Banking Information Security Podcast

As the swine flu outbreak triggers new fears of a global pandemic, security organizations must dust off and review their emergency management plans. For insight on how to prepare for swine flu, pandemic expert Regina Phelps offers expert insight on: What you need to know about swine flu; How your organization should respond - internally and with customers; Where and what to watch for updates over the coming days. Regina Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety. Resources Swine Flu Update Swine Flu FAQ

To this point, information security professionals have been generalists. Going forward, they'll have to be specialists. At least this is the opinion of John Rossi, professor of systems management/information assurance. In an exclusive interview on the future of the information security profession, Rossi discusses: Why information security is headed toward specialization; The new capacities security professionals must develop; How academic institutions and industry groups must change how they educate security pros. Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assess

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.

It's a simple proposition for successful applicants to the Scholarship for Service (SFS) Program: Get your information security education paid for, and then come work for the U.S. government. "It's one of the most generous scholarships I've ever seen," says Victor Piotrowski, Lead Program Director of SFS for the National Science Foundation. In an exclusive interview, Piotrowski discusses: The origins of SFS; How students can apply; Where graduates are finding jobs. Before joining NSF, Piotrowski served as a Professor and Chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.

At a time when many businesses are contracting because of the recession, Investors Savings Bank in New Jersey is continuing to grow its consumer and commercial banking operations - and without federal government investment. The goal, says Kevin Cummings, President and CEO, is to be a different kind of bank - one that makes a difference in its community. "We have to be leaders who serve - not self-serving leaders," Cummings says. In an exclusive interview, Cummings discusses: His top banking/security agenda items for 2009; The impact of the recession on his institution; How he plans to grow his company base; The future of regulatory reform. Cummings was appointed President and CEO of Investors Savings Bank on Jan. 1, 2008. He was also appointed to the Board of Directors at that time. Prior to that, he was the bank's executive vice president and COO from July 2003. Before joining Investors Savings Bank, he had a 26-year career with KPMG LLP. Investors Savings Bank is an Independent, full-service communi

From the Heartland data breach to the new Massachusetts data protection law, privacy is the hot topic in business and government. In an exclusive interview, Peter Kosmala, assistant director of the International Association of Privacy Professionals (IAPP), discusses: The top privacy topics in business and government; How organizations are tackling these issues; The potential impact of state and federal privacy legislation; The value of the Certified Information Privacy Professional (CIPP) credential. Kosmala oversees product management for the IAPP with specific oversight of distance learning products, privacy certifications and industry awards programs. He also manages business development efforts between the IAPP and peer organizations in the information security, information auditing and legal compliance arenas as well as organizations based in the Asia-Pacific region. The IAPP, based in York, Maine, was founded in 2000 with a mission to define, promote and improve the privacy profession globally.

Endpoint virtualization is one of the hottest emerging technologies for financial institutions, which are looking to maximize secure access to and management of key applications - while also controlling costs. In this Emerging Technologies Insights panel, we hear from: Matthew Speare of M&T Bank on how a banking institution leverages virtualization; Tom Wills of Javelin Strategy & Research on current security trends that impact endpoint virtualization efforts; Brian Duckering of Symantec on strategies and solutions being employed across industry. In this 30-minute panel discussion, the panelists discuss successful virtualization strategies for banking institution, offering unique perspectives from the practitioner's vendor's and market researcher's points of view. They also tackle a series of questions on endpoint virtualization, including: What is the economic imperative for financial institutions to explore virtualization? What are the biggest security challenges and opportunities from virtualization t

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated iden

Insights on the Obama Administration's Early Efforts to Strengthen Financial Services And so it begins. With Treasury Secretary Geithner's appearance before Congress, requesting greater authority over non-banking institutions, the Obama Administration is starting to flex its muscles in preparation for a complete re-shaping of financial services regulation. In an exclusive interview, Jim Eckenrode, Banking Executive at TowerGroup, discusses: Reaction to Geithner's initial moves; How regulatory reform likely will unfold - and when; Why the banking industry is on the verge of creating what he calls "a new hierarchy." Jim Eckenrode is the Banking & Payments Research Executive at TowerGroup. He focuses his research and advisory activities on the major trends and directions in the global banking industry and, through that research, provides guidance and advice to senior-level banking and technology executives. TowerGroup, a wholly owned subsidiary of MasterCard Worldwide, is the leading research and ad

The financial markets responded positively to Treasury Secretary Timothy Geithner's newly-announced plan to buy up bad bank assets and ease the credit crunch. And so does industry expert Peter Vinella, global head of consulting for LECG's financial services sector, who likens it to a "financial Marshall Plan" for rebuilding the industry. In an exclusive interview, Vinella discusses: The positive ramifications of Treasury's plan; What the plan needs to succeed - and what could threaten it; Why this plan is good news for community banking institutions. Peter U. Vinella is a managing director in LECG's Emeryville office and has more than 20 years of experience in the financial industry. He has worked with the US Congress and GAO on a variety of issues including TARP/ESSA, program trading, derivatives regulations and the impact of September 11th on the US financial system. LECG, a global expert services and consulting firm, provides independent expert testimony, original authoritative studies and strategic

Treasury Secretary Timothy Geithner has now outlined the Obama Administration's plan - this time with specificity -- to buy up bad bank assets and ease the credit crunch. But what's it mean to individual financial institutions? In an exclusive interview, John Jay of Aite Group discusses: First reactions to Treasury's plan; How the plan could succeed, and what could derail it; What it all means to mainstream banks and credit unions. Jay is a senior analyst at Aite Group, LLC. He specializes in fixed-income-structured products and technological applications involved in the structured products space. Aite Group is a leading independent research and advisory firm focused on business, technology and regulatory issues and their impact on the financial services industry.

TJX, Hannaford, Heartland Payment Systems. We know the names of the most infamous data breaches, but what have they really cost financial institutions? And what types of fraud should institutions look out for in the months ahead? Perimeter eSecurity recently conducted a study of financial institution data breaches. Kevin Prince, Chief Architect of Perimeter eSecurity, discusses that study, offering insights on: The most common types of data breaches; What financial institutions can do to prevent them; Fraud trends to look out for in 2009. A well known expert in the security industry, Prince regularly trains Federal Examiners at the National Credit Union Administration (NCUA) and the Federal Financial Institutions Examination Council (FFIEC) on such topics as firewall security, remote access, virtual private networks, intrusion detection and prevention systems, and on what the examiners should look for when they examine a financial institution.

"I don't need TARP money." That's the message to depositors from Charles Antonucci Sr., CEO of Park Avenue Bank, which recently withdrew its application for federal Troubled Asset Relief Plan (TARP) funds. In an exclusive interview, Antonucci discusses: Why his bank withdrew its application; The message to his depositors; What the banking industry truly needs to recover in the months ahead. Charles Antonucci, Sr. is The Park Avenue Bank's President and Chief Executive Officer, who brings more than 30 years of banking experience to his position. He is responsible for significantly expanding the bank's asset base and branch network throughout the New York marketplace.

The Heartland Payment Systems data breach has brought extra attention to the Payment Card Industry Data Security Standard - PCI DSS. How well embraced is the standard, and what happens to companies if they're found to not be PCI compliant? In an exclusive interview, Tony Bradley, co-author of the book PCI Compliance: Understand and Implement Effective PCI Data Security Standard, discusses: The state of PCI compliance; What's most misunderstood about the standard; The top three PCI-related stories we'll see unfold in 2009. Bradley is Director of Security for Evangelyze Communications, a global voice and unified communications products and professional services organization. He also is the lead-author and tech editor of PCI Compliance, currently co-authoring PCI Compliance - 2nd edition with Dr. Anton Chuvakin.

We're all intimately aware of the security and risk management concerns facing U.S. banking institutions. But what about elsewhere in the world, where institutions are coping with their own economic and security concerns? In an exclusive interview, Vishal Salvi, CISO of India's HDFC Bank, which Business India named "Best Bank 2008," discusses: Greatest security threats facing Indian banks and customers; His own top security/risk management concerns; How Indian banking institutions and customers are coping with the global economic recession. Salvi has 15 years of industry experience having worked in Crompton Greaves, Development Credit Bank, Global Trust Bank, Standard Chartered Bank before taking on the role of Chief Information Security Officer & Senior Vice President at HDFC Bank. Prior to joining HDFC Bank, he has worked in Standard Chartered Bank for eleven years and played variety of roles in IT Service Delivery, Governance and Risk Management and Information Security. At HDFC Bank, Vishal heads t

Warren Buffett says the economy has "fallen off a cliff." But where does the fall end, and how badly bruised will financial institutions be when they pick themselves off the ground? In an exclusive interview, Steven Weisbart, SVP and Chief Economist, the Insurance Information Institute, discusses: The true impact of the recession on financial institutions; TARP monies and nationalization of banks; Signs of recovery to watch for in the months ahead. Weisbart is senior vice president and chief economist for the Insurance Information Institute. Weisbart oversees the Institute's program of economic research and analysis, preparing studies in support of the organization's communications mission, speaking to media and conducting briefings for member companies, industry organizations and public policymakers. A specialist in annuities, pensions, and life, disability and long-term care insurance, Weisbart frequently also makes presentations on property/casualty issues to industry audiences as well as legislative

Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources. In an exclusive interview, Joe Restoule, President of the Risk and Insurance Management Society (RIMS), discusses: The top risk management issues of 2009; How risk managers should focus their available resources; Advice for professionals looking to start a career in risk management. Restoule currently serves as RIMS president. He has served on RIMS board since 2001 in various capacities, including vice president and secretary. RIMS is a not-for-profit organization dedicated to advancing the practice of risk management. Founded in 1950, RIMS represents more than 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 10,500 risk management professionals around the world.

Despite the recession and record job losses, information security remains a top concern for public and private sector organizations. But what can security professionals do to protect their careers and be considered for these jobs? In an exclusive interview, Pat Myers, chair of (ISC)2, discusses: Top security and risk management issues facing organizations; How security professionals can protect and invest in their careers; Advice for people looking to either start or move into an information security career. An (ISC)² Board member since 1999, Myers has more than 23 years experience in all facets of information security, working extensively in financial services for such companies as Charles Schwab, Inc., Wells Fargo Bank, American Express, and Williams-Sonoma, Inc. She was previously a Director with RedSiren and was "CyberDean" of their Information Security University.

The U.S. Treasury's Office of Foreign Assets Control (OFAC) maintains a list of individuals and organizations that represent security risks to the U.S., and businesses are required to screen their customers and transactions against this list. But how does one filter correctly and interpret aliases properly to stay in OFAC compliance? In an exclusive interview, Geff Vitale, AML Education Manager, Metavante Risk and Compliance Solutions, discusses: OFAC challenges for financial institutions; The ramifications of being out of compliance; Strategies and solutions that help financial institutions be compliant. Vitale manages training of Anti-Money Laundering and Prime Compliance Suite for Risk and Compliance Solutions of Metavante Corporation. He is responsible for leading the development and delivery of training services to help financial institutions meet regulatory requirements for AML training, develop implementation procedures for the Prime Compliance Suite and develop training programs for end users. He

Cybersecurity is a major priority of the Obama Administration, and at Carnegie Mellon University's Software Engineering Institute, it's a key component of the CERT Program's Survivability and Information Assurance (SIA) curriculum. In an exclusive interview, Lawrence Rogers, chief architect of the SIA program, discusses: The need for cybersecurity education; The greatest cybersecurity needs in government and business; Potential career paths for cybersecurity professionals. Lawrence R. Rogers is a senior member of the technical staff in the CERT Program (also the home of the CERT Coordination Center). He has been writing articles for the non-computer professional for several years and was the chief architect and main contributor to the CERT Survivability and Information Assurance (SIA) Curriculum. He is currently a member of the Cyber Forensics team and teaches courses on system administration, cyber forensics, and incident handling.