Banking Information Security Podcast

Business risks have grown in size and complexity in 2009. How, then, must risk management evolve to meet the challenges of 2010? James Pajakowski, EVP of Global Risk Solutions with Protiviti, shares his insight on: The risk management trends for 2010; How information security professionals must meet the new challenges; What's most misunderstood about risk management today. Pajakowski oversees the delivery of Protiviti's services in the areas of finance and transactions, operations, technology, litigation, governance, risk, and compliance. He previously served as managing director and head of the Business Risk practice. He also was one of five founding members of the Protiviti Operating Committee, which was responsible for establishing Protiviti's vision and strategy and overseeing financial and administrative matters during the company's first five years. Prior to Protiviti, Pajakowski was a partner with Arthur Andersen, where he started his career in 1982. He has more than 25 years of professional serv

In terms of information security, what is the state of auditing as we end 2009 - and what are the trends foreseen for 2010? Warren Stippich Jr., Practice Leader of the Chicago Business Advisory Services Group of Grant Thornton LLP, discusses: Audit trends; Where organizations are most vulnerable; How audit practices can be improved. Stippich has over 18 years experience working with multi-national, entrepreneurial, and high-growth companies. He brings experience to the business risk consulting and internal audit services areas from both the public accounting firm and industry perspectives. He leads many Sarbanes- Oxley consulting and internal audit services projects for a wide-array of publicly traded businesses with international operations. He has worked extensively with international internal audit, Sarbanes-Oxley and business consulting assignments in Europe, China, Southeast Asia, Central and South America and Canada

When it comes to protecting their customers' identities, how do the major banking institutions rate? Javelin Strategy & Research has just released a new Banking Identity Safety Scorecard that ranks the major institutions. In an exclusive interview about the report, James Van Dyke discusses: How the scorecard was developed and what it tells; The significance of this year's ratings; Lessons learned about identity protection for banking institutions of all sizes. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

No question, the information security professional's role has evolved in recent years. How, then, has the need for ongoing professional education also changed? And what role must risk management play in today's security organization? In an exclusive interview, Mark Lobel of PricewaterhouseCoopers and ISACA, discusses: The role of professional education in information security; The evolution of risk management; How organizations and professionals must respond to the challenges of 2010. Lobel, CISA, CISM, CISSP, is a member of ISACA's Security Management Committee. He has over 25 years business experience, with the first eight in the Entertainment and Media industry and then, after his MBA, with PricewaterhouseCoopers. He is an internationally recognized security and controls professional with experience designing, benchmarking and assessing organizational security strategies and technologies. He is experienced at designing, assessing, implementing and penetration testing enterprise security. Lobel

We've experienced two waves of the H1N1 pandemic. What lessons have we learned? Sue Kerr, President of Continuity First, a business continuity/disaster recovery consultancy, talks about how organizations have handled H1N1. She also discusses: the state of BC/DR; Challenges facing organizations today; 2010 trends and career opportunities. Kerr is also the president of the Old Dominion Association of Contingency Planners, Education Director for the National Association of Contingency Planners and a previous member of the Disaster Recovery Journal Editorial Advisory Board. She has been active in setting standards for the industry as well as training others. She has spoken at various conferences and has done training for corporations, governmental organizations as well as the community. She has been published in industry journals and has been interviewed multiple occasions as a subject matter expert. She is a Certified Business Continuity Professional through the Disaster Recovery Institute. In addition

How much do you actually know about time and the critical role it plays in your organization? In a preview of his new webinar, Time: The Hidden Risks -- How to Create Compliant Time Practices, Bill Sewall discusses: Why time is such a critical business issue; Risks and opportunities presented by time; What organizations most misunderstand about the concept. Sewall is an Information security, compliance and risk management specialist with 30 years experience as a corporate attorney and general counsel, CIO, information security officer, and operational risk manager. Most recently, Sewall spent 10 years as a senior executive information security officer in Citigroup, including management of the IS training and awareness program and responsibility for the Citigroup IS Policy and Standards. In his career, Sewall has managed information security compliance requirements for one of the largest financial services organization in the world, implemented that institution's information security program at the busine

Interview with Kent Anderson of Encurve LLC Cybersecurity, forensics, risk management -- what will be the core security skills needed in organizations in 2010? In an exclusive interview, Kent Anderson, founder and managing director of Encurve LLC, as well as a member of ISACA's Security Management Committee, discusses: The core security skills now needed by organizations; How these skills are acquired today; Ways security professionals can take charge of their own development. Anderson is considered a leading authority on security, with more than 22 years of experience in the field. He has held positions as SVP of IT Security and Investigations with an international business risk consultancy, as Director in the Dispute Analysis & Investigations group of PricewaterhouseCoopers, and as the European Information Security Manager for Digital Equipment Corp.

What have been the biggest privacy issues of 2009, and what emerging trends should you watch heading into 2010? We posed these questions to J. Trevor Hughes, Executive Director of the International Association of Privacy Professionals (IAPP). In an exclusive interview, Hughes discusses: The role of the IAPP; Key legislation in the U.S. and internationally; Where organizations need to improve privacy protection. Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as Executive Director of the IAPP, Hughes leads the world's largest association of privacy professionals. Hughes has provided testimony before the U.S. Congress Commerce Committee, the U.S. Senate Commerce Committee, the U.S. Federal Trade Commission, and the EU Parliament on issues of privacy and data protection, spam prevention and privacy-sensitive technologies. He is a member of the first class of Certified Information Privacy Professionals (CIPPs) and is co-author (with D. Reed Freeman, Jr.) of "Pri

There are a number of new regulatory compliance and security initiatives that means changes for financial institutions. But do these changes also open the doors to potential fraudsters? Kris VanBeek, SVP of Information Systems at Digital Federal Credit Union, discusses: How some of these changes might attract fraudsters; What banking institutions can do thwart attacks; Fraud trends he's tracking as we head into 2010. VanBeek is a banking/security leader with deep experience in banking and regulatory compliance. Prior to joining DCU five years ago, he spent time as a supervisory manager at the Federal Reserve Bank of Boston; data center manager at Fiserv; senior IT specialist and examiner with the Federal Deposit Insurance Corporation. Digital Federal Credit Union is a not-for-profit financial cooperative owned by and operated for its members. DCU was chartered in October of 1979. DCU serves more than 350,000 members and their families in all 50 states. DCU is the largest credit union headquartered in

It's time for information security professionals to give back to their communities - to reach out and educate businesses, schools and citizens about cybersecurity and other relevant issues. This is the message from John Rossi, professor of systems management/information assurance at National Defense University. In an exclusive interview, Rossi discusses: Why security professionals should practice outreach; Potential venues for public speaking How to get started. Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assessments Program and National Program Manager for Computer

Melissa Hathaway, who led President Obama's 60-day cybersecurity policy review, says it would be a mistake to place the nation's top cybersecurity adviser in the Department of Homeland Security, as proposed by an influential senator, and not in the White House. Asked, in an interview with GovInfoSecurity.com whether the idea forwarded by Sen. Susan Collins, R.-Maine, was a good one, Hathaway responded: "No. I believe there is a need to have leadership out of the White House. There have been many reports that have been written that if you establish a lead in one particular agency, they don't necessarily have the authoritative responsibility over all of the other departments and agencies. And, while I think it's important to have leadership at the Department of Homeland Security, I think that without having the leadership at the White House, we will not be able to really drive the federal government in the direction that it needs to go." Among the topics Hathaway addresses in the second of a two-part inter

Government and business must think creatively to help safeguard America's digital assets, says Melissa Hathaway, the former White House acting senior director for cybersecurity who led President Obama's 60-day cybersecurity policy review. Hathaway, an interview with GovInfoSecurity.com, cited the innovative coupling of cell phone and global positioning technologies to authenticate a user withdrawing money from an ATM or making a credit card purchase. With the cell phone turned on, a GPS can verify that the consumer is where the transaction takes place. "That's not what cell phones were originally designed for, but I thought it was a creative solution on how to defeat the fraud or at least make it much more complicated for the criminal or thieves to take our information or take our personal data," Hathaway said in a conversation with Eric Chabrow, GovInfoSecurity.com managing editor. In the first of the two-part interview, Hathaway also discussed: The critical posture of cybersecurity in the United States

Insights from Former Regulator Christie Sciacca Sen. Christopher Dodd has just released his draft version of a banking regulatory reform bill. How does it differ from other proposals that came before it, and how will banking regulation be reshaped - and when? Christie Sciacca, formerly with the Federal Deposit Insurance Corporation, now a director with LECG in Washington, D.C., discusses: Initial analysis of the Dodd bill; How regulatory reform is shaping up; What to expect in 2010. Sciacca spent 23 years at the FDIC, where he led examination, supervisory and bank rescue transaction projects in Detroit, New York, and Washington DC. From 1983-1986, Sciacca was Assistant to the Chairman, representing the Chairman on interagency matters, at bank trade association meetings and on all operational and policy matters. Sciacca served as the FDIC's representative on the Vice President's Task Group on the Regulation of Financial Services. In 1996, he returned to the FDIC to establish that agency's International B

After fingerprints, iris recognition is the second most supported biometric characteristic, and its popularity as a means of authentication is growing. Patrick Grother is among the computer scientists at the National Institute of Standards and Technology's Information Technology Laboratory who are collaborating with their international colleagues to revise iris recognition standards and to advance iris images as the global interchange medium. In an interview, Grother discusses: Advances in iris recognition technology; When one biometric is better than another as a means of identification and authentication; and The IREX Exchange, or IREX, a program NIST founded to encourage collaboration in development of iris recognition algorithms operating on images conforming to the new ISO-IEC 19794-6 standard. Grother was interviewed by Eric Chabrow, GovInfoSecurity.com managing editor.

Tough times require "softer" leaders. This is the perspective of careers coach Heidi Kraft, who says that today's senior leaders need to focus more on emotional intelligence and other "soft" qualities to be able to better recruit and retain quality employees. In an exclusive interview, Kraft discusses: Which "soft" skills are most important; How managers and employees alike can change a culture to embrace these skills; Where to start to develop and nurture "softer" leaders. Kraft is a Leadership and Career coach and founder of Kraft Your Success Coaching and Consulting. Prior to launching her business, she spent 17 years on the agency side of the advertising industry, including a stint as SVP Media Director at Boston-based Hill Holliday, developing and implementing media strategies for high-profile clients such as Microsoft, Intel, Intuit, Siebel Systems, 24 Hour Fitness and Harley-Davidson. She holds a CPCC (Certified Professional Coactive Coach) and is a graduate of the Coaches Training Institute

Interview with Kevin Sanchez-Cherry, IT Security Specialist What does it take for an information security professional to make it into the United States Secret Service? We asked Kevin Sanchez-Cherry, IT Security Specialist within the agency's Information Security Operations. In this exclusive interview, Sanchez-Cherry discusses: Types of Secret Service careers available to security professionals; What to expect during the hiring process; Myths and realities of a job in the Secret Service. Sanchez-Cherry is an IT Security Specialist for the United States Secret Service's Information Security Operations sub-division and is responsible for leading the Secret Service's Certification and Accreditation (C&A) Program and Information Systems Security Officer (ISSO) Program. He also assists in the management of the enterprise Information Assurance (IA) Program for the Secret Service. Prior to joining the Secret Service in 2006, Mr. Sanchez-Cherry served two years as Principal Security Specialist with the Dep

Steven Elefant Discusses the Breach, End-to-End Encryption Steven Elefant joined Heartland Payment Systems as a consultant in November 2008. Two months later, the company announced it had been the victim of the biggest reported data hack in history. Now CIO of Heartland, Elefant appeared at the BAI Retail Delivery Conference & Expo in Boston and sat down with Tom Field to discuss: The impact of the breach on Heartland; How Heartland is different today as a result of the breach; The future of payments security - and why Heartland is betting on end-to-end encryption. Elefant was the founder of several successful Silicon Valley startup and venture capital firms. He is co-founder and former chief executive officer of ICVerify, Inc., a leader in payments processing integration of PC-based POS software. The company merged with CyberCash, Inc. in 1998 to form an Internet and physical service provider for electronic payments software. He has been an active member of the US Secret Service Electronic Crimes Ta

Allan Bachman has fought fraud since the early 1970s, and he's seen the crimes evolve in both sophistication and scale. In an exclusive interview, Bachman, Education Manager for the Association of Certified Fraud Examiners (ACFE), discusses: The evolution of fraud schemes; The most common types of fraud seen today; Types of training available to help detect and prevent fraud. Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on several IT implementations specializing in security. His largest fraud investigation for over $1.5 million was conducted during this time. Previously Bachman worked in or consulted for retail, real estate, manufacturing and has done extensive small business consulting where he has actively worked a number of fraud cases. His fraud investigation experience extends back to the mid- 70's and has continued th

This year's BAI Retail Delivery Conference & Expo, beginning Nov. 3 in Boston, is the 32nd annual event - and it very much will reflect the times that financial institutions have experienced over the past year. Risk management, social networking, customer confidence - these all will be major themes at this year's event, says Debbie Bianucci, President and CEO of BAI. In an exclusive interview, Bianucci discusses: The major themes of the BAI event; Specific programs related to risk management and security; What to expect at the event and in the expo. Bianucci leads the BAI team to find new and innovative ways to provide high-value, objective information and education to the financial services industry. She has been in financial services for over 30 years, including senior positions with several major financial services companies. Before being appointed CEO, Bianucci was responsible for a variety of functions over the course of her nearly 20 years with BAI, most recently having executive responsibility for

From ACH to ATM, payments to phishing, fraud schemes abound. And bank customers and businesses are the targets. So what can banking institutions do to fight back? Bob Neitz is the senior vice president in charge of the Fraud Corporate Risk Management Program at Wells Fargo. In an exclusive interview, Neitz discusses: The types of fraud he fights; How managers, employees and customers can prevent fraud; What other banking institutions can be doing to improve their own fraud prevention efforts. Neitz is a manager of the Fraud Corporate Risk Management Program at Wells Fargo, responsible for providing leadership and direction around cross-organizational fraud risk management for the enterprise, including all consumer, small business and wholesale businesses. With more than 14 years of experience in a Risk Management capacity, Neitz has held several other positions at Wells Fargo with various business groups, including online banking, consumer products and credit card businesses.