Banking Information Security Podcast

Greg Kyrytschenko, Information Security Manager, People's United Bank, CT., discusses identity and access management, including: • How he tackled his own institution’s identity management project • The value of automating user lifecycle management • The ROI of identity and access management projects

Philip Alexander, Information Security Officer at a Major US Financial Institution Philip Alexander hasn’t just studied data breach disclosure laws and their subtle differences state-by-state – he’s written the book on the topic (Data Breach Disclosure Laws – a State by State Perspective, Aspatore Books, 2007). In this interview, Alexander discusses: What’s most misunderstood about data breach disclosure laws Trends he sees Advice for banking/security executives just starting to consider issue. And he previews his upcoming presentation in an Information Security Media Group webinar dedicated to this topic. > More information/register for the webinar

Bill Boni, Corporate Information Security Officer and Vice President, Motorola Corporation Bill Boni shares lessons he has learned in his 30 year career in IT security and discusses how organizations should manage their IT security function in order to respond to emerging threats. He reviews: • How globalization is affecting hacking and the nature of attacks; • How to develop an effective incident response capability; • Factors to consider when deciding whether to add cyber-forensics capability to your organization; • Critical success factors for governance and management of information technology; • Why executive management needs to move beyond a risk management mindset.

Ken Baylor, Information Security Consultant and former Chief Information Security and Privacy Officer, Symantec Dr. Ken Baylor is a senior Information Security adviser to Fortune 500 companies. He is the current president of the Silicon Valley chapter of ISACA. Dr. Baylor recently served as Symantec's Chief Information Security Officer (CISO), is a CISSP, and a CISM. As CISO, he was responsible for developing all information systems security policies, overseeing the implementation of all security related policies and procedures, and for the global protection of electronic and digital assets. He also worked closely with internal product groups on security capabilities in Symantec products, and heads the Information Security department. Baylor shares his extensive experience as he discusses the development of effective privacy and compliance programs. Listeners will learn: ¢ Steps to develop effective compliance programs; ¢ Why 90% of privacy breaches happen inside your firewall; ¢ Impact

Listen to Tom Field, editorial director of BankInfoSecurity.com and CUINfoSecurity.com, discuss our first annual State of Banking Information Security Survey in the Financial Services Industry. The survey will focus on topics such as: Information Security Priorities & Roles Strategies Risk Assessment, Incident Response ID Theft Vendor Management Customer/Member Services Business Continuity/Disaster Recovery Security Budget Education & Training BSA/AML > Take the survey now Survey results will be analyzed, annotated and presented in a variety of ways across BankInfoSecurity.com and CUInsoSecurity.com. Thanks in advance for your participation in this inaugural research study. We can't wait to share the results with you!

Mark Seward, CISSP and Director Product Marketing with Qualys, Inc., discusses GLBA compliance as it relates to vulnerability management at financial institutions. Insights include: • Key GLBA compliance issues facing financial institutions; • Examples of vulnerability management specific to GLBA; • Speed bumps institutions encounter en route to GLBA compliance; • Defining the vulnerability management lifecycle and how it is relevant to all businesses.

Information Security Media Group recently attended the BAI Retail Delivery Conference 2007 in Las Vegas. Our correspondents covered the expo floor from a vendor point of view, and we spoke with a number of vendors who had products or services specific to information security. In general, the vendors that had some sort of security offering seemed to be focused on anti-fraud, and BSA/AML compliance. For those not familiar, here is a description of the conference: BAI's purpose is sharply focused: helping you strike the right balance for your organization to reconcile short-term profit pressures with your long-term growth strategies. BAI Retail Delivery Conference & Expo is the place to be for fresh insights, innovative ideas, and smart solutions for succeeding in a no-growth environment. General sessions not only with Steve Forbes Jr., Dr. Alan Greenspan and Sir Bob Geldof, but Kerry Killinger, Chairman and CEO of Washington Mutual, and Lynn Pike, President of Capital One Bank. All dynamic leaders with asto

Michael Jackson, Associate Director of Technology Supervision of the FDIC, provides early data on the impact of the recent California wildfires, including: Number of banks and other FDIC-supervised institutions impacted; Specific guidance on what the FDIC expects in a business continuity plan; Preview of the FDIC's coming publication on pandemic preparedness.

Interview with William Henley, Director of IT Risk Management, Office of Thrift Supervsion (OTS) In this interview, Henley discusses the impact of the California wildfires and reports on the number of thrifts that activated their incident management and disaster recovery plans. Henley also discusses the critical elements of an effective disaster recovery plan and highlights the need to ensure that employees can work remotely in the immediate aftermath of a disaster. He also makes recommendations for responding to possible pandemics.

John Pironti discusses the fundamental steps that a financial organization must take to design an effective risk management program. He emphasizes the danger of focusing on the technology, instead of on the data flows in an organization. In this interview, you will learn strategies to minimize your risk from data leakage while building a robust risk management program. You also will learn: The importance of business process mapping Questions to ask 3rd party vendors to reduce your risk How to utilize IT governance practices to help minimize your risk

Betsy Broder offers practical advice for financial institutions on best practices to protect their customer information, and explains the federal government's efforts to address ID theft. She also addresses possible legislation that could affect a financial institution's data security and identity theft prevention programs. Listen to learn: (1) What the FTC expects from financial institutions re: data security; (2) How financial institutions can cooperate with the FTC; (3) Strategies for assisting your customers and keeping their loyalty when they are victims of Identity Theft.

Featuring Elan Winkler, Director of Messaging Product Marketing, Secure Computing Listen to this interview for insights on how to create a "culture of compliance", building the right systems, processes and skills to solidify your regulatory compliance program today - and for the future. Among the topics tackled: - What is "future-proofing", and how do you show its business value? - How does one get started "future-proofing" a compliance program? - What are the speedbumps one might hit along the way? - What are the early results to expect - and how do you grow them?

Steven Jones is the Director of Information Security for Synovus, a bank holding company with 39 banks in the Southeast United States. In this podcast interview Mr Jones discusses the comprehensive risk management process he had created that provides best in class residual risk reporting and metrics. He discusses alignment of risk management and incident response with business processes and shares advice to other Information Security Officers on building key capabilities. Effective metrics for risk management and security governance Two surprising key indicators of success

Rebecca Herold is a nationally-known author and consultant who won national awards for her successful risk management and information protection programs while directing the information security program for Principal Financial Group. She shares her experience building effective information protection programs and also highlights management responsibilities and liabilities if the program is not developed correctly. You will learn: (1) What regulatory penalties senior management might incur if data is lost or unsecured (2) How to rebuild or rejuvenate a risk management program (3) The five most common ways data leaks from organizations (4) Best practices for developing and securing employee buy-in for a successful enterprise level information protection program

Mark Bernard is the Security & Privacy Officer at Credit Union Central of British Columbia. In this podcast he talks about risk management and ISO 27001 Certification Mark Bernard has extensive experience in the IT security industry, both in the US and Canada. He is currently the Security and Privacy Officer for the Credit Union Central of B.C., and is leading the credit union to become the first financial institution to achieve ISO 27001 certification. Mark has a reputation for improving organizational security without increasing costs or adding layers of controls. During this podcast Mark discusses: -- How to manage a risk management program in a way that does not increase costs but adds to your organization's security -- What ISO 27001 certification entails and the benefits to your bank or credit union -- Why ISO 270001 certification can actually save you money -- The essential business skills that allow a security manager to excel

Bruce Sussman, Senior Manager at Crowe Chizek's Risk & Attest Group speaks on meeting the challenges of PCI compliance and stopping data leakage. Sussman draws upon his extensive experience as a VP of Audit, Fraud and Risk for one of the leading payment card networks and as a thought leader for the PCI compliance practice at Crowe Chizek. He shares his insights on managing to maintain PCI compliance and help stop data leakage in companies. You will learn: -- key factors to successful PCI DSS compliance -- to what extent PCI compliance will actually improve your security and data privacy -- best practices to prevent data leakages

Dan Manley, Senior Manager, KPMG LLP's Risk Advisory Services Information Protection practice on lowering your risks though improving your IT and security governance. Dan Manley has over 19 years of experience in IT security and currently is a senior manager with KPMG's risk advisory practice focusing on IT governance. In this podcast you will learn how improving your IT governance process can help you to reduce risks, as well as improve your IT performance. You will learn about: creating an effective and efficient IT governance structure the tangible benefits from improved IT governance managing the identity theft crisis

Ed Zeitler discusses the results of a recently announced survey of a recently conducted Global Information Security Workforce survey. It shows that over 85% of managers are hiring certified information security professionals. Mr Zeitler cautions against sending staff to certain types of training and discusses the areas that will be receiving increased attention in the next few years. He also discusses new tests and certifications beyond the CISSP that your security staff may need. · What role certification plays in today information security industry · Certifications for entry level IT security staff as well as senior professionals · Advanced certifications beyond the CISSP and their importance · Warnings about what training to avoid and what to look for in reputable information security training

Ken Newman discusses the challenges of getting employees to buy into training programs and some of the successful strategies he has used to deliver timely and effective training that focuses on protecting customer data. He also discusses the changes in the information security field and how this impacts an organizations’s training and education needs, from the board room to the newest hire. Managing the lack of time to deliver training Strategies when presenting to or training boards What your training program should focus on What skills IT security professionals lack How the field of IT security is changing and what implications this has for training needs

No matter what your industry - finance, government, education - Infosecurity delivers over 175 companies offering the very latest state-of-the-art technologies. Infosecurity NY. ISC East. Totally secure. Once again, Infosecurity NY was held alongside ISC East, the premier physical security event in the East. With more companies adopting physical security over IP networks, Infosecurity attendees now have the opportunity to learn more about the evolving convergence of traditional IT security. Infosecurity NY is the leading IT event for: IT Security Manager/Director C-Levels including CEO/COO/President - Owner/Principal/Partner Consultant System Architects and Developer System Administrators and Analysts