Credit Union Information Security Podcast

Melissa Hathaway, who led President Obama's 60-day cybersecurity policy review, says it would be a mistake to place the nation's top cybersecurity adviser in the Department of Homeland Security, as proposed by an influential senator, and not in the White House. Asked, in an interview with GovInfoSecurity.com whether the idea forwarded by Sen. Susan Collins, R.-Maine, was a good one, Hathaway responded: "No. I believe there is a need to have leadership out of the White House. There have been many reports that have been written that if you establish a lead in one particular agency, they don't necessarily have the authoritative responsibility over all of the other departments and agencies. And, while I think it's important to have leadership at the Department of Homeland Security, I think that without having the leadership at the White House, we will not be able to really drive the federal government in the direction that it needs to go." Among the topics Hathaway addresses in the second of a two-part inter

Government and business must think creatively to help safeguard America's digital assets, says Melissa Hathaway, the former White House acting senior director for cybersecurity who led President Obama's 60-day cybersecurity policy review. Hathaway, an interview with GovInfoSecurity.com, cited the innovative coupling of cell phone and global positioning technologies to authenticate a user withdrawing money from an ATM or making a credit card purchase. With the cell phone turned on, a GPS can verify that the consumer is where the transaction takes place. "That's not what cell phones were originally designed for, but I thought it was a creative solution on how to defeat the fraud or at least make it much more complicated for the criminal or thieves to take our information or take our personal data," Hathaway said in a conversation with Eric Chabrow, GovInfoSecurity.com managing editor. In the first of the two-part interview, Hathaway also discussed: The critical posture of cybersecurity in the United States

Insights from Former Regulator Christie Sciacca Sen. Christopher Dodd has just released his draft version of a banking regulatory reform bill. How does it differ from other proposals that came before it, and how will banking regulation be reshaped - and when? Christie Sciacca, formerly with the Federal Deposit Insurance Corporation, now a director with LECG in Washington, D.C., discusses: Initial analysis of the Dodd bill; How regulatory reform is shaping up; What to expect in 2010. Sciacca spent 23 years at the FDIC, where he led examination, supervisory and bank rescue transaction projects in Detroit, New York, and Washington DC. From 1983-1986, Sciacca was Assistant to the Chairman, representing the Chairman on interagency matters, at bank trade association meetings and on all operational and policy matters. Sciacca served as the FDIC's representative on the Vice President's Task Group on the Regulation of Financial Services. In 1996, he returned to the FDIC to establish that agency's International B

After fingerprints, iris recognition is the second most supported biometric characteristic, and its popularity as a means of authentication is growing. Patrick Grother is among the computer scientists at the National Institute of Standards and Technology's Information Technology Laboratory who are collaborating with their international colleagues to revise iris recognition standards and to advance iris images as the global interchange medium. In an interview, Grother discusses: Advances in iris recognition technology; When one biometric is better than another as a means of identification and authentication; and The IREX Exchange, or IREX, a program NIST founded to encourage collaboration in development of iris recognition algorithms operating on images conforming to the new ISO-IEC 19794-6 standard. Grother was interviewed by Eric Chabrow, GovInfoSecurity.com managing editor.

Tough times require "softer" leaders. This is the perspective of careers coach Heidi Kraft, who says that today's senior leaders need to focus more on emotional intelligence and other "soft" qualities to be able to better recruit and retain quality employees. In an exclusive interview, Kraft discusses: Which "soft" skills are most important; How managers and employees alike can change a culture to embrace these skills; Where to start to develop and nurture "softer" leaders. Kraft is a Leadership and Career coach and founder of Kraft Your Success Coaching and Consulting. Prior to launching her business, she spent 17 years on the agency side of the advertising industry, including a stint as SVP Media Director at Boston-based Hill Holliday, developing and implementing media strategies for high-profile clients such as Microsoft, Intel, Intuit, Siebel Systems, 24 Hour Fitness and Harley-Davidson. She holds a CPCC (Certified Professional Coactive Coach) and is a graduate of the Coaches Training Institute

Interview with Kevin Sanchez-Cherry, IT Security Specialist What does it take for an information security professional to make it into the United States Secret Service? We asked Kevin Sanchez-Cherry, IT Security Specialist within the agency's Information Security Operations. In this exclusive interview, Sanchez-Cherry discusses: Types of Secret Service careers available to security professionals; What to expect during the hiring process; Myths and realities of a job in the Secret Service. Sanchez-Cherry is an IT Security Specialist for the United States Secret Service's Information Security Operations sub-division and is responsible for leading the Secret Service's Certification and Accreditation (C&A) Program and Information Systems Security Officer (ISSO) Program. He also assists in the management of the enterprise Information Assurance (IA) Program for the Secret Service. Prior to joining the Secret Service in 2006, Mr. Sanchez-Cherry served two years as Principal Security Specialist with the Dep

Steven Elefant Discusses the Breach, End-to-End Encryption Steven Elefant joined Heartland Payment Systems as a consultant in November 2008. Two months later, the company announced it had been the victim of the biggest reported data hack in history. Now CIO of Heartland, Elefant appeared at the BAI Retail Delivery Conference & Expo in Boston and sat down with Tom Field to discuss: The impact of the breach on Heartland; How Heartland is different today as a result of the breach; The future of payments security - and why Heartland is betting on end-to-end encryption. Elefant was the founder of several successful Silicon Valley startup and venture capital firms. He is co-founder and former chief executive officer of ICVerify, Inc., a leader in payments processing integration of PC-based POS software. The company merged with CyberCash, Inc. in 1998 to form an Internet and physical service provider for electronic payments software. He has been an active member of the US Secret Service Electronic Crimes Ta

Allan Bachman has fought fraud since the early 1970s, and he's seen the crimes evolve in both sophistication and scale. In an exclusive interview, Bachman, Education Manager for the Association of Certified Fraud Examiners (ACFE), discusses: The evolution of fraud schemes; The most common types of fraud seen today; Types of training available to help detect and prevent fraud. Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on several IT implementations specializing in security. His largest fraud investigation for over $1.5 million was conducted during this time. Previously Bachman worked in or consulted for retail, real estate, manufacturing and has done extensive small business consulting where he has actively worked a number of fraud cases. His fraud investigation experience extends back to the mid- 70's and has continued th

This year's BAI Retail Delivery Conference & Expo, beginning Nov. 3 in Boston, is the 32nd annual event - and it very much will reflect the times that financial institutions have experienced over the past year. Risk management, social networking, customer confidence - these all will be major themes at this year's event, says Debbie Bianucci, President and CEO of BAI. In an exclusive interview, Bianucci discusses: The major themes of the BAI event; Specific programs related to risk management and security; What to expect at the event and in the expo. Bianucci leads the BAI team to find new and innovative ways to provide high-value, objective information and education to the financial services industry. She has been in financial services for over 30 years, including senior positions with several major financial services companies. Before being appointed CEO, Bianucci was responsible for a variety of functions over the course of her nearly 20 years with BAI, most recently having executive responsibility for

From ACH to ATM, payments to phishing, fraud schemes abound. And bank customers and businesses are the targets. So what can banking institutions do to fight back? Bob Neitz is the senior vice president in charge of the Fraud Corporate Risk Management Program at Wells Fargo. In an exclusive interview, Neitz discusses: The types of fraud he fights; How managers, employees and customers can prevent fraud; What other banking institutions can be doing to improve their own fraud prevention efforts. Neitz is a manager of the Fraud Corporate Risk Management Program at Wells Fargo, responsible for providing leadership and direction around cross-organizational fraud risk management for the enterprise, including all consumer, small business and wholesale businesses. With more than 14 years of experience in a Risk Management capacity, Neitz has held several other positions at Wells Fargo with various business groups, including online banking, consumer products and credit card businesses.

Malware, Consumer Technology, Social Networks Head the List of Vulnerabilities Know what scares security expert John Pescatore the most? The image of a remote employee sitting at a home office or public setting, plugging into an unsecured network, accessing critical business data via a personal laptop or PDA. Organizations have never had so many security risks in so many remote locations, says Pescatore, VP and Distinguished Analyst with Gartner, Inc. Mitigating these risks will be among the primary challenges for information security leaders in 2010. In a discussion of security trends, Pescatore offers insight on: Emerging threats; Emerging solutions; The role of education and training to help meet security needs. Pescatore has 31 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 year

Interview with Pete Fahrenthold of Continental Airlines, RIMS Enterprise Risk Management (ERM) is a topic of interest throughout an organization - and increasingly at the board of director level. But how does a security leader engage the board on ERM - and keep it engaged? Pete Fahrenthold of Continental Airlines and RIMS discusses: The top current ERM issues; How to engage the board - what works, what doesn't? How to measure the ongoing engagement of the board. Fahrenthold is the Managing Director of Risk Management and the ERM Team Leader for Continental Airlines. He has over 20 years of risk management experience. Prior to entering the risk management field, he worked in public accounting and in various corporate functions including financial reporting, treasury operations, and employee benefits management. He is currently the Vice Chair of the RIMS ERM Development Committee, and he is the Chair of the AFP Risk Newsletter Editorial Advisory Board.

The fall flu season has begun in the U.S., and the news each day is filled with stories about H1N1 (swine flu) outbreaks at schools and businesses. But how bad is the outbreak? Is it on a par with a typical flu season? Far better or far worse? To help separate fact from fiction, noted pandemic expert Regina Phelps discusses: Current realities of H1N1; What organizations should be doing now - especially with Halloween approaching; Lessons learned and what to expect next. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

We all can see the technological and market forces converging to necessitate and enable electronic healthcare records. But how does this transition impact privacy and compliance within an organization? What are the ramifications for IT and security departments? Kim Singletary, Solutions Marketing for McAfee, discusses: The electronic healthcare records revolution; Impact on privacy and compliance; How IT departments must respond. Singletary was Director of Compliance Solutions for Solidcore prior to the McAfee acquisition. She has 15 years of Product Management and Marketing roles with companies specializing in outsourced IT services for critical infrastructure both traditional datacenter services, MSSP and SAAS. Her expertise has been in developing and growing security, compliance and managed services for the Fortune 500 which included roles at SAVVIS Communications, Frontier Communications and Global Crossing.

Interview with Rep. Yvette Clarke, Chair, House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology To quell the rising tide of information breaches and to protect government and key civilian IT systems, the idea of regulating IT and data is gaining ground among those who shape federal law and policies. If such regulation comes about, Rep. Yvette Clarke, D-N.Y., will be involved in shaping authorizing legislation, by virtue of her chairmanship of the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. Clarke, in an interview with GovInfoSecurity.com, said any such law or regulation must not hamper innovation. In the interview, Clarke discusses: Key elements of what she terms the National Data Breach Law. The deliberate approach the House is taking to implementing cybersecurity legislation. President Obama's need to appoint a cybersecurity coordinator now. Clarke represents one of the country's most ethnically diverse Congressional

Governance, risk and compliance - GRC - are priorities for information security leaders of all organizations. And these priorities have only been underscored by the economic recession and elevated scrutiny of businesses and government agencies. In an exclusive interview on GRC trends, Chris McClean, analyst with Forrester Research, discusses: Specific trends in governance, risk and compliance; How organizations are most challenged to respond to these trends; Corporate Social Responsibility - what it is, and how information security leaders should respond. McClean contributes to Forrester's offerings for the Security & Risk professional, leading the company's coverage of governance, risk, and compliance (GRC). He is also a thought leader on the related issues of corporate social responsibility (CSR) and sustainability. He is a frequent speaker on these subjects at vendor events as well as conferences run by industry organizations such as the Risk Management Association.

Social networking. Cyberbullying. Identity theft. There are myriad threats to children as they explore their online universe. And to counter these threats is Safe and Secure Online, a new interactive presentation that brings information security professionals into classrooms to give sound advice to 11-14-year-old children. Delivered by (ISC)2, Safe and Secure Online relies on material developed by former school teachers, but delivered by certified information security professionals. David Melnick of Deloitte and (ISC)2 discusses: The need for Safe and Secure Online; How the program will be delivered and measured; Ways businesses, government agencies and information security professionals can help. Melnick is a principal in security and privacy services within the audit and enterprise risk services practice in the Los Angeles office of Deloitte and brings more than 17 years of experience designing, developing, managing and auditing large scale secure technology infrastructure. Melnick has authored sever

Interview with Dave Jevans of the Anti-Phishing Working Group On Oct. 7, the U.S. government announced the results of "Operation Phish Phry," which saw 100 suspects in two countries charged with being part of a major multinational phishing ring. And although these indictments are the most ever in a cyber crime case, Dave Jevans of the Anti-Phishing Working Group (APWG) says, in the grand scheme of global phishing scams ... this is a tiny catch, indeed. In an exclusive interview on phishing trends, Jevans discusses: The latest phishing trends; Lessons learned from the latest incidents; What banking institutions and businesses can do to protect themselves. Jevans is the Chairman and Founder of the Anti-Phishing Working Group, the leading non-profit organization dedicated to eradicating identity theft and fraud on the Internet. The APWG has over 1,500 member companies and agencies worldwide. Membership is limited to banks and other financial institutions, ISPs, law enforcement agencies and security techno

As people increasingly turn to information assurance to start - or re-start - a career, the nation's community colleges play a greater role in job training. Erich Spengler, professor at Moraine Valley Community College near Chicago, discusses: The role of community colleges in information assurance education; Challenges and opportunities for two-year programs; Where to begin when considering your next career move. Spengler has over 20 years experience in Information Systems and holds an MBA from Loyola University of Chicago and an MS in Computer Science from the University of Illinois - Springfield. In addition to serving as a tenured professor of Computer Integrated Technologies at Moraine Valley Community College, Erich also serves as a Guest Lecturer at Northwestern University and as the Director and Principle Investigator for the National Science Foundation (NSF) Regional Center for Systems Security and Information Assurance (CSSIA @ www.cssia.org). Erich holds several industry certifications includ

Interview with Shirley Inscoe and BC Krishna, Authors of Insidious: How Trusted Employees Steal Millions and Why It's so Hard for Banks to Stop Them Insider fraud has always been a risk for banking institutions, but this risk has only grown in the past year. And so has the size of the crimes. Shirley Inscoe and BC Krishna of Memento have written a new book, "Insidious: How Trusted Employees Steal Millions and Why It's so Hard for Banks to Stop Them." In an exclusive interview, the authors discuss: What's most misunderstood about insider fraud; How organizations are responding to the threat; Advice for what banking institutions can do today to prevent insider crimes. Inscoe, Memento's Director of Financial Services Solutions, had a distinguished 24-year career at Wachovia, the fourth largest bank in the U.S. Throughout her tenure at Wachovia, Inscoe held a series of increasingly responsible positions in risk management, regulatory compliance, and loss reduction initiatives. She is a member of the Americ