leading non-profit organization dedicated to eradicating identity theft and fraud on the Internet. The APWG has over 1,500 member companies and agencies worldwide. Membership is limited to banks and other financial institutions, ISPs, law enforcement agencies and security techno

As people increasingly turn to information assurance to start - or re-start - a career, the nation's community colleges play a greater role in job training. Erich Spengler, professor at Moraine Valley Community College near Chicago, discusses: The role of community colleges in information assurance education; Challenges and opportunities for two-year programs; Where to begin when considering your next career move. Spengler has over 20 years experience in Information Systems and holds an MBA from Loyola University of Chicago and an MS in Computer Science from the University of Illinois - Springfield. In addition to serving as a tenured professor of Computer Integrated Technologies at Moraine Valley Community College, Erich also serves as a Guest Lecturer at Northwestern University and as the Director and Principle Investigator for the National Science Foundation (NSF) Regional Center for Systems Security and Information Assurance (CSSIA @ www.cssia.org). Erich holds several industry certifications includ

Interview with Shirley Inscoe and BC Krishna, Authors of Insidious: How Trusted Employees Steal Millions and Why It's so Hard for Banks to Stop Them Insider fraud has always been a risk for banking institutions, but this risk has only grown in the past year. And so has the size of the crimes. Shirley Inscoe and BC Krishna of Memento have written a new book, "Insidious: How Trusted Employees Steal Millions and Why It's so Hard for Banks to Stop Them." In an exclusive interview, the authors discuss: What's most misunderstood about insider fraud; How organizations are responding to the threat; Advice for what banking institutions can do today to prevent insider crimes. Inscoe, Memento's Director of Financial Services Solutions, had a distinguished 24-year career at Wachovia, the fourth largest bank in the U.S. Throughout her tenure at Wachovia, Inscoe held a series of increasingly responsible positions in risk management, regulatory compliance, and loss reduction initiatives. She is a member of the Americ

It's one of the newest and most popular stops on the Washington, D.C. tour, and its artifacts of history leave clues for how information security professionals should approach their future. The International Spy Museum has just celebrated its 7th year and its 5 millionth visitor, says Executive Director Peter Earnest, a former CIA officer who's run the museum since its inception. In an exclusive interview, Earnest discusses: the museum's goals and growth plans; who visits the museum and what they get from the experience; lessons to be learned by today's information security professionals. Earnest is a 35-year veteran of the Central Intelligence Agency (CIA). He served 25 years as a case officer in its Clandestine Service, primarily in Europe and the Middle East. He ran intelligence collection and covert action operations against a range of targets including Soviet Bloc representatives and Communist front organizations. As Museum director, he has played a leading role in its extraordinary success as

The past year has been an education for anybody in the banking industry. And the year's events have also had an impact on banking education, says Kirby Davidson, President and CEO of the Graduate School of Banking at the University of Wisconsin-Madison. In an exclusive interview, Davidson discusses: How the past year has influenced banking education; How banking education will continue to involve; What it takes to start a banking career today. Davidson is actively involved in new product development, curriculum design, alumni relations, online distance education, and marketing and strategic alliances with sponsoring organizations and business partners. Prior to joining GSB, Kirby was VP of Marketing for a national trade association, the Conference of State Bank Supervisors, in Washington, DC. He was recruited to develop and manage their new marketing department, overseeing nationwide marketing and membership campaigns, implementation of a new customer relationship database, and image-branding promotional

The Federal Deposit Insurance Corporation (FDIC) recently established an Advisory Committee on Community Banking. One of its 14 committee members is Charles Brown, chairman and CEO of Insignia Bank in Sarasota, FL. In an exclusive interview, Brown discusses: The perspective he'll bring to the FDIC committee; Challenges and opportunities facing community banks today; How his institution has strengthened customer confidence in a challenging marketplace. Brown has over 20 years of banking experience. Prior to joining Insignia in 2006, he was CEO and president of Charlotte State Bank for 10 years. He previously served as the Chairman of Tier II Banks for the Florida Banker's Association and Chairman of the Florida Banker's Education Foundation. He is a frequent speaker on the topic of Disaster Recovery Plans and was a featured panelist as well as presenter at the kick-off of www.Ready.Gov, along with then Secretary of Homeland Security, Tom Ridge.

It's been a year since the financial services industry was first rocked by the global recession. The 'crisis of confidence' resulted in scores of bank failures, major mergers and acquisitions, and a very public cry for regulatory reform. A year later ... is the banking industry better off? William Isaac, former FDIC Chair (1981-85), believes the recession is over, but he also is concerned about the future of regulatory reform, as people's attention turns to the healthcare debate. "I worry that we won't get it done at all," Isaac says. In an exclusive interview, Isaac discusses: How the banking industry has changed over the past year; Lessons learned from the recession; Regulatory reform - will it happen, or has momentum been lost? Isaac is chairman of the Secura Group, a leading financial institutions consulting firm, operating as a division of LECG. The Secura Group provides financial advisory services, strategic planning, regulatory counseling, risk-management services, strategic studies, and general

Organizations are doing a good job protecting their operating systems, but they're leaving their critical applications vulnerable to dangerous cyber threats. This is the key takeaway - and to some extent the surprise - of the new Top Cybersecurity Risks report released on Sept. 15 by TippingPoint, Qualys, the Internet Storm Center and SANS Institute. In an exclusive interview about the report, Alan Paller, Director of Research at SANS, discusses: The key messages to organizations about cyber risks; Trends to watch in the coming months; What organizations can do now to minimize their vulnerability. Paller founded SANS in 1989 to provide graduate-level education to cybersecurity professionals. In the intervening years, more than 80,000 people have learned their technical security skills - from forensics to penetration testing to intrusion detection, in SANS courses. Today he focuses on identifying the tipping points that can turn the tide against the growing wave of cyber crime and cyber espionage. He h

Legal Insights on Data Privacy Trends and Breach Response Your organization has been breached - how should you immediately respond? How should you not respond? Alysa Hutnik, attorney with Kelley Drye in Washington, D.C., specializes in information security and privacy, counseling clients on what to do after a security breach. In an exclusive interview, Hutnik discusses: Do's and don'ts following a data breach; Privacy legislation trends for 2010; What organizations can do today to prevent privacy/security challenges tomorrow. Hutnik is an Associate with Kelley Drye whose practice includes representing clients in all forms of consumer protection matters. In particular, she specializes in advertising, privacy, and data security law. She frequently conducts workshops and gives speeches on advertising, privacy, and data security compliance. She is often quoted on these issues in major business and law journals and newsletters, and has authored numerous advertising, privacy, and data security articles. Ms. H