Credit Union Information Security Podcast

Log Management is a necessary first step, but only a baseline technology. Compliance mandates and good security practice also require real-time, end-to-end monitoring to identify, prioritize, analyze and remediate the true threats. Given the increase in targeted stealth attacks, clear visibility is more important than ever to protect your data. Consequently, Log Management alone is just not enough. Learn how the convergence of Log Management and Security Information Management (SIM) is changing the way we think about security, and why the demand for SIM is surging, even in the face of the current economic downturn. Mark Nicolett and netForensics Vice President of Products, Tracy Hulver, discuss: Shortfalls of traditional Log Management solutions Recommendations for effective real-time threat identification Pitfalls to avoid when deploying SIM technology How to make your existing log data actionable Combining and simplifying SIM and Log Management Log Management is a necessary first step, but onl

The worst thing a bank president or a senior management team at a financial institution can hear is "We've had a data breach." John Scanlon, a senior executive at Intersections, speaks to data breach readiness and the lessons learned from others' incidents. Intersections is a business partner of the Identity Theft Assistance Center. Listen to this podcast for Scanlon's insights on: The state of incident response and data breach response in the financial services industry; What is data breach readiness and why it's not admitting defeat by being ready; The seven steps of data breach readiness. John Scanlon is executive vice president and chief operating officer at Intersections, a consumer and corporate identity risk management services company based in Virginia. He previously held a number of positions at financial services companies including Capital One Financial Corp. and JP Morgan & Co.

Little wonder that Howard Schmidt's name is on every list of prospective White House cybersecurity czar. In the field of IT security, Schmidt has done it all. He spent more than 30 years in public service, including a stint as a White House special adviser on cyberspace security and as chief strategist for the US-CERT Partners Program at Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House. In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University. Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed harnessing the brainpower of public and private-sector experts in IT security and risk management. In an interview with GovInfoSecurity.com's Eric Chabrow, Sc

With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors. Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses: Myths and realities about forensics; How businesses and government agencies are employing forensics today; Tips on where your organization can acquire forensics skills. Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data

The Heartland data breach and July's denial of service (DDoS) attacks against government agencies are among the biggest information security incidents of the year. And they've pushed incident response into the spotlight. Peter Allor is on the Steering Committee of the Forum for Incident Response and Security Teams (FIRST.org), and in this interview he discusses: Key incident response issues facing organizations today; What we've learned from the Heartland and government DDoS incidents; How to prepare for a successful career in incident response. Allor is a member of the Forum for Incident Response and Security Teams (FIRST) Steering Committee, a forum for security and incident information exchange between teams international. He also is the program manager for cyber incident & vulnerability Handling for IBM, where he is responsible for guiding the company's overall security initiatives and participation in enterprise and government implementation strategies. In addition, Allor is a member of: The Infor

Interview with Alan Berman of DRI International and AnneMarie Staley of NYSE The H1N1 threat has put business continuity and disaster recovery (BC/DR) in the headlines. But behind the scenes, the discipline has long been active in helping global organizations respond to myriad natural and man-made disasters. In a discussion about H1N1 and other BC/DR issues, Alan Berman of DRI International and AnneMarie Staley of NYSE touch upon: The biggest threats and regulatory challenges facing global organizations; How to apply "Think Global, Act Local" to BC/DR; What organizations must do now to respond to the H1N1 threat. Berman, the Executive Director of DRI International, is a CBCP, a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53). Over a

Not only is Capella University one of the NSA's accredited Centers of Academic Excellence (CAE), the school also offers undergraduate, graduate and post-graduate programs in information assurance - and 100% online. In discussing Capella's unique programs, Dr. Steven Brown touches upon: How Capella's information assurance programs have developed; Where students live, work, and what they bring to the programs; The future of information security education. Dr. Brown is an experienced professional with more than 25 years of technical and business experience. His work both domestically and internationally has been in telecommunications, data networks, strategic communications, electronic commerce, business management, and security. He has authored several publications and presented at conferences around the world. Dr. Brown is currently serving as a Capella core faculty member teaching graduate courses in information assurance and security. He is responsible for ensuring that the information security and net

Cybersecurity is the buzzword these days, and in terms of education ... Carnegie Mellon University is all over it, and has been for nearly a decade. In an exclusive interview, Pradeep Khosla, dean of the College of Engineering at Carnegie Mellon, discusses: The school's current cybersecurity programs; Hot career opportunities for graduates; Advice for those looking to start or jump-start a cybersecurity career. Khosla is currently Dean of the College of Engineering and the Philip and Marsha Dowd University Professor at Carnegie Mellon. His previous positions include: Founding Director, Carnegie Mellon CyLab; Head, Department of Electrical and Computer Engineering; Director, Information Networking Institute; Founding Director, Institute for Complex Engineered Systems (ICES); and Program Manager, Defense Advanced Research Projects Agency (DARPA), where he managed a $50M portfolio of programs in real-time systems, internet enabled software infrastructure, intelligent systems, and distributed systems.

Identity theft is a growing concern for governments, businesses and citizens alike. "We're in the middle of a national identity crisis," says Neville Pattinson, VP of Government Affairs & Standards, NA., Gemalto. In an exclusive interview, Pattinson discusses: The case for credentialing; Practical applications of credentialing in the government and healthcare industries - and how other industries can benefit; Good first steps toward secure, effective solutions. Pattinson is a leading expert on smart cards and using the microprocessor chip to keep identity credential data and biometrics secure and private. Pattinson has been heavily involved in planning and implementing a number of federal government security initiatives including the Department of Defense Common Access Card (CAC); the State Department's electronic passport; the Western Hemisphere Travel Initiative cards; the Department of Transportation's Transportation Worker Identity Credential (TWIC) and the Transportation Security Administration's Regis

Safety and soundness are issues for financial institutions of all sizes, including federally-regulated credit unions. But basic information security is also a challenge - especially for smaller, under-resourced institutions, says John Kutchey, deputy director of the National Credit Union Administration's (NCUA) Office of Examination and Insurance. In an exclusive interview, Kutchey discusses: Top regulatory issues for U.S. credit unions; Information security challenges that must be addressed; Key areas of focus for the NCUA looking ahead to 2009. Kutchey was appointed to his current position in September 2008. As deputy director, Kutchey assists the E&I director to oversee the agency's supervision and examination program, risk management and data collection programs. Kutchey comes to the position after serving as director of Risk Management within E&I. Kutchey joined NCUA in 1990 as an examiner in Baltimore, Md. During his NCUA career, Kutchey has held numerous positions -- problem case officer, superv

Interview with Prof. N. Paul Schembari, East Stroudsburg University Information security - it's now a major national priority, and it's also the subject of a new Master's of Science program at East Stroudsburg University. This unique, online graduate program debuts on Aug. 31, and in an exclusive interview ESU professor N. Paul Schembari discusses: The program's unique characteristics; Educational and career opportunities for prospective students; How to quickly take steps toward enrollment.

Interview with Tim Karsky, Commissioner, Dept. of Financial Institutions For institutions of all sizes, information security is a top priority at North Dakota banking institutions. But the smaller ones struggle to dedicate sufficient resources to the task, says Tim Karsky, Commissioner of the ND Dept. of Financial Institutions. In a discussion of his agency's top priorities, Karsky discusses: Ramifications of the Supreme Court's recent Cuomo v. ClearingHouse decision; Information security strengths and weaknesses of ND institutions; The focus for banking/security leaders heading into 2010. Karsky is a North Dakota native with an extensive background in the financial industry. He began his banking career with the Federal Deposit Insurance Corporation in January 1982, and joined the Department of Banking and Financial Institutions in the fall of 1986 as Chief Examiner. In 1989, Karsky was appointed Assistant Commissioner for the Department. He served in that capacity until 1997, when he moved into a new ro

Unemployment is up, the economy is weak, and Kentucky's banking institutions are working hard to overcome these challenges and stay strong. In the first of a series of interviews with state regulatory leaders, Charles Vice, Commissioner of the Kentucky Department of Financial Institutions, discusses: Kentucky's unique banking challenges; Regulatory priorities for the state's institutions; Areas banking/security leaders must focus on headed into 2010. Vice was appointed commissioner of the Department of Financial Institutions (DFI) effective Aug. 16, 2008. As the commissioner of DFI, Vice has responsibility for the regulatory oversight of all state-chartered financial institutions, which includes examinations, licensing of financial professionals, registration of securities and enforcement. Vice was a bank examiner for the Federal Deposit Insurance Corporation (FDIC) for 18 years, serving the Lexington field office. During his tenure with FDIC, Vice served as the office's expert on subprime lending and cap

The ex-Goldman Sachs employee accused of taking proprietary trading code is only one example of the insider threat within financial services companies. Jacob Jegher, banking analyst with Celent, discusses: Lessons learned from the Goldman Sachs case; The importance of policies and procedures when it comes to thwarting the insider threat; What role technology plays in stopping internal fraud. Jegher, based in Montreal, Canada, is a senior analyst within Celent's banking group. His research focuses on emerging technologies and business strategies in retail and wholesale banking. His areas of expertise include online banking (retail, small business, and corporate cash management), social media, IT security, and customer relationship management and strategy. He is the primary author of Celent's annual global IT spending report, as well as the banking CIO survey and model bank report. Celent is an international research and consulting firm focused on the application of information technology in the global fin

There won't be any time for planning, only action, when the H1N1 (swine flu) virus returns to the U.S. this fall, says business continuity planning expert Harry Rhulen. In an exclusive interview, Rhulen discusses: Why "checkbox" compliance and planning aren't enough; What's happening in the southern hemisphere and what it will mean later this fall for the U.S.; Major human resource issues that still must be addressed. Rhulen is Chairman and CEO of Firestorm Solutions, a BCP and disaster recovery consulting firm based in Denver, CO. He is also co-author of the book "Disaster Ready People For A Disaster Ready America." Two additional books will be published this year on pandemic planning: "The Pandemic Scam -Why Plan?" and "Luck is Not a Strategic Plan."

Has the pendulum finally swung back to protect consumers and their rights in the financial services industry? Consumer protection advocacy lawyer Lauren Saunders from the National Consumer Law Center in Washington D.C. shares her insights on the recent Supreme Court decision, Cuomo v. ClearingHouse. This decision will allow states to enforce fair-lending laws and other consumer protection measures against the nation's biggest banks. Listen to this podcast as Saunders describes: What does this mean for the national banks; How will this affect banks when it comes to fair lending laws and state enforcement and what are its shortcomings; Why the swing back toward consumer protection means the real debate begins in Washington Saunders is the Managing Attorney of the National Consumer Law Center's Washington, DC, office, where she handles legislative, administrative and other advocacy efforts in the financial services area. She previously directed the Federal Rights Project of the National Senior Citizens Law

A veteran cybersecurity pro, Shane Sims shares his insights on trends he's seeing as cybercrime continues to hit all companies, including financial institutions. Sims is currently a Director in the Forensic Services practice at PricewaterhouseCoopers, where he provides investigative, forensic technology, security incident response and cyber security services to commercial and government clients. He is a former FBI Supervisory Special Agent who specialized in cybercrime, digital evidence, computer exploitation, and network surveillance. Listen to this podcast and hear Sims insights on: Who's hitting financial institutions with cybercrime activities; Why just having an incident response plan isn't enough; What needs to happen and (what shouldn't be done) when a breach occurs.

Information assurance is what everyone is talking about these days, and the term is strongly associated with "excellence" at the University of Dallas. Listen to Dr. Brett J.L. Landry, Director of the school's Center for Academic Excellence, Information Assurance, discuss: What make's the school's program unique; How students maximize their education; The future of information assurance education. Landry is the Ellis Endowed Chair of Technology Management, Associate Professor and Director of the Center for Academic Excellence in Information Assurance at the University of Dallas. He joined the University of Dallas in the fall of 2006, following six years of teaching at the University of New Orleans. He has worked in network security and design in the private and public sector and earned his Ph.D. from Mississippi State University. Landry has published numerous journal articles on Information Technology in the ACM Journal of Educational Resources in Computing (JERIC), Communications of the ACM (CACM), Dec

Michael E. Fryzel, Chairman of the National Credit Union Administration (NCUA), has proposed a new Consumer Protection Office within the credit union regulatory agency. In an exclusive interview, Fryzel discusses: Details of his proposed Consumer Protection Office; Timeline for discussion and possible adoption of this proposal; Top regulatory and information security issues facing credit unions for the remainder of 2009. Fryzel was sworn into office as Chairman of the NCUA on July 29, 2008. President George W. Bush nominated Mr. Fryzel to the NCUA Board on November 30, 2007, and his nomination was confirmed by the U.S. Senate June 26, 2008. The NCUA Board consists of three members appointed by the President and confirmed by the Senate to regulate all federally-chartered credit unions and administer the federal fund insuring member accounts in approximately 8,000 credit unions nationwide. Prior to his NCUA service, Fryzel was an attorney in private practice specializing in financial, regulatory and real es

Risk management is a common theme across and within businesses, and at North Carolina State University the Enterprise Risk Management (ERM) program is attracting notice from prospective employers and students alike. Mark Beasley, head of the school's ERM initiative, discusses: What makes the program unique; The types of students entering and graduated from the initiative; How to approach a career in ERM. Beasley is the Deloitte Professor of Enterprise Risk Management at the College of Management at North Carolina State University in Raleigh, North Carolina. The Enterprise Risk Management (ERM) Initiative at NC State provides thought leadership about ERM practices and their integration with strategy and corporate governance. As founding director, Dr. Beasley leads the ERM Initiative's efforts to help pioneer the development of this emergent discipline through outreach to business professionals, with its ongoing ERM Roundtable Series and ERM Executive Education for boards and senior executives; research, a