Banking Information Security Podcast

The Information Security Media Group podcast with Debbie Wheeler, CISO of Fifth Third Bank focuses on the role of effective risk management for IT security and data leakage prevention. Debbie Wheeler, CISO of Fifth Third Bank discusses recent challenges and changes in the banking community. She highlights provisioning and options for preventing data leakage. The discussion includes how the role of the CISO is to overcome organizational resistance, and she also provides career advice for women in information security. · Their strategy for addressing data loss and leakage · Cost of adopting bleeding edge technologies · Why they offered a "business of banking class" to their IT staff · Aligning your controls to your actual level of risk

In this Information Security Media Group podcast Mark Lobel of PriceWaterhouseCoopers speaks to our audience and updates on recent trends in info security and the importance of effective benchmarking. Mark Lobel is a nationally known expert in information security who leads the PriceWaterhouseCoopers annual survey of Information Security trends. This podcast summarizes his latest findings regarding changing threats, convergence of security functions, and why despite a decrease in certain attacks many organizations are unable to know what is happening on their networks. He also discusses the importance of benchmarking and the components of effective metrics and benchmarking programs. The importance of actionable information and use of Security Information Management systems Changes in information security convergence and its return to an IT focus What factors predict fewer breaches and lower downtime Why many firms admit they really don't know what is occurring on their networks

This is the latest Information Security Media Group podcast with William Henley, Office of Thrift Supervision: Guidance on effective security program management including outsourcing and incident response functions. William Henley, director of IT risk management for the Office of Thrift Supervision discusses the OTS’s guidance for thrifts and other financial institutions on security program management, governance, and management of outsourcing and vendors. Listen to this podcast to learn about the OTS’s expectations for incident response and customer notification and for an up to the minute perspective on IT risk management for thrifts and smaller financial institutions · Specific guidance on using the FFIEC IT Examination Handbook and OTS examination handbooks to develop effective programs · Expectations and best practice for managing third party relationships and outsourcing · Components of an effective incident response pr

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on: Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.

Analysts at Gartner and IDC identify “super user” access as the root of three of the top eight common sources of compliance risks. But what can you do about it? Listen to this podcast addressing the following questions: What is the super user? What security risks do super user accounts create? What steps can organizations take to limit super user account threats? This podcast takes a closer look at super user accounts and discusses what can be done to protect against it.

Here’s a podcast from Information Security Media Group on a hot security topic: Web Applications. Listen as information security expert James Kist answers questions regarding how important web app security is for a financial institution. James Kist, CISSP, CCSI, CCSE, CCSA, is a senior Information Security Engineer with Icons, Inc. With more than 13 years experience in Information Technology, Kist has expertise in information security, application development, security system design and implementation, training, development and delivery of information security courseware. In the interview Kist talks about things that financial institutions don’t normally think of as being a risk to security and how penetration testing and the choice of right monitoring tools helps measure security.He also covers regulatory issues surrounding Gramm-Leach Bliley, the Payment Card Industry Data Security Standards and Sarbanes Oxley from an institution’s perspective. He

Join Information Security Media Group’s Richard Swart in a podcast with Ben Chisolm, the former Chief Information Security Officer of the United States Treasury. Listen as Chisolm shares his insight and experiences of more than 16 years in federal government where he coordinated information security projects on a national scale for a number of agencies, including the IRS and the Commerce department. In this podcast he shares how Treasury interacts with other financial institutions from an information security perspective, and what rules the Treasury has to enforce and follow at the same time. He shares the challenges he faced trying to be an “enabler” rather than an impediment to business, along with some of his best practices (more people, less technology), advice to new entrants in the field of information security and much more!

Information Security Media Group was one of the sponsors of this year's Black Hat 2007 briefing held in Las Vegas on August 1st and 2nd. Black Hat is recognized as the premier event at which to release information on newly discovered security vulnerabilities in the hacking community. Forty vendors from across the United States and Europe sent representatives to demonstrate their latest product offerings, and answer the often difficult questions of how their products meet the evolving threat picture. The interviews were taken on the floor of the show by our staff. Our staff noticed a broad range of offerings, including a significant increase in vendors offering web application firewalls and web application vulnerability scanners. We had the opportunity to sit down with a number of vendors to get their take on the issues facing the banking and finance industry and to ask them about evolving threats and compliance solutions. The interviews were conducted with the firms' lead developers, chief scientists, or

Listen to National Credit Union Administration board member Gigi Hyland as she shares with the Information Security Media Group audience what’s important to the NCUA in regard to information security at credit unions. Hyland, a NCUA board member since 2005, explains why written information security policies are needed and shares her view of annual review of risk assessments at credit unions as well as her ideas on access controls and need for encryption. Hyland, who prior to her NCUA board appointment spent 14 years in the credit union community, details why employees, front end to back end, need information security training; how a holistic view of information security at a credit union will help; and what it takes to manage third party services and why a due diligence review is stressed. Hyland expresses NCUA’s view on external threats and how to best fight them, including phishing and other online scams. She also speaks to the importance of credit union board members

The Information Security Media Group offers a podcast with Rob Pate, Deputy Director of Outreach and Awareness of the National Cyber Security Division of the Department of Homeland Security. Pate explains the role of the NCSD and how it is related to the US Center for Emergency Response Team (US CERT) and its 24X 7 watch and warning center. He also talks to how NCSD helps the financial service industry and DHS's responsibilities in protecting US cyberspace. Pate also speaks to the real consequences of cyber attacks and why education is important. Listen as he describes the cyberterrorists of today as having Ph.D.-level skill sets, compared to the script kiddies of years past. He continues with his lessons learned about incident response, what are the key parts of an incident response plans and the need for sustainability of any institution's incident response plan. Pate has worked tirelessly behind the scenes to help federal agencies wage war against cyberthreats. He led efforts to develop metrics that allo

Listen to this podcast by the Information Security Media Group as David Nelson, FDIC Examination Specialist shares his research and insight on current trends in cyber fraud and financial crimes and the their impact on the financial industry. Nelson discusses his observations on other data from FDIC and other government sources that he analyzes to determine trends, frequency, and impact of fraudulent activity at financial institutions. He also shares his ideas on what skills and experience is needed by information security professionals. Nelson works in the FDIC’s Cyber Fraud and Financial Crimes Section. He has a total of 21 Years with FDIC, and served 13 Years as Safety and Soundness Examiner, three years as a Compliance Examiner, two years as an IT Examiner, and three years as an Examination Specialist in Washington Headquarters in the Technology Supervision and AML/Terrorist Financing Branches. Nelson is a graduate of Temple University and ABA Stonier Graduate School of Banking at Geor

Listen in to this Information Security Media Group podcast as Dr. Eugene Spafford, Executive Director of Purdue University’s University Center for Education and Research in Information Assurance and Security (CERIAS) shares his views on gaps in cybersecurity education; why lack of attention to security issues may hurt all of us later; why we avoid the pain of fixing the hard problems, especially in information security. Dr. Spafford covers why the lack of good security metrics have hindered the decision makers; why we have to do a better job on law enforcement in order to fight the flood of fraud; and the need for more attention to privacy protection mechanisms. Dr. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, inc

Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be require

The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification

Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances betwee

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "re

US retailer TJ Maxx revealed that more than 45 million credit cards were stolen from company servers, with data theft going as far back as 2003. In April, the Massaccusetts Banking Association (MBA), Connecticut Bankers Association (CBA), and the Maine Association of Community Banks (MACB) retaliated with a class-action lawsuit seeking to recover damages for card reissuance and reputation costs associated with the massive data breach. In this latest podcast from CUInfosecurity.com, you'll hear Joe Christensen, Vice President of Security and Compliance at PayByTouch Payment Solutions, reveal an insider's look at: - The payment card relationship between banks, merchants and credit associations. - What every bank should do in the event of a TJX-type breach. - The future outlook for merchants in light of TJX. > View more information about the webinar “Preventing TJX-type Data Breaches".

In this podcast you’ll hear what’s driving regulatory compliance at financial institutions from Susan Orr, a seasoned bank examiner. Hear Susan lays out a roadmap on approaching information security, and why it’s important to look beyond one regulation or compliance guidance issue and see the bigger picture. During this podcast Susan also outlines what will be covered in the scheduled webinar, “Key Information Security Regulations Driving Compliance at Financial Institutions”. > View more information about the webinar “Key Information Security Regulations Driving Compliance at Financial Institutions".

In this latest podcast from CUInfosecurity.com, you'll hear Richard Swart, Information Systems professor at Utah State University reveal the skill gap between what the Information Security industry demands, and the current state of most college curricula. His research into this topic takes on the following: - What is being taught in colleges today about information security, and how it fails to meet industry standards. - The growing need for convergence between information security and business management. - What are the highlights of an effective college program to prepare a student for the information security industry. - What the aspiring student needs to know to break into the information security industry.

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Tom Walsh, CISSP, and a business continuity expert give his insights on the following: - Have the lessons learned from 9-11 been retained? - Why FFIEC has a strong emphasis on testing a Business Continuity Plan - Common mistakes and assumptions made by organizations about BCP - Difference between a regular disaster and a pandemic for a financial institution - What scenarios and timetables institutions should plan for to handle a pandemic > Click here to register for the Business Continuity Best Practices webinar.