Careers Information Security Podcast

Looking ahead to 2009, banking/security guru Steve Katz quotes the ancient proverb: "May you live in interesting times." With a new administration, new banking landscape and regulatory changes expected, we live in interesting times, indeed. In an exclusive interview, Katz discusses: The biggest banking/security stories of 2008; What banking institutions must do to strengthen customer confidence in 2009; What we might expect in terms of regulatory change from the Obama administration and Democratic Congress. The world's first Chief Information Security Officer, Steve Katz is a prominent figure in the network security discipline. Since 1985, he has served as the senior security executive for Citibank/Citigroup, JP Morgan, and most recently Merrill Lynch - and has been a force in raising the visibility and shaping the direction of the security industry at industry and government levels. Deeply respected within both the financial services and security industries, Katz has testified to Congress on informatio

Interview with Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk At a time when risks are high and consumer confidence is low, corporate boards of directors aren't paying nearly enough attention to information security and cyber threats. This is the key takeaway from a new Carnegie Mellon University CyLab survey, which shows that there is a "gaping hole as wide as the Grand Canyon" in board and senior executive oversight of these critical business issues. Read more about this survey in an article by Linda McGlasson. To understand this study, we spoke with its author, Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk. In an exclusive interview, she discusses: Key findings; Greatest concerns from the study; Recommendations for what financial institutions should do now to address these concerns. Jody Westby received her B.A., summa cum laude, University of Tulsa; J.D., magna cum laude, Georgetown University Law Center; Order of the Coif. Drawing

Interview with David Richards, President of the Institute of Internal Auditors Internal auditing has always been a key function within financial systems, and it becomes even more so when it comes to IT and information security. In this exclusive interview, David Richards, President of the Institute of Internal Auditors (IIA), discusses: The key differences between internal and IT auditors; The role of the audit committee and board of directors - what they need to know about IT governance; Frameworks to consider when establishing IT governance in your institution.

Leading Technology Vendor Discusses the Need for Vulnerability Assessments & Remediation Processes for Applications Whether Developed In-House or By a Third-Party Application security is a key focus of regulatory agencies - ensuring that financial institutions pay as much attention to third-party applications as they do to those they develop and manage in-house. In a recent survey conducted by Information Security Media Group, respondents say they are more confident in their own applications vs. those developed by third-party service providers ... yet, they really don't demonstrate vulnerability assessment or remediation processes to justify any level of confidence. In this exclusive interview, Roger Thornton, founder and CTO of Fortify Software, discusses the survey results and his own market perspective, discussing: How the survey results jibe with what he sees from customers; What's beneath the disconnect between confidence and processes? What are some of the proactive, cost-effective ways compa

Interview with Matt Bishop, Professor of Computer Science, UC-Davis Career opportunities abound for people interested in entering information security as an entry-level or mid-career position. In this exclusive interview, Matt Bishop, Professor of Computer Science at UC-Davis, discusses: His current projects, including vulnerability analysis and the insider threat; Opportunities for information security students; Advice for individuals looking to enter the field.

Interview with Jennifer Bayuk, Former CISO at Bear Stearns & Co. Governance is a term increasingly used in financial institutions, as banking/security leaders try to introduce new processes and disciplines to their organizations. In this exclusive interview, Jennifer Bayuk, an information security specialist and former CISO at Bear Stearns & Co., discusses: What governance means to a security organization; Elements of good governance; Speedbumps en route to success; Potential short- and long-terms rewards of good governance.

To quote from his own biography, Eugene H. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including two Presidents of the United States. In this exclusive interview, Spafford discusses: The state of information security education today; The communication gap between businesses who need security professionals and schools that educate them; Trends in information security education.

Interview with Brent Rickles, SVP, First National Bank of Bosque County, on Securing Financial Data and Systems Through Application Whitelisting "Whitelisting" is a new twist on information security. Instead of trying to find a software solution that keeps all of the potential bad guys out of your systems, whitelisting allows you to establish a protection layer that grants access to only your finite list of good guys - individuals or applications. In this exclusive interview sponsored by Lumension Security, Brent Rickles, SVP of First National Bank of Bosque County, Texas, discusses: What led him to a whitelisting security solution; The quantifiable results he's seen since deploying the solution; Reaction he's received from bank examiners since taking this approach.

Interview with John Pironti of ISACA's Education Board Security leaders are quickly evolving in their roles to focus more on the business of banking, less on the technology of information security. This is the main message delivered by the results of ISACA's recent Information Security Career Progression Survey of 1400 Certified Information Security Managers (CISMs) in 83 countries. To learn more about the survey results and the trends they identify, listen to this interview with John Pironti, Chief Information Risk Manager with Getronics, and a member of ISACA's Education Board. Pironti touches on: The survey results; Trends impacting security professionals; What it all means specifically for security leaders at financial institutions.

Interview with Nalneesh Gaur, Chief Information Security Architect, Diamond Management & Technology Consultants Mergers and acquisitions are a way of life for financial institutions, and so many pertinent business issues bubble up whenever an M&A is discussed. But when does information security enter the discussion? Not early enough, says Nalneesh Gaur of Diamond Management & Technology Consultants. In this interview, Gaur discusses the importance of information security in an M&A, sharing his insight on: When information security should enter the M&A discussion; Who should lead that discussion; 7 key questions to ask re: information security in an M&A activity.

Interview with Kim Matlon, Business Continuity/Crisis Management Expert Workplace violence - it's one of the most common but least understood risks to all businesses. From robberies gone awry to bullies in the workplace to domestic anger spilling over from home, the workplace is rife for violent situations. In this interview, Kim Matlon, COO of R&A Crisis Management Services, an Ill.-based business continuity, crisis management and project management consulting firm, offers insight on: The four types of workplace violence; Red flags to look for in employees and communications; How to help ensure employees' safety.

Interviews Shed Light on Topics of Unique Interest to Banking/Security Executives The annual RSA Conference is a showplace for the who's who of security solutions vendors. The event showroom is lined with scores of the industry's leading vendors - no one individual could hope to see them all. So, the Information Security Media Group team did the job for you, visiting with more than 60 vendors of particular interest to banking and security leaders. Click on the following links to listen to our exclusive interviews with these vendors. A - F G - Q R - Z 8e6 TechnologiesDownload MP3 | StreamingActivIdentityDownload MP3 | StreamingAdobeDownload MP3 | StreamingAirDefenseDownload MP3 | StreamingAlgoSecDownload MP3 | StreamingApplication SecurityDownload MP3 | StreamingArcSightDownload MP3 | StreamingAxedaDownload MP3 | StreamingBeyond TrustDownload MP3 | StreamingBioPasswordDownload MP3 | StreamingBlue Coat SystemsDownload MP3 | StreamingBrabeionDownload MP3 | StreamingBreach Se

Interview with Mark Bernard of Credit Union Central of British Columbia We first met Mark Bernard last fall. The Security & Privacy Officer at Credit Union Central of British Columbia, Mark discussed risk management and the process of becoming ISO 27001 Certified. Today, Mark's credit union is the first financial institution to achieve ISO 27001 certification. Listen to this interview for his insights on: What it means to be ISO 27001 certified; How the institution has changed as a result; Potential payoffs for your institution if you follow this same path.

Interview with Philip Alexander, Information Security Officer Offshore outsourcing - it's a topic that stirs great debate among banking/security leaders. Proponents tout the potential cost-savings and easy access to top talent. Opponents point to cultural, infrastructural and, yes, security concerns inherent in offshore partnerships. Listen to this interview for insights from Philip Alexander, information security officer at a major financial institution - and an offshore outsourcing veteran. In a preview of his new webinar, Offshore Outsourcing: Do You Know Where Your Data is and How it's Managed?, Alexander discusses: Benefits of offshoring; Unique challenges; Advice to banking/security leaders venturing offshore for the first time.

MaryAnne MacIntosh of Nu Union Credit Union Discusses Her Growing Initiative Security awareness is a key topic - for financial institution employees and customers alike. At Nu Union Credit Union in Lansing, Mich., MaryAnne MacIntosh oversees a program that educates everyone from the board of directors to customer service reps. And her program has not only changed the security environment within the credit union branches, but also has altered how employees approach security in their private lives. Listen to this podcast for insights on: How she created this program; Elements of security awareness; Challenges in delivering the training; What's next?

Banking/Security Expert Shares Insights on Red Flags, Vendor Management, Other Key Challenges Facing Institutions He was the world's first Chief Information Security Officer at Citigroup in 1995, and for over 25 years he has been a true banking/security leader. Stephen Katz, founder and President of Security Risk Solutions, an information security company providing consulting and advisory services, sat down with Editor Tom Field to discuss the major issues facing banking institutions in 2008. Listen to this interview to hear his insights on: ID Theft Red Flags - are institutions giving it enough attention? Vendor Management - the need to improve oversight of vendors and their vendors; Governance - what works, what still needs work; Pandemic preparation; Many other top issues.

Institutions of all sizes struggle with staffing resources - having enough hands available to tend to information security matters. At America First Credit Union in Riverdale, Utah, Lane Gittins, the Systems Security Manager, has learned to overcome this challenge by working in a consultative style - directing a cross-functional team whose members come from across the institution and don't all report to him. Listen to this interview for insights on: How to establish a virtual team; Creating a culture of security awareness; Successes to target and challenges to avoid; Tips to lead a virtual team in your institution.

Ken Baylor, Information Security Consultant and former Chief Information Security and Privacy Officer, Symantec Dr. Ken Baylor is a senior Information Security adviser to Fortune 500 companies. He is the current president of the Silicon Valley chapter of ISACA. Dr. Baylor recently served as Symantec's Chief Information Security Officer (CISO), is a CISSP, and a CISM. As CISO, he was responsible for developing all information systems security policies, overseeing the implementation of all security related policies and procedures, and for the global protection of electronic and digital assets. He also worked closely with internal product groups on security capabilities in Symantec products, and heads the Information Security department. Baylor shares his extensive experience as he discusses the development of effective privacy and compliance programs. Listeners will learn: ¢ Steps to develop effective compliance programs; ¢ Why 90% of privacy breaches happen inside your firewall; ¢ Impact

John Pironti discusses the fundamental steps that a financial organization must take to design an effective risk management program. He emphasizes the danger of focusing on the technology, instead of on the data flows in an organization. In this interview, you will learn strategies to minimize your risk from data leakage while building a robust risk management program. You also will learn: The importance of business process mapping Questions to ask 3rd party vendors to reduce your risk How to utilize IT governance practices to help minimize your risk

Mark Bernard is the Security & Privacy Officer at Credit Union Central of British Columbia. In this podcast he talks about risk management and ISO 27001 Certification Mark Bernard has extensive experience in the IT security industry, both in the US and Canada. He is currently the Security and Privacy Officer for the Credit Union Central of B.C., and is leading the credit union to become the first financial institution to achieve ISO 27001 certification. Mark has a reputation for improving organizational security without increasing costs or adding layers of controls. During this podcast Mark discusses: -- How to manage a risk management program in a way that does not increase costs but adds to your organization's security -- What ISO 27001 certification entails and the benefits to your bank or credit union -- Why ISO 270001 certification can actually save you money -- The essential business skills that allow a security manager to excel