Banking Information Security Podcast

Oct 23 2020 2.3k

Exclusive, insightful audio interviews by our staff with banking/security leading practitioners and thought-leaders













Interview with Doug Johnson of the American Bankers Association
Feb 22 2007
The largest banking association’s senior policy advisor gave his insights into what financial institutions really need during a 35-minute podcast with BankInfoSecurity.com. Doug Johnson serves as the American Bankers Association’s Senior Policy Advisor for Government Relations, where he is involved in a variety of public policy and compliance issues. He has assisted in the ABA’s release of a series of tools to deter bank robberies, assess information technology risk, deter phishing, and safeguard customer information. He led work on the current Emergency Preparedness Toolbox. Doug represents the ABA on the Financial Services Sector Coordinating Council, which advises the federal bank regulatory agencies on homeland security and critical infrastructure protection issues, and serves on the BITS/Financial Services Roundtable Security and Risk Assessment Steering Committee. He is also an advisory board member of the Financial Services Information Sharing and Analysis Center, a private corporation that works with government to provide the financial sector with cyber and physical threat and vulnerability information, as part of the nation’s homeland security initiative. Johnson’s interview offers listeners the opportunity to hear what new regulations and guidance the ABA is anticipating from regulatory agencies and the ABA’s views on evolving threats and information security issues.
















Take Ten Podcast with Rhonda MaClean
Apr 09 2007
Listen to this latest podcast on CUInfoSecurity.com. You'll hear Rhonda MaClean, former CISO of Bank of America's take on the following: · The TJX data breach - these kinds of problems are not going away · What's important about getting back to basics of information security · Customers' trust in the financial institutions and online banking · Handling the expectations between regulatory bodies and financial institutions · What hasn't reared its full and ugly head yet - botnets. Rhonda has more than 25 years of IT industry experience, and travels the globe consulting for Fortune-ranked business enterprises, governments, industry associations and risk management solution companies. Rhonda serves as an Adjunct Distinguished Senior Fellow with Carnegie Mellon University's CyLab, helping CyLab to continue to pursue an aggressive research and development agenda that integrates technology, policy and management by bringing together security professionals, researchers and policymakers. Prior to founding MacLean Risk Partners, she was leader of Bank of America's Corporate Global Information Security Group. For 10 years Rhonda was responsible for the Bank's security policies; information risk management; security and risk technology implementations; cyber investigations; computer forensics; and general information risk management awareness for the company's leadership, associate base, and outside suppliers. Immediately before joining Bank of America in 1996, she was responsible for information security at The Boeing Company, managing its proprietary and government programs. Rhonda was appointed in 2002 by the U.S. Treasury Financial Services Sector Coordinator where she founded and served as the first chairperson of the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security. In addition to serving as chairperson emeritus of the Council, she sits on the Global Council of CSOs-composed of computer security thought leaders from the public, private, and academic sectors. The Executive Women's Forum in 2003 named her one of five "Women of Vision" shaping the information security industry; she has twice been named one of the 50 most powerful people in computer networking by Network World.






Thomas Smedinghoff: Information Security Laws and Regulations Insights
Jul 06 2007
Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "reasonable" information security and why risk assessments required under GLBA and FFIEC guidelines are so important to financial institutions. Thomas Smedinghoff is a partner at Chicago's Wildman Harrold law firm. His practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce and information security legal infrastructures for the federal government, numerous state governments, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He also frequently counsels clients on the law relating to first-of-their-kind electronic transactions, information security legal matters, and e-commerce initiatives. At the same time, he has been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.

Joyce Brocaglia: Recruiter's View of Evolving Role of CISO
Jul 06 2007
Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances between the two is needed; and why women are getting into information security field and are becoming leaders. Joyce Brocaglia is president and CEO of Alta Associates, Inc., a leading executive recruitment firm in the information security industry. Since 1986, the firm has served as a trusted advisor for organizations seeking top industry talent and has played a key role in building corporate information security organizations, developing professional services practices and growing security product start-ups. In 2003, Information Security magazine honored Brocaglia with a "Women of Vision" award naming her one of the 25 most influential women in the information security industry. Also in 2003, Brocaglia founded the Executive Women's Forum on Information Security, Privacy and Risk Management. The EWF is a venue where the most senior women in the security industry gather to share ideas and develop trust-based relationships. In 2005 Brocaglia authored "The Information Security Officer: A New Role for New Threats" in Larstans's "The Black Book on Corporate Security". In 2006 Brocaglia and the Executive Women's Forum partnered with Carnegie Mellon's Cylab to create scholarships for outstanding women to enroll in CMU's Master of Science in Information Security Technology and Management program.

Stephen Northcutt of the SANS Institute: Need for Information Security Certifications
Jul 12 2007
The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification and currently serves as CEO of the SANS Institute. Listen as Northcutt describes the state of information security training today, and why colleges and universities still need to bring more technical focus to their information security curriculum, why there is still a real need for more technically-trained information security professionals to fight the influx of malware and Eastern European, Russian and Brazilian hackers who are coming to invade your institution. He explains the need for more technically-trained professionals versus "policy" professionals; and where he sees the industry growth heading, finally he gives some words of advice to those starting out in information security.

CISO Jeff Bardin on What Makes A Successful Training Program
Jul 12 2007
Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be required for everyone; why rewarding good behavior is a must; what other training financial institutions should focus on - AML, GLBA, and privacy issues; why more training on social engineering is vital. Bardin discusses the challenge of training your employees, and getting them to put the training into their everyday work, and how to get them to take it seriously; he'll also describe why senior level support is needed in security awareness training, and what it takes to make security a core value in an institution.

Dr. Eugene Spafford on Information Security Education
Jul 27 2007
Listen in to this Information Security Media Group podcast as Dr. Eugene Spafford, Executive Director of Purdue University’s University Center for Education and Research in Information Assurance and Security (CERIAS) shares his views on gaps in cybersecurity education; why lack of attention to security issues may hurt all of us later; why we avoid the pain of fixing the hard problems, especially in information security. Dr. Spafford covers why the lack of good security metrics have hindered the decision makers; why we have to do a better job on law enforcement in order to fight the flood of fraud; and the need for more attention to privacy protection mechanisms. Dr. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Unisys, the US Air Force, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Energy, and two Presidents of the United States. With nearly three decades of experience as a researcher and instructor, Dr. Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for a number of “firsts” in several of these areas.


Department of Homeland Security's Rob Pate Podcast on Protecting Country's Critical Infrastructure
Jul 27 2007
The Information Security Media Group offers a podcast with Rob Pate, Deputy Director of Outreach and Awareness of the National Cyber Security Division of the Department of Homeland Security. Pate explains the role of the NCSD and how it is related to the US Center for Emergency Response Team (US CERT) and its 24X 7 watch and warning center. He also talks to how NCSD helps the financial service industry and DHS's responsibilities in protecting US cyberspace. Pate also speaks to the real consequences of cyber attacks and why education is important. Listen as he describes the cyberterrorists of today as having Ph.D.-level skill sets, compared to the script kiddies of years past. He continues with his lessons learned about incident response, what are the key parts of an incident response plans and the need for sustainability of any institution's incident response plan. Pate has worked tirelessly behind the scenes to help federal agencies wage war against cyberthreats. He led efforts to develop metrics that allow agencies to compare their incident response capabilities with the best response teams. He also created the GFirst program to help first responders share best practices. Pate initiated a secure configuration project to enable agencies to find and fix security holes in commercial software. Now he leads a governmentwide deployment of a patented National Security Agency technology, which is designed to discover rogue computers the moment they connect to agency networks.

National Credit Union Administration's Gigi Hyland on Information Security at Credit Unions
Aug 08 2007
Listen to National Credit Union Administration board member Gigi Hyland as she shares with the Information Security Media Group audience what’s important to the NCUA in regard to information security at credit unions. Hyland, a NCUA board member since 2005, explains why written information security policies are needed and shares her view of annual review of risk assessments at credit unions as well as her ideas on access controls and need for encryption. Hyland, who prior to her NCUA board appointment spent 14 years in the credit union community, details why employees, front end to back end, need information security training; how a holistic view of information security at a credit union will help; and what it takes to manage third party services and why a due diligence review is stressed. Hyland expresses NCUA’s view on external threats and how to best fight them, including phishing and other online scams. She also speaks to the importance of credit union board members’ charge to oversee their credit union’s information security program. Gigi Hyland was appointed by President George W. Bush to a seat on the National Credit Union (NCUA) Board effective November 18, 2005. Her term expires August 2, 2011. Prior to her NCUA appointment she served as Senior Vice President, General Counsel for Empire Corporate Federal Credit Union in Albany, New York. She previously served concurrently as Vice President, Corporate Credit Union Relations of the Credit Union National Association, Inc. and Executive Director for the Association of Corporate Credit Unions.




Information Security Expert James Kist: Web Application Security at Financial Institutions
Aug 16 2007
Here’s a podcast from Information Security Media Group on a hot security topic: Web Applications. Listen as information security expert James Kist answers questions regarding how important web app security is for a financial institution. James Kist, CISSP, CCSI, CCSE, CCSA, is a senior Information Security Engineer with Icons, Inc. With more than 13 years experience in Information Technology, Kist has expertise in information security, application development, security system design and implementation, training, development and delivery of information security courseware. In the interview Kist talks about things that financial institutions don’t normally think of as being a risk to security and how penetration testing and the choice of right monitoring tools helps measure security.He also covers regulatory issues surrounding Gramm-Leach Bliley, the Payment Card Industry Data Security Standards and Sarbanes Oxley from an institution’s perspective. He shares his view on information security training and certification, and as an instructor, offers his tips on CISSP exam preparation, as well as the need to train information security professionals on web application security. Kist is a top-rated instructor and author on topics ranging from information security to system and network management and wireless technology. He has managed and implemented systems and networks for very specialized companies in information security. He regularly conducts penetration tests, vulnerability assessments, configures and manages firewall, and IDS installations.



























































Exclusive Insights from Security Solutions Leaders: RSA Conference 2008
Apr 09 2008
Interviews Shed Light on Topics of Unique Interest to Banking/Security Executives The annual RSA Conference is a showplace for the who's who of security solutions vendors. The event showroom is lined with scores of the industry's leading vendors - no one individual could hope to see them all. So, the Information Security Media Group team did the job for you, visiting with more than 60 vendors of particular interest to banking and security leaders. Click on the following links to listen to our exclusive interviews with these vendors. A - F G - Q R - Z 8e6 TechnologiesDownload MP3 | StreamingActivIdentityDownload MP3 | StreamingAdobeDownload MP3 | StreamingAirDefenseDownload MP3 | StreamingAlgoSecDownload MP3 | StreamingApplication SecurityDownload MP3 | StreamingArcSightDownload MP3 | StreamingAxedaDownload MP3 | StreamingBeyond TrustDownload MP3 | StreamingBioPasswordDownload MP3 | StreamingBlue Coat SystemsDownload MP3 | StreamingBrabeionDownload MP3 | StreamingBreach SecurityDownload MP3 | StreamingCloakwareDownload MP3 | StreamingComputer AssociatesDownload MP3 | StreamingCrossroadsDownload MP3 | StreamingDigitalPersonaDownload MP3 | StreamingeEye Digital SecurityDownload MP3 | StreamingEntrustDownload MP3 | StreamingFinjanDownload MP3 | StreamingForeScout TechnologiesDownload MP3 | StreamingFortify SoftwareDownload MP3 | StreamingFortinetDownload MP3 | StreamingFox TechnologiesDownload MP3 | Streaming Guardian AnalyticsDownload MP3 | StreamingGuardiumDownload MP3 | StreamingHewlett PackardDownload MP3 | StreamingIBMDownload MP3 | StreamingIDA SingaporeDownload MP3 | StreamingIDologyDownload MP3 | StreamingImprivataDownload MP3 | StreamingIntellitacticsDownload MP3 | StreamingISACADownload MP3 | StreamingiovationDownload MP3 | StreamingLieberman SoftwareDownload MP3 | StreamingLiquid MachinesDownload MP3 | StreamingLSI CorporationDownload MP3 | StreamingLumension SecurityDownload MP3 | StreamingMagensaDownload MP3 | StreamingMirapointDownload MP3 | StreamingMXI SecurityDownload MP3 | StreamingNetronomeDownload MP3 | StreamingNovellDownload MP3 | StreamingNSS LabsDownload MP3 | StreamingOracleDownload MP3 | StreamingOrange ParachuteDownload MP3 | StreamingOunce LabsDownload MP3 | StreamingQualysDownload MP3 | StreamingQuest SoftwareDownload MP3 | Streaming Raytheon Oakley SystemsDownload MP3 | StreamingRedSeal SystemsDownload MP3 | StreamingRoute1Download MP3 | StreamingRSADownload MP3 | StreamingSafeNetDownload MP3 | StreamingSecure ComputingDownload MP3 | StreamingSecurity InnovationDownload MP3 | StreamingSenSageDownload MP3 | StreamingShavlik TechnologiesDownload MP3 | StreamingSigtecDownload MP3 | StreamingSkybox SecurityDownload MP3 | StreamingSterling CommerceDownload MP3 | StreamingSymark SoftwareDownload MP3 | StreamingTippingPointDownload MP3 | StreamingTizor SystemsDownload MP3 | StreamingTriCipherDownload MP3 | StreamingTriGeoDownload MP3 | StreamingTripwireDownload MP3 | StreamingUnisysDownload MP3 | StreamingVerisign 1Download MP3 | StreamingVerisign 2Download MP3 | StreamingVoltage SecurityDownload MP3 | StreamingWave SystemsDownload MP3 | Streaming Download all MP3 files (ZIP file) Learn: Who they are; All about their solutions, and most importantly ... How their solutions meet your current banking/security needs. Also be sure to check out our articles and podcasts from the event's keynote speeches and conference sessions. Additional RSA Conference Coverage RSA Conference 2008: Event Wrap-Up PayPal Leads Fight Against Phishing Internet Banking Case Study: Banco do Brasil Online Banking: 'Deputizing Our Customers' at Bank of America DHS Secretary Chertoff to Business: 'Send us Your Best & Brightest' Interviews with many security vendors on topics of interest to financial institutions. Information Security Media Group recently attended the RSA Conference 2008, the premier information security conference showcasing over 300 of the top vendors in the information security technology space. The following audio is a selection of recordings taken on the expo floor where industry-leading vendors addressing all aspects of information security presented their products and services to attendees. Vendor solutions ranged from application security, encryption, multi-factor authentication, biometrics, ID and access management, compliance management, database security, email and messaging security, and many, many other solution categories. We hope you take the time to investigate all the vendors listed as they all have solutions, products, and services designed to help financial institutions deal with information security issues and regulatory compliance. Vendor interviews and recordings are presented in alphabetical order and please note, we are not endorsing any particular vendor or product, we are just reporting on their take on the finance industry.



































ABA Insights: The State of Customer Confidence
Oct 20 2008
Interview with James Chessen, Chief Economist for the American Bankers Association It's a frantic, historic time for banking institutions of all sizes, with mergers, acquisitions, failures and federal investment. In an exclusive interview, James Chessen, Chief Economist for the American Bankers Association, speaks about the state of customer confidence at banking institutions, detailing: The top questions banks are receiving from their customers - and the answers they're offering; Ways banking institutions can proactively instill greater confidence; Business priorities for banking leaders heading into 2009. James Chessen is the Chief Economist and Group Director for the American Bankers Association. In this capacity, he oversees two departments: Economic & Policy Research which monitors the financial performance and condition of the banking industry and studies legislative and regulatory issues as they pertain to the banking industry and the Surveys & Statistics group that collects, compiles and analyzes information on topics and issues related to bank operations, bank performance and industry trends. Chessen writes on banking issues and he appears regularly in the print and broadcast media. He has also testified before Congress and federal regulatory agencies on economic and banking issues. Prior to joining the ABA in March 1988, Chessen worked as a financial economist at the Federal Deposit Insurance Corporation and was an assistant professor of economics at Lake Forest College in Lake Forest, Illinois. Chessen has a Ph.D. and an MA in Economics from Virginia Tech and a BA from the University of Puget Sound.

How to Avoid Being a Victim of Multi-Channel Fraud
Oct 22 2008
The crime of deception is now even more deceptive. Multi-channel fraud - schemes that are launched simultaneously via telephone, Internet, in person and via mail - is a growing concern for financial institutions. And the linked crimes aren't always easy to spot. In this exclusive interview, security expert Diana Kelley discusses: The types of multi-channel fraud now prevalent in the marketplace; How these attacks are launched; Ways institutions can spot and respond to the threat. Diana Kelley founded SecurityCurve in April of 2003. She has extensive experience creating secure network architectures and business solutions for large corporations and delivering strategic, competitive knowledge to security software vendors. Prior to returning to SecurityCurve in January 2008, she was Vice President and Service Director for the Security and Risk Management Strategies (SRMS) service at Burton Group. Diana was the Executive Security Advisor for CA's eTrust Business Unit. At CA she was responsible for advising customers on strategic security solutions and helped guide CA's security business. She served as the Vice President of Security Technology for Safe3W, Inc (acquired by iPass), a provider of strong, two factor authentication. Representing Safe3W she was actively involved in the Technical Group for NACHA's Project Action. And she was a security industry Analyst with Baroudi Bloor, a top-tier analyst firm where she delivered strategic advice to, among others, IBM and Psionic (acquired by Cisco.)



NCUA Board Member Gigi Hyland on: The State of Credit Unions
Oct 28 2008
Exclusive Interview with the Board Member of the NCUA As banking unions struggle with the global crisis in confidence, U.S. credit unions are beneficiaries of consumers looking for safe new homes for their deposits. At least that's the popular theory. But what's the real state of affairs now at federally-chartered credit unions? In an exclusive interview, Gigi Hyland, board member of the National Credit Union Administration, discusses: The state of the nation's credit unions; What credit unions must do to succeed at winning new members and deposits; How prepared credit unions are for ID Theft Red Flags Rule compliance; The top three challenges for credit unions in 2009. Gigi Hyland took office on November 18, 2005, as a member of the NCUA Board for a six-year term. Prior to joining the NCUA Board, Ms. Hyland's career spanned 14 years serving the credit union community. From 2003-2005, she served as Senior Vice President, General Counsel for Empire Corporate Federal Credit Union in Albany, New York. While at Empire, she represented the corporate by serving as a board member of the National Cooperative Business Association. From 1997-2002, she served concurrently as Vice President, Corporate Credit Union Relations of the Credit Union National Association, Inc. and Executive Director for the Association of Corporate Credit Unions. Ms. Hyland began her career as an attorney serving credit unions at the family firm of Hyland & Hyland. Currently, Ms. Hyland is Chair of NCUA's Outreach Task Force. The Task Force was created to provide a better understanding of and evaluation of the NCUA's outreach efforts and is in further response to the findings in the agency's 2006 Member Service Assessment Pilot Program: A Study of Federal Credit Union Service. Ms. Hyland serves as NCUA Board representative on the NeighborWorks® America Board of Directors. She also serves as the Board's liaison to the Department of Defense, the Department of Housing and Urban Development and the National Association of State Credit Union Supervisors (NASCUS). Ms. Hyland's term expires August 2, 2011. Originally from Alexandria, VA, Ms. Hyland holds a bachelor's degree from the College of William and Mary, a JD from George Mason University and an Advanced Diploma in International Law from McGeorge School of Law. Ms. Hyland is a Credit Union Development Educator and received the DE Volunteer of the Year Award for Advocacy in March 2006.

Coping with the Economy: The State of Banking in Michigan
Oct 31 2008
Interview with Dennis Koons, CEO/President of the Michigan Bankers Association The economic downturn struck early in the state of Michigan, where unemployment rates have been higher than most of the nation for years. In this exclusive interview, Dennis Koons, CEO/President of the Michigan Bankers Association discusses: The state of banking confidence in Michigan; What member institutions are doing to foster greater confidence; Banks' top business objectives heading into 2009. About Dennis Koons: Dennis R. Koons has served as President & CEO of the Michigan Bankers Association since January 2002. The MBA represents the interests of and provides services to the banks of Michigan. Koons is a graduate of Michigan State University and the Thomas M. Cooley Law School. His career includes political campaign management, a staff position in the Michigan Senate, Director of Governmental Affairs for the Michigan Association of Realtors, Vice President for the Greater Detroit Chamber of Commerce and Vice President, Government Relations for NBD Bank. From 1995 to 2001, he served as the Chief Executive Officer of the 26,000-member Michigan Association of Realtors. Koons also serves or served civic and professional organizations as an officer or director including the Michigan State Chamber, Habitat for Humanity of Michigan, People and Land, Michigan Society for Association Executives, Graduate School of Banking in Madison, Robert M. Perry Schools of Banking, Michigan Employers Unemployment Compensation Council, Greater Detroit Capital Corporation and the Michigan Council for Economic Education. Since 1887, financial institutions throughout Michigan have looked to the Michigan Bankers Association as their primary resource for information, education, government representation, and supporting products and services. The MBA is dedicated to advancing a positive business environment for the entire banking industry and to fostering safe, profitable, and successful banks, which promote strong communities and economic activity in Michigan. Membership includes community banks, regional banks, holding companies, savings banks, trust banks and organizations that serve the banking industry.


Post-Election Insights: What Does it all Mean to the Banking Industry?
Nov 05 2008
Interview with Stephen Verdier of the Independent Community Bankers of America On Nov. 4, America elected Democrat Barack Obama as its next President, and the Democratic Party also cushioned its majorities in both the House and Senate. So, what does a Democratic federal government portend for the U.S. banking industry? In an exclusive interview, Stephen Verdier, Senior Vice President and Director of the ICBA's Congressional Relations Group, discusses: What the election means short- and long-term to the banking industry; How regulatory agencies may be changed by the new Administration; New regulations that may be coming down the pike. Verdier rejoined the Independent Community Bankers of America on March 1, 2004 as Senior Vice President and Director of the Congressional Relations Group. He was also with ICBA from 1983 until June of 1994 as Senior Legislative Counsel. He received his college degree in political science from American University and graduated from Catholic University Law School. Both schools are in Washington, D.C. During his college years, he worked on Capitol Hill and was a law clerk with the Antitrust Division of the Department of Justice during law school. Before rejoining ICBA, Verdier was with America's Community Bankers. Between 1976 and 1983, he was on the House Banking Committee staff and helped draft major banking legislation enacted in 1978, 1980 and 1982. He also worked on legislation dealing with the World Bank, the International Monetary Fund (IMF), and the Export-Import Bank.



Economics, Banking and Education: What to Expect in 2009
Nov 07 2008
Interview with Dr. Stephen Happel of Arizona State University Not only is it an interesting time to be in banking; it's an interesting time to be learning about banking. Dr. Stephen Happel is Professor of Economics at Arizona State University, and he's also a longtime instructor at the Pacific Coast Banking School in Seattle. In this exclusive interview, Happel discusses: The likely impact of the recent election on the banking industry in 2009 and beyond; The types of new regulations banking institutions can expect from their elected leaders; The potential impact of Gen Y as banking practitioners and consumers. Happel has been a Professor of Economics at the Arizona State University W.P Carey School of Business since 1975. He grew up in Quincy, Illinois, received a B.A. in mathematics and economics from the University of Missouri in 1969, an M.A. from Duke in 1972, and a Ph.D. in economics from Duke in 1976. In addition to visiting appointments at North Carolina State University, the Australian National University and the University of Waikato in New Zealand, Happel is founding director of the ASU School of Business Honors Program and served as Associate Dean of Undergraduate Studies from 1991 to 1999. His research focuses on applied microeconomics and population issues. He has written two textbooks and over 100 articles in both professional journals and popular outlets, including the Wall Street Journal, the New York Times, the Christian Science Monitor, and the Arizona Republic. This work covers arguments for free-market ticket scalping, student academic dishonesty at universities, U.S. fertility rates, the rationale for slotting fees in supermarkets, and the snowbird lifestyle among retirees. Happel has received a host of teaching awards at ASU, including the ASU Distinguished Teaching Award, the Burlington Northern Award, and Arizona Professor of the Year selected by the Council for the Advancement and Support of Education. He teaches large undergraduate classes in macroeconomics and MBA classes in managerial economics. Happel is also a long-time instructor at the Pacific Coast Banking School in Seattle and the Arizona Tax Institute. He speaks throughout the U.S. on the domestic economy and international trends, paying particular attention to generational spending patterns, to recent Federal Reserve policy, and to current tax/spending proposals by the White House and Congress.



New Year's Resolutions: A Look Ahead to Banking. Security Priorities in 2009
Nov 20 2008
Interview With Christine Barry, Research Director, Aite Group LLC An unpredictable market, a new financial services landscape, and an incoming Democratic administration. This year has been full of change, and the New Year promises even more. To gain some perspective on banking/security priorities in 2009, we spoke with Christine Barry, Research Director, Aite Group LLC, who offers insights on: Business priorities for banking institutions in 2009; Possible changes to the regulatory environment; How credit unions stand to grow; Ways institutions of all sizes are trying to grow deposits and revenue while ensuring consumer confidence. Christine Barry serves as a Research Director at Aite Group LLC, focusing on the strategies and technology implementations of global banks of all sizes. Her recent research has addressed remote deposit capture, best-practices for credit unions, capturing the valuable small-business customer, global cash management trends, and core banking system replacement. She is an acknowledged banking industry expert with more than a decade of experience in financial services products and technologies. She has worked with a broad range of U.S. and international clients analyzing industry trends and identifying market opportunities, product gaps and potential partners to help them achieve their strategic IT goals. Ms. Barry has presented her research at various conferences, including NACHA Payments, BAI TransPay, WACHA Electronic Payments Conference, Windy City Summit, and several U.S. and overseas technology vendor user conferences. She has been quoted in various media outlets, including The Wall Street Journal, The New York Times, BusinessWeek, American Banker, Bank Systems & Technology, and Credit Union Times. She has also appeared on CNN. Before joining Aite Group, Ms. Barry was a senior consultant in the strategy practice at HighQuest Partners where she helped technology companies to enter, grow and succeed in US markets. Prior to that, she was a senior analyst in Celent Communications banking group, with a focus on cash management, commercial lending, core banking/processing, small business banking, mortgages, and biometrics. She did similar work as a research analyst for Meridien Research's (now Financial Insights) e-financial services group. She began her career gaining in-house experience as an associate in commercial and municipal lending at KBC Bank and a financial analyst for Citibank in the firm's global derivatives and strategic initiatives groups. Ms. Barry holds an M.B.A. from Babson College and a B.A. in international business from Villanova University. She is a triathlete and has completed five marathons.

2009 Business Drivers for Banks: Interview With George Tubin, Research Director, TowerGroup
Nov 21 2008
Interview With George Tubin, Research Director, TowerGroup Keeping the customer satisfied - and getting more of them. Many more. These are among the priorities of banking institutions in 2009, according to a new survey by TowerGroup, "2009 Top 10 Business Drivers, Strategic Responses and IT Initiatives in Retail Banking." In an exclusive interview, TowerGroup Research Director George Tubin discusses: Survey highlights; Business and security priorities of banking institutions; How banking/security leaders should act on the information presented in this new study. Tubin is a senior research director for TowerGroup's Delivery Channels and Financial Information Security research services. His areas of expertise include consumer online banking, online fraud and identity theft prevention, information security strategy, and customer authentication as well as mobile banking and contact center strategies and technologies. With over 20 years in the banking and high-technology industries, Tubin focuses his research on consumer online banking, fraud and identity theft prevention, information security strategy, and customer authentication as well as mobile banking and contact center strategies and technologies. Before joining TowerGroup, he was a senior consultant with ADS Financial Services Solutions, providing information technology strategy consulting to top-tier US banks. He also held several positions at BayBank, BankBoston, and Fleet (now Bank of America), including director of e-commerce planning and development and vice president of planning and analysis for the consumer and small business banking divisions. Tubin is frequently quoted in industry periodicals and has appeared in such publications as The Wall Street Journal, Newsweek, CIO Magazine, American Banker, Bank Technology News, CNN Money Online, and Bank Systems and Technology. He has been a chair and featured speaker at dozens of major industry conferences and Webcasts, and has authored articles for numerous media outlets. Tubin received an M.B.A. from Babson College and holds a B.S. in industrial engineering and operations research from the University of Massachusetts, Amherst.







The 2009 Banking Agenda: Interview with Doug Johnson of the American Bankers Association
Dec 05 2008
It's been a wild year for the banking industry, and 2009 promises to be an eventful one, too, with a new Presidential administration and discussion of new industry regulations. To reflect on the year behind us and consider the year ahead, we caught up with Doug Johnson, Vice President of Risk Management Policy with the American Bankers Association to discuss: The state of the banking industry; What to expect for regulations in 2009; Advice for banks as they transition into the new year. Doug Johnson serves as Senior Policy Analyst for the American Bankers Association, where his public policy responsibilities include payments system technology and the relationship between technology, privacy, and security. Doug also advises the ABA and its members on a variety of other matters, including social security reform, real estate brokerage, mortgage finance, and public funds. He was responsible for the ABA's recent release of a series of tools to assess information technology risk and safeguard customer information in financial institutions. He is on the advisory board of the Financial Services Information Sharing and Analysis Center and serves on the Financial Services Sector Coordinating Council, which advises the federal bank regulatory agencies on homeland security and critical infrastructure protection issues. Prior to joining the American Bankers Association, Doug spent ten years as Assistant Director of the Florida Division of Banking, where he oversaw the supervision and regulation of Florida's domestic and international banking industry. During that time, Doug served as an advisor to the U.S. Congressional Office of Technology Assessment, assisting in their study of the use of information technologies for the control of money laundering. Doug also spent time in Miami as a planning analyst for Royal Trust Bank Group, and as a bank consultant for First Research Corporation. He has Bachelors in Economics from the University of Florida and a Masters in Finance from Florida State University.

Carnegie Mellon University Survey Insights: Why Boards of Directors Don't Get it
Dec 05 2008
Interview with Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk At a time when risks are high and consumer confidence is low, corporate boards of directors aren't paying nearly enough attention to information security and cyber threats. This is the key takeaway from a new Carnegie Mellon University CyLab survey, which shows that there is a "gaping hole as wide as the Grand Canyon" in board and senior executive oversight of these critical business issues. Read more about this survey in an article by Linda McGlasson. To understand this study, we spoke with its author, Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk. In an exclusive interview, she discusses: Key findings; Greatest concerns from the study; Recommendations for what financial institutions should do now to address these concerns. Jody Westby received her B.A., summa cum laude, University of Tulsa; J.D., magna cum laude, Georgetown University Law Center; Order of the Coif. Drawing upon a unique combination of more than 20 years of technical, legal, policy, and business experience, Jody Westby brings a seasoned, multidisciplinary perspective to the many issues facing businesses and governments today in the areas of privacy, information security, outsourcing/offshoring risks, cybercrime, and IT business risk management. She regularly consults with governments, private sector executives, and operational personnel on the development of enterprise security programs that dovetail the technical, legal, operational, and managerial considerations. Prior to forming Global Cyber Risk, Ms. Westby served as senior managing director for PricewaterhouseCoopers (PwC), specializing in outsourcing and cyber security/privacy issues. Before that, she was president of The Work-IT Group, launched an IT solutions company for the CIA, managed the domestic policy department for the world's largest business organization, was senior fellow and director of information technology (IT) studies for one of the nation's leading think tanks, practiced law with two top-tier New York firms, and spent 10 years in the computer industry specializing in database management systems.




New Study: What's Next for Banking Legislation, Regulation? Interview with Eva Weber of Aite Group
Dec 11 2008
Given 2008's global financial crisis, what can we expect in terms of new legislation and regulation in 2009? Aite Group, the Boston-based financial services analyst firm, takes a stab at answering this question in a new report "What Next? Legislative and Regulatory Response to the Financial Crisis." In an exclusive interview, Aite Analyst Eva Weber discusses: Initial conclusions from the study; Recommendations for financial institutions in 2009; Key takeaways for banking/security leaders who need to be concerned with all threats to their institutions. Weber focuses on the regulatory and compliance issues facing financial institutions. Recent research has focused on anti-money laundering, risk management, fraud, and bank regulation at the federal and state levels. She brings to the position research and analytical skills gained in five years as a practicing attorney, and has helped Aite Group clients respond to major regulatory initiatives, such as Sarbanes-Oxley, the Bank Secrecy Act, the USA PATRIOT Act and new bankruptcy laws. Weber has presented before the BITS Fraud Steering Committee and at user conferences for Metavante and Postilion. She has been quoted in leading press outlets, such as Associated Press, USA Today, The Boston Globe, and The Atlanta Journal-Constitution on mortgage industry regulation, and more broadly in trade publications, such as American Banker and The Greensheet.

2009 Security Agenda: Interview with Industry Expert Steve Katz
Dec 16 2008
Looking ahead to 2009, banking/security guru Steve Katz quotes the ancient proverb: "May you live in interesting times." With a new administration, new banking landscape and regulatory changes expected, we live in interesting times, indeed. In an exclusive interview, Katz discusses: The biggest banking/security stories of 2008; What banking institutions must do to strengthen customer confidence in 2009; What we might expect in terms of regulatory change from the Obama administration and Democratic Congress. The world's first Chief Information Security Officer, Steve Katz is a prominent figure in the network security discipline. Since 1985, he has served as the senior security executive for Citibank/Citigroup, JP Morgan, and most recently Merrill Lynch - and has been a force in raising the visibility and shaping the direction of the security industry at industry and government levels. Deeply respected within both the financial services and security industries, Katz has testified to Congress on information security issues and was appointed as the Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. Other credentials include: Founder and Chairman of the Financial Services Information Sharing and Analysis Center; Chairman of the American Bankers Association Information Systems Security Committee; Vice Chair, Financial Services Roundtable-BITS Security and Risk Assessment Committee; member of the New York Clearinghouse Banks Data Security Officers Committee; and member of the Securities Industry Association Information Security Committee.

The Risks of 'Security by Compliance' - Interview with ISACA's John Pironti
Dec 18 2008
Regulatory compliance is the backbone of a financial institution's information security program. But compliance alone isn't enough, says John Pironti of ISACA's Education Board, who advises institutions to take a risk-based, not a "checklist-based" approach to security. In an exclusive interview, Pironti discusses: The risks of 'Security by Compliance'; Top risk management/compliance issues of 2009; What will be the most in-demand skills and job opportunities for information security professionals. In addition to his role with ISACA, Pironti is currently the Chief Information Risk Strategist for CompuCom. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology on a global scale. Pironti has a number of industry certifications including Certified in the Governance of Enterprise Information Technology (CGEIT) Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and an Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.


















Incident Response: How BB&T Handles Client Notification
Feb 18 2009
Interview With Dick Langford, VP, BB&T What happens after a major security breach such as the Heartland Payment Systems hack? How do banking institutions go about notifying their customers - whose responsibility is it? At BB&T in Winston-Salem, NC, the role is filled by Dick Langford, Vice President and Manager, Information Security Compliance Management. In an exclusive interview, Langford discusses: How BB&T approaches client notification; Lessons learned from security breach response; The different ways the bank approaches customer awareness to meet all customers' needs. Langford has 19 years experience in information protection in the financial sector. Previously with the Federal Reserve Bank of Kansas City, he has managed elements of BB&T's information protection program since 1998. His current responsibility is directing a network of over 100 Information Security Compliance Managers representing each line of business, subsidiary, and affiliate company in BB&T Corporation, thereby ensuring compliance with federal and state information protection legislation and regulations. BB&T Corporation, headquartered in Winston-Salem, N.C. , is among the nation's top financial holding companies with $152 billion in assets. Its bank subsidiaries operate approximately 1,500 financial centers in the Carolinas, Virginia, West Virginia, Kentucky, Georgia, Maryland, Tennessee, Florida, Alabama, Indiana and Washington, D.C.















The Recession's True Impact on Financial Services: Steven Weisbart, Insurance Information Institute
Mar 11 2009
Warren Buffett says the economy has "fallen off a cliff." But where does the fall end, and how badly bruised will financial institutions be when they pick themselves off the ground? In an exclusive interview, Steven Weisbart, SVP and Chief Economist, the Insurance Information Institute, discusses: The true impact of the recession on financial institutions; TARP monies and nationalization of banks; Signs of recovery to watch for in the months ahead. Weisbart is senior vice president and chief economist for the Insurance Information Institute. Weisbart oversees the Institute's program of economic research and analysis, preparing studies in support of the organization's communications mission, speaking to media and conducting briefings for member companies, industry organizations and public policymakers. A specialist in annuities, pensions, and life, disability and long-term care insurance, Weisbart frequently also makes presentations on property/casualty issues to industry audiences as well as legislative forums. Since joining the I.I.I. in 2005, Weisbart has authored several significant research papers and articles on a variety of insurance issues, including the threat of an avian flu pandemic and the effect of the aging U.S. population on the property/casualty insurance industry. For more than 40 years, the I.I.I. has provided definitive insurance information. Today, the I.I.I. is recognized by the media, governments, regulatory organizations, universities and the public as a primary source of information, analysis and referral concerning insurance.





Endpoint Virtualization Experts Roundtable: Emerging Technologies Insights
Mar 30 2009
Endpoint virtualization is one of the hottest emerging technologies for financial institutions, which are looking to maximize secure access to and management of key applications - while also controlling costs. In this Emerging Technologies Insights panel, we hear from: Matthew Speare of M&T Bank on how a banking institution leverages virtualization; Tom Wills of Javelin Strategy & Research on current security trends that impact endpoint virtualization efforts; Brian Duckering of Symantec on strategies and solutions being employed across industry. In this 30-minute panel discussion, the panelists discuss successful virtualization strategies for banking institution, offering unique perspectives from the practitioner's vendor's and market researcher's points of view. They also tackle a series of questions on endpoint virtualization, including: What is the economic imperative for financial institutions to explore virtualization? What are the biggest security challenges and opportunities from virtualization technologies? How do virtualization solutions address institutions' concerns about fraud and vendor management? In what ways do virtualized solutions help institutions meet their objectives to contain costs and maximize security? About the Participants: Matt Speare is Senior Vice President of Information Technology, M & T Bank Corporation, the nation's 17th largest bank holding company, based in Buffalo, New York. Tom Wills is Senior Analyst Risk, Security & Fraud, Javelin Strategy & Research, where he leads the firm's strategic risk management, security, fraud, and compliance advisory services. Brian Duckering is Senior Product Marketing Manager, Endpoint Virtualization, at Symantec. He advocates use of the various virtualization technologies available today to promote higher productivity for end-users and better system manageability and cost reduction for IT. Tom Field is an award-winning journalist with over 20 years experience in newspapers, magazines, books, events and electronic media. An accomplished public speaker, Field has developed and moderated scores of podcasts, webcasts, roundtables and conferences, and he has appeared on C-SPAN, The History Channel and Travel Channel television programs.







RSA Conference 2009: Technology & Security Vendor Interviews
Apr 21 2009
The annual RSA Conference was held in San Francisco April 20-24, bringing together the nation's - in some case's the world's -- top security experts, leaders and vendors for a week-long exploration of the day's top threats and opportunities. Cybersecurity. Cloud Computing. Encryption. Public/Private Partnership. Taking the Cost and Complexity out of Compliance. These were among the resonant themes of the conference's programming, and they were discussed extensively on the Expo floor. Click on the Category Titles to Jump Down and Listen to Interviews from the Conference: Application Security Authentication Compliance Messaging Security Identity / Access Management Endpoint Security Managed Security Services Virtualization And Information Security Media Group was on site to record the most significant moments. From the highly-anticipated keynote on cybersecurity by Melissa Hathaway to individual conference sessions on data breaches and security risks, the ISMG team produced a wealth of articles, blogs and interviews tailored to the interests of information security leaders.For the first time ever, ISMG also participated in the event, previewing the results of our annual Banking Information Security Today survey.If you, too, were at the event, be sure to send us your own observations. What stood out to you about RSA Conference 2009? Vendor Interviews TOP Application Security - TOP Armorize Technologies Listen | Download Barracuda Networks Listen | Download Finjan Listen | Download Hewlett-Packard Company (HP) Listen | Download Lumension Security Listen | Download Ounce Labs Listen | Download Townsend Listen | Download Authentication - TOP CA - Brian Bentzen Listen | Download CA - Lina Liberti Listen | Download CA - Mick Coady Listen | Download Entrust Listen | Download Gemalto Listen | Download Juniper Networks Listen | Download Nagra ID Security Listen | Download | Video PhoneFactor, Inc Listen | Download | Video Radiant Logic, Inc. Listen | Download SafeNet, Inc Listen | Download TeleSign Listen | Download Trend Micro Listen | Download Compliance - TOP AirDefense Listen | Download | Video AlgoSec Listen | Download ArcSight Listen | Download Cloakware Listen | Download Configuresoft Listen | Download CrossTec Corporation Listen | Download eIQnetworks Listen | Download LogLogic, Inc. Listen | Download LogRhythm Listen | Download nuBridges, Inc. Listen | Download Prism Microsystems Listen | Download RedSeal Systems Inc. Listen | Download | Video Safend Listen | Download Shavlik Technologies Listen | Download Skybox Security Listen | Download Trustwave Listen | Download Venafi Listen | Download Alcatel-Lucent Technologies Inc. Listen | Download NitroSecurity Listen | Download | Video Tenzig Listen | Download Tizor Listen | Download Tenable Network Security Inc Listen | Download Messaging Security - TOP Axway Listen | Download Messaging Architects Listen | Download PGP Corporation Listen | Download SSH Communications Security, Inc Listen | Download Voltage Listen | Download | Video PKWARE Listen | Download IBM Listen | Download Proofpoint, Inc. Listen | Download Identity / Access Management - TOP ActivIdentity Listen | Download AEP Networks Listen | Download CoreStreet Ltd Listen | Download Digital Persona, Inc Listen | Download e-DMZ Security Listen | Download | Video Fire ID Listen | Download Fujitsu Listen | Download Gigamon Systems Listen | Download HID Global Listen | Download | Video Intersections Listen | Download Iovation Listen | Download i-Sprint Innovations Listen | Download Liquid Machines, Inc Listen | Download Network Critical Listen | Download TippingPoint Listen | Download Avenda Systems Listen | Download | Video Symark Software Listen | Download Endpoint Security - TOP Blue Coat Systems Listen | Download Kanguru Solutions Listen | Download McAfee Listen | Download Optenet Listen | Download Palo Alto Networks Listen | Download Sunbelt Software USA Listen | Download Sybase Listen | Download Symantec Listen | Download TippingPoint Listen | Download Top Layer Networks Listen | Download WinMagic Inc Listen | Download Zecurion Listen | Download Fortinet, Inc. Listen | Download Paraben Corporation Listen | Download Intel Listen | Download Managed Security Services - TOP AT&T Listen | Download ANXeBusiness Listen | Download AppRiver Listen | Download | Video Codenomicon Ltd. Listen | Download Fortify Software Listen | Download Lieberman Software Listen | Download Lumeta Corporation Listen | Download Perimeter eSecurity Listen | Download Qualys Listen | Download SecureWorks Listen | Download SAVVIS Listen | Download Stonesoft Listen | Download Unisys Listen |


























Unique Programs: Information Assurance at Capella University
Jul 30 2009
Not only is Capella University one of the NSA's accredited Centers of Academic Excellence (CAE), the school also offers undergraduate, graduate and post-graduate programs in information assurance - and 100% online. In discussing Capella's unique programs, Dr. Steven Brown touches upon: How Capella's information assurance programs have developed; Where students live, work, and what they bring to the programs; The future of information security education. Dr. Brown is an experienced professional with more than 25 years of technical and business experience. His work both domestically and internationally has been in telecommunications, data networks, strategic communications, electronic commerce, business management, and security. He has authored several publications and presented at conferences around the world. Dr. Brown is currently serving as a Capella core faculty member teaching graduate courses in information assurance and security. He is responsible for ensuring that the information security and networking curricula meet the demands of today's marketplace and adhere to rigorous academic standards. Capella University is an accredited, fully online university that has built its reputation by providing quality education for working adults. More than 80 percent of Capella students are currently enrolled in master's or doctoral degree programs in business, information technology, education, human services, psychology, public administration, public health, and public safety. Capella also offers bachelor's degree programs in business, information technology, public administration, and public safety.



Do Consumers Want Mobile Banking? - SWACHA's Dennis Simmons on Electronic Payment Trends
Jun 29 2009
How strongly do consumers embrace electronic bill payments, and do they really want mobile banking as much as industry analysts say they do? These were the questions on Dennis Simmons' mind when his trade organization, SWACHA, the electronics payments resource, launched a recent survey on consumer usage of electronic payments. In an exclusive interview, Simmons discusses: Survey results and their message to banking institutions; Payment/security threats currently menacing the financial services industry; Ways institutions can help vulnerable businesses fight fraud. Simmons has over 20 years experience as the senior operations officer of several Dallas area banks. A frequent speaker and recognized expert on payments system issues, he is currently a member of the Board of NACHA, the immediate Past Chair of NACHA's Electronic Check Council and immediate past Co-Chair of NACHA's Risk Management Advisory Group. He was recognized by Transaction World as one of its 2007 "Movers and Shakers" in the payments business and is the recipient of two public service awards from the Federal Bureau of Investigation (FBI). He is an Accredited ACH Professional (AAP). SWACHA is an official source for the ACH Operating Rules and represents its members in national issues and the rule-making process. SWACHA's mission is to be the resource of choice for education, training, representation and knowledge regarding payments and payments system risk.







Cuomo v. ClearingHouse: Only the Beginning - Lauren Saunders, National Consumer Law Center
Jul 10 2009
Has the pendulum finally swung back to protect consumers and their rights in the financial services industry? Consumer protection advocacy lawyer Lauren Saunders from the National Consumer Law Center in Washington D.C. shares her insights on the recent Supreme Court decision, Cuomo v. ClearingHouse. This decision will allow states to enforce fair-lending laws and other consumer protection measures against the nation's biggest banks. Listen to this podcast as Saunders describes: What does this mean for the national banks; How will this affect banks when it comes to fair lending laws and state enforcement and what are its shortcomings; Why the swing back toward consumer protection means the real debate begins in Washington Saunders is the Managing Attorney of the National Consumer Law Center's Washington, DC, office, where she handles legislative, administrative and other advocacy efforts in the financial services area. She previously directed the Federal Rights Project of the National Senior Citizens Law Center; was Deputy Director of Litigation at Bet Tzedek Legal Services in Los Angeles; and was an associate at the public interest firm Hall & Phillips. She graduated magna cum laude from Harvard Law School where she was an Executive Editor of the Harvard Law Review, and holds a Masters in Public Policy from Harvard's Kennedy School of Government and a B.A., Phi Beta Kappa, from Stanford University.







State Spotlight: North Dakota - Information Security is Top Priority
Jul 17 2009
Interview with Tim Karsky, Commissioner, Dept. of Financial Institutions For institutions of all sizes, information security is a top priority at North Dakota banking institutions. But the smaller ones struggle to dedicate sufficient resources to the task, says Tim Karsky, Commissioner of the ND Dept. of Financial Institutions. In a discussion of his agency's top priorities, Karsky discusses: Ramifications of the Supreme Court's recent Cuomo v. ClearingHouse decision; Information security strengths and weaknesses of ND institutions; The focus for banking/security leaders heading into 2010. Karsky is a North Dakota native with an extensive background in the financial industry. He began his banking career with the Federal Deposit Insurance Corporation in January 1982, and joined the Department of Banking and Financial Institutions in the fall of 1986 as Chief Examiner. In 1989, Karsky was appointed Assistant Commissioner for the Department. He served in that capacity until 1997, when he moved into a new role as a loan officer for a Bismarck financial institution. Karsky returned to the Department as Assistant Commissioner in 1999, was appointed Commissioner in July, 2001, and is Chairman of the State Banking Board and State Credit Union Board, which oversees the state's state-chartered banks and credit unions. The Department of Financial Institutions also supervises consumer finance companies, money brokers, collection agencies, and deferred presentment providers.





Business Continuity: Preparing for H1N1 and Beyond
Jul 30 2009
Interview with Alan Berman of DRI International and AnneMarie Staley of NYSE The H1N1 threat has put business continuity and disaster recovery (BC/DR) in the headlines. But behind the scenes, the discipline has long been active in helping global organizations respond to myriad natural and man-made disasters. In a discussion about H1N1 and other BC/DR issues, Alan Berman of DRI International and AnneMarie Staley of NYSE touch upon: The biggest threats and regulatory challenges facing global organizations; How to apply "Think Global, Act Local" to BC/DR; What organizations must do now to respond to the H1N1 threat. Berman, the Executive Director of DRI International, is a CBCP, a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53). Over a career that has spanned 25 years, he has served as a President and CIO for a major financial institution, National Practice Leader for Operational Resiliency for PricewaterhouseCoopers and Global Business Continuity practice leader for Marsh. Staley is the Senior Manager of Business Continuity Planning and Disaster Recovery for North America for NYSE Euronext, which includes the New York Stock Exchange in New York. She is responsible for managing all aspects of the US-based business continuity and disaster recovery efforts. These efforts include risk assessment, business impact analysis, disaster recovery scenario development and response strategies, contingency plans, exercises, and training & awareness campaigns.

Incident Response Essentials - Peter Allor, FIRST.org
Jul 31 2009
The Heartland data breach and July's denial of service (DDoS) attacks against government agencies are among the biggest information security incidents of the year. And they've pushed incident response into the spotlight. Peter Allor is on the Steering Committee of the Forum for Incident Response and Security Teams (FIRST.org), and in this interview he discusses: Key incident response issues facing organizations today; What we've learned from the Heartland and government DDoS incidents; How to prepare for a successful career in incident response. Allor is a member of the Forum for Incident Response and Security Teams (FIRST) Steering Committee, a forum for security and incident information exchange between teams international. He also is the program manager for cyber incident & vulnerability Handling for IBM, where he is responsible for guiding the company's overall security initiatives and participation in enterprise and government implementation strategies. In addition, Allor is a member of: The Information Technology - Information Sharing and Analysis Center (IT-ISAC) which shares on information for protecting Critical Infrastructures. Information Technology - Sector Coordinating Council (IT-SCC) Executive Committee, which works within the private sector on policy and strategy input to the U.S. Government. CSIS Cyber Security Commission for the 44th Presidency, representing IBM, developing strategy for improving cyber security of federal systems and critical infrastructure.




Separation or Convergence? The Conflicts Between Log Management and SIM
Aug 05 2009
Log Management is a necessary first step, but only a baseline technology. Compliance mandates and good security practice also require real-time, end-to-end monitoring to identify, prioritize, analyze and remediate the true threats. Given the increase in targeted stealth attacks, clear visibility is more important than ever to protect your data. Consequently, Log Management alone is just not enough. Learn how the convergence of Log Management and Security Information Management (SIM) is changing the way we think about security, and why the demand for SIM is surging, even in the face of the current economic downturn. Mark Nicolett and netForensics Vice President of Products, Tracy Hulver, discuss: Shortfalls of traditional Log Management solutions Recommendations for effective real-time threat identification Pitfalls to avoid when deploying SIM technology How to make your existing log data actionable Combining and simplifying SIM and Log Management Log Management is a necessary first step, but only a baseline technology. Compliance mandates and good security practice also require real-time, end-to-end monitoring to identify, prioritize, analyze and remediate the true threats. Given the increase in targeted stealth attacks, clear visibility is more important than ever to protect your data. Consequently, Log Management alone is just not enough. Learn how the convergence of Log Management and Security Information Management (SIM) is changing the way we think about security, and why the demand for SIM is surging, even in the face of the current economic downturn.



Hiring Trends: Information Security Bucks the Recession - David Foote, Foote Partners
Aug 17 2009
Opportunities - and Salaries - are up for the Right People with the Right Skills The economy has been down, but job opportunities are up for information security professionals with the right skills. This is the posture of David Foote, CEO and chief research officer of Foote Partners, an IT workforce research firm. In an exclusive interview, Foote discusses: The hottest IT security skills and certifications; Hiring trends and areas of growth in the coming months; Complementary skills that also are in high demand. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives, in advising governments and corporations worldwide on increasing performance and managing IT's impact on their businesses and customers. Prior to co-founding Foote Partners in 1997, David was an analyst and consultant with Gartner and META Group, co-founding and directing META's executive service for Chief Information Officers and leading the firm's IT Human Capital Management and Compensation research practices.









Digital Forensics: Great Need, New Careers - Rob Lee, SANS Institute
Sep 02 2009
Information security requirements and challenges change on a daily basis - and with them come growing opportunities for individuals with skills in digital forensics. Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses: the growing need for digital forensics skills; today's top challenges and how organizations are tackling them; career prospects for individuals in digital forensics. Lee has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he directly worked with a variety of government agencies in the law enforcement, Dept. of Defense, and intelligence communities where he was the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and led a computer forensic and security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University. Finally, Rob was awarded the "Digital Forensic Examiner of the Year" from the Forensic 4Cast 2009 Awards.



Unique Programs: 'First Responders' at New Mexico Tech
Sep 11 2009
Interview with Srinivas Mukkamala When it comes to incident response, there's nothing for critical than first response. And first response skills are exactly what students are attaining in a unique information assurance program offered by New Mexico Tech. In an exclusive interview, Srinivas Mukkamala of New Mexico Tech discusses: How the school's First Responders program works; Qualifications of students enrolled in the program, and how it helps them prepare for careers; Advice for individuals looking to start - or jump-start - a career in information assurance. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerability analysis, information system security audits, network analysis and forensic incident analysis. He has a patent pending on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing Same.



Regulatory Reform: 'I Worry that We Won't Get it Done' - William Isaac, Former FDIC Chair
Sep 16 2009
It's been a year since the financial services industry was first rocked by the global recession. The 'crisis of confidence' resulted in scores of bank failures, major mergers and acquisitions, and a very public cry for regulatory reform. A year later ... is the banking industry better off? William Isaac, former FDIC Chair (1981-85), believes the recession is over, but he also is concerned about the future of regulatory reform, as people's attention turns to the healthcare debate. "I worry that we won't get it done at all," Isaac says. In an exclusive interview, Isaac discusses: How the banking industry has changed over the past year; Lessons learned from the recession; Regulatory reform - will it happen, or has momentum been lost? Isaac is chairman of the Secura Group, a leading financial institutions consulting firm, operating as a division of LECG. The Secura Group provides financial advisory services, strategic planning, regulatory counseling, risk-management services, strategic studies, and general management consulting for financial institutions. LECG, of which Isaac is a managing director, is one of the world's leading expert services firm with professionals serving Global Fortune 500 firms from offices around the world. Isaac also serves as chairman of various Isaac family real estate development companies. He writes for the American Banker and other publications and is a frequent speaker before banking groups. He is also a founding member of the American Bankers Council.






Insider Fraud: New Insights on an Age-Old Crime
Oct 02 2009
Interview with Shirley Inscoe and BC Krishna, Authors of Insidious: How Trusted Employees Steal Millions and Why It's so Hard for Banks to Stop Them Insider fraud has always been a risk for banking institutions, but this risk has only grown in the past year. And so has the size of the crimes. Shirley Inscoe and BC Krishna of Memento have written a new book, "Insidious: How Trusted Employees Steal Millions and Why It's so Hard for Banks to Stop Them." In an exclusive interview, the authors discuss: What's most misunderstood about insider fraud; How organizations are responding to the threat; Advice for what banking institutions can do today to prevent insider crimes. Inscoe, Memento's Director of Financial Services Solutions, had a distinguished 24-year career at Wachovia, the fourth largest bank in the U.S. Throughout her tenure at Wachovia, Inscoe held a series of increasingly responsible positions in risk management, regulatory compliance, and loss reduction initiatives. She is a member of the American Banking Association (ABA) Payment Systems Committee and co-chairs Primary Payment System's Advisory Committee. She also helped form and launch the Identity Theft Assistance Center, which provides support for identity theft victims. Krishna, founder and CEO of Memento, is a technologist and entrepreneur skilled at turning innovative software solutions into industry-leading companies. He founded Memento in 2003 after identifying the high-value business opportunity to help enterprises systematically address the long-known issue of internal fraud and inappropriate activities by insiders. In 1995, BC founded FutureTense the company that helped define the Content Management software category and was part of the management team that led it to nearly $100 million in revenue. Following the acquisition of FutureTense by publicly traded Open Market, he served as Open Market's Chief Technology Officer, as well as a Board Member. From 1987 to 1995, BC was a Principal Software Engineer at Digital Equipment Corporation.






Getting a Consensus on Regulating Data
Oct 19 2009
Interview with Rep. Yvette Clarke, Chair, House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology To quell the rising tide of information breaches and to protect government and key civilian IT systems, the idea of regulating IT and data is gaining ground among those who shape federal law and policies. If such regulation comes about, Rep. Yvette Clarke, D-N.Y., will be involved in shaping authorizing legislation, by virtue of her chairmanship of the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. Clarke, in an interview with GovInfoSecurity.com, said any such law or regulation must not hamper innovation. In the interview, Clarke discusses: Key elements of what she terms the National Data Breach Law. The deliberate approach the House is taking to implementing cybersecurity legislation. President Obama's need to appoint a cybersecurity coordinator now. Clarke represents one of the country's most ethnically diverse Congressional districts, New York's 11th in central Brooklyn, which includes some of the borough's most recognizable sites: Prospect Park, Grand Army Plaza, Brooklyn Botanical Gardens, Brooklyn Museum of Art and the Brooklyn Library. The 11th is the nation's third smallest Congressional district by area - 12.05 square miles - and the smallest represented by a woman. The congresswoman was interviewed by GovInfoSecurity.com Managing Editor Eric Chabrow.






BAI Conference Preview - Debbie Bianucci, President, BAI
Oct 30 2009
This year's BAI Retail Delivery Conference & Expo, beginning Nov. 3 in Boston, is the 32nd annual event - and it very much will reflect the times that financial institutions have experienced over the past year. Risk management, social networking, customer confidence - these all will be major themes at this year's event, says Debbie Bianucci, President and CEO of BAI. In an exclusive interview, Bianucci discusses: The major themes of the BAI event; Specific programs related to risk management and security; What to expect at the event and in the expo. Bianucci leads the BAI team to find new and innovative ways to provide high-value, objective information and education to the financial services industry. She has been in financial services for over 30 years, including senior positions with several major financial services companies. Before being appointed CEO, Bianucci was responsible for a variety of functions over the course of her nearly 20 years with BAI, most recently having executive responsibility for marketing and sales. She is a frequent speaker at industry events and has authored numerous books and articles on financial services topics. The Bank Administration Institute (BAI) is the financial services industry's partner for breakthrough information and intelligence needed to innovate and stay relevant in an evolving marketplace. For more than 80 years, BAI has focused on advancing the industry by offering unbiased education and research. In addition, we facilitate ongoing industry dialogue through a robust network of financial services professionals, thought leaders, newsmakers, and solutions experts.







White House Must Lead: Melissa Hathaway, White House Cybersecurity Policy Review Leader - Part 2
Nov 13 2009
Melissa Hathaway, who led President Obama's 60-day cybersecurity policy review, says it would be a mistake to place the nation's top cybersecurity adviser in the Department of Homeland Security, as proposed by an influential senator, and not in the White House. Asked, in an interview with GovInfoSecurity.com whether the idea forwarded by Sen. Susan Collins, R.-Maine, was a good one, Hathaway responded: "No. I believe there is a need to have leadership out of the White House. There have been many reports that have been written that if you establish a lead in one particular agency, they don't necessarily have the authoritative responsibility over all of the other departments and agencies. And, while I think it's important to have leadership at the Department of Homeland Security, I think that without having the leadership at the White House, we will not be able to really drive the federal government in the direction that it needs to go." Among the topics Hathaway addresses in the second of a two-part interview with GovInfoSecurity.com's Eric Chabrow: Cybersecurity Coordinator: The difficulty of finding someone with not only strong IT security credentials who also understands economics is a key reason the position remains vacant. The job, as proposed by Obama, would have the cybersecurity coordinator report to the president's national security advisor and the national economic adviser. International Cybersecurity Collaboration: The international nature of the Internet and a global economy means the United States cannot act alone to secure information assets. E-commerce and Online Banking: "It's important to have better credentialing and authentication of customers online in order to assure the security with banking and e-commerce broadly." In Part 1 of the interview (click here to listen), Hathaway said government and business must think creatively to help safeguard America's digital assets. She also addressed the critical posture of cybersecurity in the United States, the importance of government and private-sector collaboration on cybersecurity and the need to use the government's massive purchasing power to require security-ready IT wares. President Obama in February named Hathaway White House acting senior director of cybersecurity and assigned her to lead a wide-ranging, interagency review the government's cybersecurity plans and activities. Her review resulted in the administration's cybersecurity policy agenda the president unveiled in May. She resigned her White House job in August, and shortly thereafter started the consultancy, Hathaway Global Strategies, and this fall joined the Belfer Center for Science and International Affair at Harvard University's Kennedy School of Government as a senior adviser. Hathaway is a protégé of retired Adm. Mike McConnell, who served until earlier this year as the National Intelligence director. Under McConnell, Hathaway served as a senior advisor and cyber coordination executive. She chaired the National Cyber Study Group, contributing to the development of the Comprehensive National Cybersecurity Initiative. That led to her appointment as director of the Joint Interagency Cyber Task Force in January 2008. At the business consultancy Booz Allen, where she first worked with McConnell, Hathaway served as a cybersecurity strategist, leading the information operations and long-range strategy and policy support business units. Hathaway holds a BA from American University and a special certificate in information operations at the U.S. Armed Force Staff College.

Creatively Securing IT: Melissa Hathaway, White House Cybersecurity Policy Review Leader
Nov 12 2009
Government and business must think creatively to help safeguard America's digital assets, says Melissa Hathaway, the former White House acting senior director for cybersecurity who led President Obama's 60-day cybersecurity policy review. Hathaway, an interview with GovInfoSecurity.com, cited the innovative coupling of cell phone and global positioning technologies to authenticate a user withdrawing money from an ATM or making a credit card purchase. With the cell phone turned on, a GPS can verify that the consumer is where the transaction takes place. "That's not what cell phones were originally designed for, but I thought it was a creative solution on how to defeat the fraud or at least make it much more complicated for the criminal or thieves to take our information or take our personal data," Hathaway said in a conversation with Eric Chabrow, GovInfoSecurity.com managing editor. In the first of the two-part interview, Hathaway also discussed: The critical posture of cybersecurity in the United States. "The threat is outpacing our defenses at a volume and velocity never imagined." Getting government and the private sector to collaborate on cybersecurity. "The private sector really needs to step up and help own the problem." Resisting the urge to over regulate industry, and instead using the government's massive purchasing power to require security-ready IT wares. "Using procurement as a market lever is a better than regulations." (Click here to listen to part 2 of the interview.) President Obama in February assigned Hathaway to lead a wide-ranging, interagency review the government's cybersecurity plans and activities. Her review resulted in the administration's cybersecurity policy agenda the president unveiled in May. Hathaway is a protégé of retired Adm. Mike McConnell, who served until earlier this year as the National Intelligence director. Under McConnell, Hathaway served as a senior advisor and cyber coordination executive. She chaired the National Cyber Study Group, contributing to the development of the Comprehensive National Cybersecurity Initiative. That led to her appointment as director of the Joint Interagency Cyber Task Force in January 2008. At the business consultancy Booz Allen, where she first worked with McConnell, Hathaway served as a cybersecurity strategist, leading the information operations and long-range strategy and policy support business units. She resigned her White House job in August, and shortly thereafter started the consultancy, Hathaway Global Strategies, and this fall joined the Belfer Center for Science and International Affair at Harvard University's Kennedy School of Government as a senior adviser. Hathaway holds a BA from American University and a special certificate in information operations at the U.S. Armed Force Staff College.







Business Continuity Trends 2010: Sue Kerr, BC/DR Consultant
Nov 24 2009
We've experienced two waves of the H1N1 pandemic. What lessons have we learned? Sue Kerr, President of Continuity First, a business continuity/disaster recovery consultancy, talks about how organizations have handled H1N1. She also discusses: the state of BC/DR; Challenges facing organizations today; 2010 trends and career opportunities. Kerr is also the president of the Old Dominion Association of Contingency Planners, Education Director for the National Association of Contingency Planners and a previous member of the Disaster Recovery Journal Editorial Advisory Board. She has been active in setting standards for the industry as well as training others. She has spoken at various conferences and has done training for corporations, governmental organizations as well as the community. She has been published in industry journals and has been interviewed multiple occasions as a subject matter expert. She is a Certified Business Continuity Professional through the Disaster Recovery Institute. In addition to working as a consultant for 5 years, she spent 11 years at a Fortune 500 company developing and implementing its Business Continuity Program. She was the Crisis Manager for such events as September 11th, major hurricanes and tropical storms, wild fires, white powder incidents, as well as many others. She has first-hand knowledge on how to design and implement a Crisis Management and Business Continuity Program as well as respond to various incidents.




















Privacy & Consumer Protection: What to Expect in 2010
Jan 18 2010
Interview with Lydia Parnes, Former Director of the FTC's Bureau of Consumer Protection Privacy, data security and consumer protection - three of the top concerns to organizations everywhere. And they are three of the topics nearest and dearest to Lydia Parnes, former director of the Federal Trade Commission's (FTC) Bureau of Consumer Protection. Now a partner in the Washington, D.C. office of Wilson Sonsini Goodrich & Rosati, Parnes works with organizations to ensure their privacy and security policies. In an exclusive interview, Parnes discusses: Current trends in privacy, data security and consumer protection; The greatest challenges to organizations entrusted with ensuring these protective measures; How the public and private sectors are likely to work together to tackle these challenges this year. Parnes' current practice focuses on privacy, data security, Internet advertising, and general advertising and marketing practices. The former director of the Bureau of Consumer Protection (BCP) at the Federal Trade Commission (FTC), she is a highly regarded expert in the field of consumer protection. As director of the BCP, one of the FTC's two law-enforcement bureaus and the nation's only federal consumer-protection agency, Parnes oversaw the enforcement of a wide range of laws designed to prevent fraud and deception in the commercial marketplace, safeguard consumer privacy, and provide consumers with important information about the goods and services they purchase. She also represented the bureau in international settings and on Capitol Hill in connection with such high-profile issues as information security and privacy, Internet advertising, and identity theft. In addition, Lydia has extensive experience with the application of consumer-protection principles to the technology market. In 2006, she served as the deputy executive director of the President's Task Force on Identity Theft, coordinating the efforts of 17 federal agencies in developing a national strategic plan to combat identity theft in both the private and public sectors.








Data Loss Prevention Case Study: The Challenges Facing Financial Institutions
Mar 24 2010
When it comes to data loss prevention (DLP), what are the major challenges facing financial institutions and other organizations? And how can these challenges be overcome? In this exclusive interview, Jason Vander Meer of RealTick discusses his organization's DLP strategy, and the solution he deployed from Code Green Networks. Additionally, Dan Udoutch of Code Green Networks offers advice for organizations faced with similar DLP challenges. Vander Meer is currently responsible for Information Security and IT Infrastructure Project Management at RealTick®, the electronic trading industry's premier global, multi-broker, broker neutral, cross-asset Execution Management System (EMS). He joined RealTick in 2005, and has since been the lead of managing Information Security risk assessment and mitigation. Vander Meer has a MS degree in Information Technology and Information Assurance from DePaul University in Chicago. Udoutch is the President and CEO of Code Green Networks. As a 25+ year Sales, Marketing and CEO veteran of Silicon Valley, Dan has a unique set of skills and successes with bringing innovative and market leading solutions to the Enterprise customer. He held significant executive-level roles at notable firms including Commerce One, NavTeq and Netscape Communications. Earlier in his career he worked for IBM and Tandem delivering mission critical solutions to various industries including financial services and healthcare.







Digital Forensics - Careers Tips from Rob Lee of SANS Institute
Feb 05 2010
Increasingly, digital forensics is an important element of an information security program for organizations of all types and sizes. But where can security leaders find qualified forensics professionals? How can these professionals obtain the skills and expertise they need to be successful? Rob Lee of Mandiant and SANS Institute discusses forensics careers, focusing on: Hot trends of 2010; Questions hiring managers must ask; Growth opportunities for qualified pros. Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he directly worked with a variety of government agencies in the law enforcement, Dept. of Defense, and intelligence communities where he was the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and led a computer forensic and security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University. Finally, Rob was awarded the "Digital Forensic Examiner of the Year" from the Forensic 4Cast 2009 Awards.


How to Manage Social Media - Jerry Mechling, Harvard Kennedy School
Feb 12 2010
From blogs to wikis, Facebook to Twitter, social media have taken over the workplace. But how do security leaders manage social media before all these new tools and technologies become unmanageable? Jerry Mechling is a prominent author and lecturer at the Harvard Kennedy School, and in an exclusive interview he discusses: Social media's impact on public and private entities; The inherent security and risk management challenges; How organizations should begin to unlock social media's potential. Mechling, Lecturer in Public Policy at the Harvard Kennedy School of Government, is Founder of the Leadership for a Networked World Program and the Harvard Policy Group on Network-Enabled Services and Government. He is also a Research Vice President of Gartner. His studies focus on the impacts of information and digital technologies on individual, organizational, and societal issues. He consults on these and other topics with public and private organizations locally and internationally. He is primary author of Eight Imperatives for Leaders in a Networked World, a series of policy papers. A Fellow of the National Academy of Public Administration and a Board of Visitors Member of the National Defense University, he received the NASCIO National Technology Champion Award in 2005, and is a four-time winner of the Federal 100 Award. Dr. Mechling was formerly a Fellow of the Kennedy School Institute of Politics, served as an aide to the Mayor and Assistant Administrator of the New York City Environmental Protection Administration, and as Director of the Office of Management and Budget for the City of Boston.





"Follow the Risk" - Tips from Richard Chambers, President of the Institute of Internal Auditors
Feb 19 2010
Richard Chambers, President of the Institute of Internal Auditors (IIA) has three words of advice for organizations, executives and auditors looking to improve the role of internal audit: "Follow the risk." In an exclusive interview, Chambers discusses: Impact of the economic recession on internal audit; How the role has evolved because of recent times; Advice for organizations, executive and auditors to further maximize the role. Chambers began his career in 1976 with the U.S. General Accounting Office, where he first became an internal auditor. He firmly established himself in government internal auditing and was named Worldwide Director of Internal Review for the United States Army in 1993. He later served as Deputy Inspector General for the United States Postal Service and Inspector General for The Tennessee Valley Authority. In 2001, Chambers joined The IIA staff as vice president, Learning Center. After a brief tenure as "acting president," he left The IIA in 2004 to join PricewaterhouseCoopers, where he most recently served as national practice leader, Internal Audit Advisory Services. Throughout his career, Chambers has served on numerous boards and panels, including the U.S. President's Council on Integrity and Efficiency, the City of Orlando Florida Audit Board, and The IIA's Internal Audit Standards Board. He has served in various leadership roles at The IIA since 1994.

What is 'Reasonable Security?' - David Navetta, Information Law Group
Feb 24 2010
When it comes to protecting your organization and your customers from a data breach, what is considered "reasonable security?" This question is at the center of several ongoing lawsuits, and how the courts answer it may be one of the biggest stories of 2010. Shedding light on this hot topic is David Navetta, founding partner of the Information Law Group and co-chair of the American Bar Association's Information Security Committee. In an exclusive interview, Navetta discusses: Current regulatory trends, including the HITECH Act; Legal issues surrounding "reasonable security;" How to use existing standards to establish "reasonable security." Prior to co-founding the Information Law Group, Navetta established InfoSecCompliance LLC ("ISC"), a law firm focusing on information technology-related law. ISC successfully served a wide assortment of U.S. and foreign clients from Fortune 500 companies to small start-ups and service providers. He previously worked for over three years in New York as assistant general counsel for a major insurer's eBusiness Risk Solutions Group. While there he analyzed and forecasted information security, privacy and technology risks, drafted policies to cover such risks, and worked on sophisticated technology transfer transactions. Navetta engaged in commercial litigation for several years prior to going in-house, including working at the Chicago office of Sedgwick, Detert, Moran and Arnold, a large international law firm. He currently serves as a Co-Chair of the American Bar Association's Information Security Committee, and is also Co-Chair of the PCI Legal Risk and Liability Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues.








Secure Access to Sensitive Data: Insights from John Bordwine, Public Sector CTO, Symantec
Mar 17 2010
We've emerged from a global financial crisis, and now regulatory reform is coming to financial services. What do these events mean for the financial regulatory agencies - especially in terms of securing access to sensitive data? John Bordwine, Public Sector CTO at Symantec, tackles this question, discussing: The critical need to secure access to sensitive data; The business benefits of enhancing security; Key takeaways for non-financial organizations. As the Symantec Public Sector CTO, Bordwine currently serves as a trusted advisor, providing guidance on the development of products and solutions that meet government requirements and certifications specifically focused on the Public Sector markets. His responsibilities also include all technical activities related to Public Sector customers, which includes federal, state, and local government agencies, and education industries. In addition to these responsibilities, he also provides guidance to other Symantec business units around specific requirements to the Public Sector industry. Previously, Bordwine spent over five years with McAfee as the Public Sector CTO and Senior Director of Security Engineering. He has spoken at numerous highly-acclaimed security events, including SANS Institute events, FOSE, AFITC, and US Government agency-specific functions. Bordwine holds a Top Secret clearance and served in the US Army Signal Corps where his last assignment was with the White House Communications Agency.



Global Fraud Trends: How to Avoid the Scams
Mar 25 2010
Interview with Mike Urban, Sr. Director, FICO Financial institutions and their customers are experiencing a frightening range of fraud scams. Where are their greatest risks? Mike Urban, Senior Director of Global Fraud Solutions at FICO, discusses: Today's top trends; Where organizations are most vulnerable; Steps to take to reduce fraud risk. Urban has 15 years experience in fraud management. He currently serves as senior director, Fraud Solutions, for FICO. He analyzes fraud issues and trends to provide continuous improvements in fraud detection technology. He also regularly works with law enforcement to help prosecute criminals and has been responsible for uncovering several crime rings in the US. As a renowned industry expert, Urban regularly speaks about fraud trends, best practices and solutions to industry groups. He has been quoted in numerous publications including the New York Times, MSNBC, Computer World, American Banker and ATM & Debit News. He has also written articles that have appeared in such publications as DM Direct, Bank Technology News and the ISSA Journal. He is also a founding executive committee member of the Global ATM Security Alliance (GASA), and is a member of and the American Society of Industrial Security (ASIS). Urban is a steering committee member for the Santa Fe Group Vendor Council, which is a collaborative forum of fraud, risk and compliance vendors who work as industry activists on non competitive fraud issues. His industry recognition includes GASA Crime Fighter of the Year 2005 and ATMIA Most Influential Member of the Year 2004. NOTE: FICO World 2010 is upcoming in Miami, April 13-16. One of the event speakers will be Tom Field, editorial director of Information Security Media Group, discussing the latest research on fraud trends and other key topics.

Payments, Privacy and Vendor Management - Global Best Practices
Mar 29 2010
Interview with Adrian Davis of the Information Security Forum In terms of payments, privacy and third-party relationships, U.S. security leaders have much to learn from - and share with - their peers in the U.K. and elsewhere in the world. This is the perspective of Adrian Davis, a senior research consultant with the UK-based Information Security Forum. In an exclusive interview, Davis discusses: Top threats to public and private organizations; Insights on payments, privacy and vendor management; Advice to organizations looking to improve information security globally. Davis heads the Leadership and Management group within the Research and Services Team of the Information Security Forum, responsible for delivering client-facing projects. His team covers topics such as the role and effectiveness of information security; the role and skills of information security professionals from junior analyst to the Chief Information Security Officer and Chief Security Officer; managing and assessing information security in third parties; assessing the possible near-term threats to organizations; and cloud computing. His prior experience includes international project management, the creation and implementation of project and program offices, risk management and strategy formulation. Davis has chaired the Marcus Evans SecurIT event for the last two years (2008 and 2009) and is a regular speaker at major conferences, including RSA and RSA Europe.

The Case for Federated ID Management
Mar 29 2010
Interview with Tom Smedinghoff of Wildman Harrold The topic has been discussed for years, but now truly is the time for organizations to invest in federated identity management. So says Tom Smedinghoff, partner at Chicago-based law firm Wildman Harrold. In an exclusive interview, Smedinghoff discusses: What's new about federated ID management; Challenged to implementing a federated strategy; How to build a solid business case for deployment. Smedinghoff is a partner at Wildman Harrold, where his practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce, identity management and information security legal infrastructures for the federal government, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He also frequently counsels clients on the law relating to first-of-their-kind electronic transactions, privacy,4 information security legal matters, and e-commerce initiatives. At the same time, he has been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.




Fighting Mortgage Fraud - Leigh Williams, BITS President
Apr 01 2010
Payment cards and ACH fraud have dominated the headlines, but mortgage fraud remains a very real threat to banking institutions and consumers alike. In an exclusive interview, Leigh Williams, BITS President at the Financial Services Roundtable, discusses: Mortgage fraud trends of top concern; Risks to banking institutions and consumers; Immediate steps to take to reduce mortgage fraud. Williams was appointed President of BITS in April 2007. Previously, Leigh was a Senior Fellow at the Kennedy School of Government at Harvard University, in the Mossavar-Rahmani Center for Business and Government. While at Harvard, his research focused on public and private sector collaboration in the governance of privacy and security. Prior to joining the Kennedy School, Leigh worked for many years at Fidelity Investments in various risk management, security and privacy roles, including Chief Risk Officer and Chief Privacy Officer. His most recent position at Fidelity was Senior Vice President, Public Policy. While with Fidelity Investments, Leigh served the industry in a variety of leadership roles, including many within BITS and the rest of The Financial Services Roundtable. A division of The Financial Services Roundtable, BITS is a not-for-profit industry consortium whose members are 100 of the largest financial institutions in the United States. Created in 1996 by the CEOs of these institutions, BITS fosters the growth and development of electronic financial services and e-commerce for the benefit of financial institutions and their customers.

'Watch the Lower Lip!' - Using Facial Expressions to Detect Fraud
Apr 06 2010
Genie Laborde and Robert Nolan on How to Help Prevent First Party Fraud Want to know if a prospective loan customer is lying? Watch their eyes. And their breathing. And especially whether they move their lower lip. These are the tips from Robert Nolan, a former mortgage banker, and Genie Laborde, an author and speaker, who have teamed up to offer training for banking institutions looking to reduce first party fraud. In an exclusive interview, Laborde and Nolan discuss: Trends in first party fraud; Why facial expressions are key; What organizations can do now to reduce fraud. Laborde is the author of several books, Influencing with Integrity: Management Skills for Communication and Negotiation(170,000 sold); the follow-up book, Fine Tune Your Brain: When Everything's Going Right and What To Do When It Isn't, and the workbook 90 Days to Communication Excellence. Influencing with Integrity has been translated into French, Spanish, German, and Polish. Her latest is Influencing with Integrity on the Internet, which is an eBook and a book on paper. She has produced the video training films and courses, "Influencing Skills," "TeleSkills," "Managing Meetings with PEGASUS," and "Paradigm Changes in Business" (co-produced with Florida Power and Light). The videos and trainings have been purchased by Fortune 500 Companies and educational institutions including Hewlett-Packard, Chase Manhattan Bank, IBM, Rochester Institute of Technology, Continental Airlines, and Eastman Kodak. Her videos, books and course materials are also available in Spanish. Nolan founded IvyStone Consulting Group in 2007 to help Mortgage Loan Officers as well as others in professional sales to build better relationships with Real Estate Agents and clients. He has developed a course for Mortgage Fraud detection, which introduces new training techniques for detection during the mortgage loan application process. Prior to ICG, he worked for Phoenix Consulting Group, helping companies in the pharmaceutical, medical device manufacturing and consumer goods industry train salesman and researchers how to detect competitors interested in obtaining intellectual property rights at trade shows. He was in the Mortgage Industry for 12 years and held positions such as loan officer and manager for builder partnerships with national mortgage companies.









"Fraud & Stupidity Look a Lot Alike"
Apr 27 2010
Interview with Allan Bachman of the Association of Certified Fraud Examiners The magnitude of fraud schemes has grown - the scale and the losses. But the basics of fraud investigation remain sound. And if there's one thing people should know up front, says Allan Bachman of the Association of Certified Fraud Examiners (ACFE), it's this: "In their initial stages, fraud and stupidity look an awful lot alike." In other words, an investigator who stumbles upon what appears to be just a stupid mistake might want to dig further. Stupidity often ends up being cleverly disguised fraud, Bachman says. In an interview with Editorial Director Tom Field, Bachman discusses: Current fraud trends; When a breach becomes an actual investigation; What it takes to be a fraud examiner today. Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on several IT implementations specializing in security. His largest fraud investigation for over $1.5 million was conducted during this time. Previously Bachman worked in or consulted for retail, real estate, manufacturing and has done extensive small business consulting where he has actively worked a number of fraud cases. His fraud investigation experience extends back to the mid- 70's and has continued throughout today. He became a CFE in 1993.






Regulatory Reform - What it Means to Main Street Banks
May 06 2010
Interview with Larry Marik, New Chair of the Nebraska Bankers Association There is a sense that Congress soon will pass historic banking regulatory reforms - and soon after, community banking institutions will start to feel the impact. "Community banks were not the problem, but community banks will be part of the solution," says Larry Marik, newly-elected chair of the Nebraska Bankers Association. In an exclusive interview, Marik, also the chairman of the First National Bank of Columbus and Norfolk, discusses: The state of banking in Nebraska today; How the association advises member banks to fight fraud; What banking regulatory reform means to Main Street Institutions. Marik has been with First National Bank of Columbus since 1980, serving as vice president of retail services and marketing, senior vice president, president, and currently as chairman of the board of directors. Marik understands the importance of community involvement, having served in numerous leadership roles within Columbus, Neb. In fact, he is the first community leader in Columbus to serve both as mayor and as chairman of the Columbus-Area Chamber of Commerce. At the national level, Marik has served on the EconomicsAmerica Board of Directors; instructed at several national banking schools for 15 years; and spoken in more than 20 states on topics such as marketing, human resources, training, planning, and employee motivation. In addition, he has served as a banking advisor for the American Bankers Association, traveling throughout the United States on national media tours for the association.