Info Risk Today Podcast

Information security thought-leader weighs in on the biggest risks to consumers and businesses - including social media and portable technology.

Jonathan Penn of Forrester Research on Cloud Computing, Mobility and Other Hot Emerging Technologies.

Fraud - its forms and reforms - was the top news story in April. Listen to this audio overview of the month's top news items, including: Hancock Breach Reveals New Trend; P2P Payments: Simple, Secure Transactions; How Do You Recover Your Reputation?

Interview with Howie Wu, VP Virtual Banking, Boeing Employees Credit Union Increasingly, consumers long for a simple payment solution that allows them to send money to family and friends via email or text message. Boeing Employees Credit Union (BECU), Washington's largest credit union, is at the forefront of the person-to-person (P2P) payments revolution. And in an exclusive interview, Howie Wu, VP of Virtual Banking, at BECU, discusses: How BECU's Popmoney initiative was deployed; Security challenges that had to be addressed; Tips for other institutions looking to offer P2P payments. Wu has over 10 years experience in the financial services and information technology industries and has been with BECU since 2003. In his role as the Vice President of Virtual Banking, he is responsible for leading BECU's strategy as it relates to all remote delivery channels. He has played a major role in defining and implementing changes that impact the member experience within the ATM, online, telephone and mobile channels. He earned a B.A. in Accounting and a MBA in Information Systems from Washington State University. His professional interests include IT, finance and business leadership. He also participates as a panelist in various industry forums and is a member of several financial technology committees.

C. Warren Axelrod is a veteran banking/security executive and thought-leader, and in an exclusive interview at the RSA Conference 2010 he discusses top security trends and threats, including: Insider fraud; Application security; Cloud computing. Axelrod is currently executive advisor for the Financial Services Technology Consortium. Previously, he was a director of Pershing LLC, a BNY Securities Group Co., where he was responsible for global information security. He has been a senior information technology manager on Wall Street for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.

Matt Coose Director, Federal Network Security National Cybersecurity Division Department of Homeland Security As director of federal network security at the Department of Homeland Security's National Cybersecurity Division, Matt Coose is helping shepherd the Trusted Internet Connection initiative, which aims to reduce the number of connections linking executive branch IT networks to the Internet to 100 or fewer from thousands upon thousands. The basic concept behind TIC, initiated in 2007 by the Bush administration, is that by drastically reducing the number of access points, the government could more easily monitor and identify potentially malicious traffic. In the interview, Coose: Reveals the number of TIC and non-TIC connections that now exist. Explains the shift in TIC strategy by the Obama administration. Discusses the architecting of TIC 2.0 to include the Einstein 2 intrusion detection system. Coose, a West Point graduate and former Army captain, was interviewed by GovInfoSecurity.com's Eric Chabrow.

How strongly do consumers embrace electronic bill payments, and do they really want mobile banking as much as industry analysts say they do? These were the questions on Dennis Simmons' mind when his trade organization, SWACHA, the electronics payments resource, launched a recent survey on consumer usage of electronic payments. In an exclusive interview, Simmons discusses: Survey results and their message to banking institutions; Payment/security threats currently menacing the financial services industry; Ways institutions can help vulnerable businesses fight fraud. Simmons has over 20 years experience as the senior operations officer of several Dallas area banks. A frequent speaker and recognized expert on payments system issues, he is currently a member of the Board of NACHA, the immediate Past Chair of NACHA's Electronic Check Council and immediate past Co-Chair of NACHA's Risk Management Advisory Group. He was recognized by Transaction World as one of its 2007 "Movers and Shakers" in the payments business and is the recipient of two public service awards from the Federal Bureau of Investigation (FBI). He is an Accredited ACH Professional (AAP). SWACHA is an official source for the ACH Operating Rules and represents its members in national issues and the rule-making process. SWACHA's mission is to be the resource of choice for education, training, representation and knowledge regarding payments and payments system risk.

Doug Brown Discusses Mobile Strategy, New Products, Biometric Security Bank of America was one of the first institutions to move toward mobile banking in a big way. Two years into the initiative, Doug Brown, SVPO of Mobile Product Development, discusses: Mobile trends at BoA; Security hurdles the institution has faced; Advice for other institutions now getting into mobile banking. Brown leads the eCommerce Product Development team at Bank of America, where he is responsible for strategy and new product development for online banking, mobile banking and ATM. Most recently, Brown led the successful launch of the Bank of America mobile banking and bill pay products. He has an extensive background in marketing and technology strategy in the financial services, software and telecommunications industries.

According to the 2009 Banking Information Security Today survey, banking institutions - despite the economy - are investing in new banking services, i.e. mobile banking and remote capture. To gain further insight into spending trends, we spoke with Christine Barry, research director with Aite Group, on: Mobile banking trends; Other new banking services; Post-recession growth areas. Christine Barry serves as a Research Director at Aite Group LLC, focusing on the strategies and technology implementations of global banks of all sizes. Her recent research has addressed remote deposit capture, best-practices for credit unions, capturing the valuable small-business customer, global cash management trends, and core banking system replacement. She is an acknowledged banking industry expert with more than a decade of experience in financial services products and technologies. She has worked with a broad range of U.S. and international clients analyzing industry trends and identifying market opportunities, product gaps and potential partners to help them achieve their strategic IT goals.

The annual BAI Retail Delivery Conference & Expo was held in Orlando, Fl in late November, focusing on innovative strategies and technologies. Nick Burke, Director of Sales for Information Security Media Group (ISMG), publisher of BankInfoSecurity.com and CUinfoSecurity.com, attended the event, meeting with many of the banking/technology leaders sponsoring the conference. Among the key themes resonant in Burke's discussions with these leaders: Risk Management Fraud Prevention Regulatory Compliance Mobile Banking ATM Security See below for a selection of interviews performed at the conference. Click a company name to visit their website. > Visit the conference website Vendors interviewed: NCR | MP3 | Streaming Microsoft | MP3 | Streaming AT&T | MP3 | Streaming Digital Resolve | MP3 | Streaming ProfitStars | MP3 | Streaming Equifax | MP3 | Streaming Level Four | MP3 | Streaming Vasco | MP3 | Streaming Harland Financial Solutions | MP3 | Streaming Metavante | MP3 | Streaming eSeek| MP3 | Streaming Actuate | MP3 | Streaming Clairmail | MP3 | Streaming US Biometrics | MP3 | Streaming MarkMonitor | MP3 | Streaming Unisys | MP3 | Streaming Diebold | MP3 | Streaming Cisco | MP3 | Streaming ACI | MP3 | Streaming Thales eSecurity | MP3 | Streaming Panini Advanced Solutions | MP3 | Streaming > Download all MP3 files (ZIP file)

The crime of deception is now even more deceptive. Multi-channel fraud - schemes that are launched simultaneously via telephone, Internet, in person and via mail - is a growing concern for financial institutions. And the linked crimes aren't always easy to spot. In this exclusive interview, security expert Diana Kelley discusses: The types of multi-channel fraud now prevalent in the marketplace; How these attacks are launched; Ways institutions can spot and respond to the threat. Diana Kelley founded SecurityCurve in April of 2003. She has extensive experience creating secure network architectures and business solutions for large corporations and delivering strategic, competitive knowledge to security software vendors. Prior to returning to SecurityCurve in January 2008, she was Vice President and Service Director for the Security and Risk Management Strategies (SRMS) service at Burton Group. Diana was the Executive Security Advisor for CA's eTrust Business Unit. At CA she was responsible for advising customers on strategic security solutions and helped guide CA's security business. She served as the Vice President of Security Technology for Safe3W, Inc (acquired by iPass), a provider of strong, two factor authentication. Representing Safe3W she was actively involved in the Technical Group for NACHA's Project Action. And she was a security industry Analyst with Baroudi Bloor, a top-tier analyst firm where she delivered strategic advice to, among others, IBM and Psionic (acquired by Cisco.)

Insights on the Federal Rescue Plan - an Interview with Guillermo Kopp of TowerGroup Tuesday's news was mainly about Wall Street, with the U.S. government pledging to invest up to $125 billion in nine of the nation's largest banks. But Main Street banking institutions and their customers will be the ultimate beneficiaries of this financial boost, says one industry analyst. "It's all about restoring confidence in the banking system," says Guillermo Kopp, Executive Director and Global Research Fellow at TowerGroup, the Boston-based financial services research and advisory firm. "This is an interdependent system, and it's important to ensure that banks don't hurt, because they sustain the economy." In an exclusive interview, Kopp discusses what this investment truly means to the banking industry, sharing insight on: Ways financial services organizations of all sizes will benefit from government investment; How banking institutions can step up and reinforce customer confidence; Immediate business priorities for these institutions; Outsourcing trends in the near term.

Leading Technology Vendor Discusses the Need for Vulnerability Assessments & Remediation Processes for Applications Whether Developed In-House or By a Third-Party Application security is a key focus of regulatory agencies - ensuring that financial institutions pay as much attention to third-party applications as they do to those they develop and manage in-house. In a recent survey conducted by Information Security Media Group, respondents say they are more confident in their own applications vs. those developed by third-party service providers ... yet, they really don't demonstrate vulnerability assessment or remediation processes to justify any level of confidence. In this exclusive interview, Roger Thornton, founder and CTO of Fortify Software, discusses the survey results and his own market perspective, discussing: How the survey results jibe with what he sees from customers; What's beneath the disconnect between confidence and processes? What are some of the proactive, cost-effective ways companies can tackle application security?

Bank of America is well known for its mobile banking services. Currently, the institution has 750,000 mobile banking customers receiving services on 400 different kinds of devices. But did you realize that one of the ways BoA secures its electronic offerings is by providing its customers with abuse reporting capabilities? Listen to this dispatch from editor Tom Field to hear more about BoA's online initiatives, as well as to hear insights from a Fifth Third Bank executive on forensics and e-discovery.

Interviews Shed Light on Topics of Unique Interest to Banking/Security Executives The annual RSA Conference is a showplace for the who's who of security solutions vendors. The event showroom is lined with scores of the industry's leading vendors - no one individual could hope to see them all. So, the Information Security Media Group team did the job for you, visiting with more than 60 vendors of particular interest to banking and security leaders. Click on the following links to listen to our exclusive interviews with these vendors. A - F G - Q R - Z 8e6 Technologies Download MP3 | Streaming ActivIdentity Download MP3 | Streaming Adobe Download MP3 | Streaming AirDefense Download MP3 | Streaming AlgoSec Download MP3 | Streaming Application Security Download MP3 | Streaming ArcSight Download MP3 | Streaming Axeda Download MP3 | Streaming Beyond Trust Download MP3 | Streaming BioPassword Download MP3 | Streaming Blue Coat Systems Download MP3 | Streaming Brabeion Download MP3 | Streaming Breach Security Download MP3 | Streaming Cloakware Download MP3 | Streaming Computer Associates Download MP3 | Streaming Crossroads Download MP3 | Streaming DigitalPersona Download MP3 | Streaming eEye Digital Security Download MP3 | Streaming Entrust Download MP3 | Streaming Finjan Download MP3 | Streaming ForeScout Technologies Download MP3 | Streaming Fortify Software Download MP3 | Streaming Fortinet Download MP3 | Streaming Fox Technologies Download MP3 | Streaming Guardian Analytics Download MP3 | Streaming Guardium Download MP3 | Streaming Hewlett Packard Download MP3 | Streaming IBM Download MP3 | Streaming IDA Singapore Download MP3 | Streaming IDology Download MP3 | Streaming Imprivata Download MP3 | Streaming Intellitactics Download MP3 | Streaming ISACA Download MP3 | Streaming iovation Download MP3 | Streaming Lieberman Software Download MP3 | Streaming Liquid Machines Download MP3 | Streaming LSI Corporation Download MP3 | Streaming Lumension Security Download MP3 | Streaming Magensa Download MP3 | Streaming Mirapoint Download MP3 | Streaming MXI Security Download MP3 | Streaming Netronome Download MP3 | Streaming Novell Download MP3 | Streaming NSS Labs Download MP3 | Streaming Oracle Download MP3 | Streaming Orange Parachute Download MP3 | Streaming Ounce Labs Download MP3 | Streaming Qualys Download MP3 | Streaming Quest Software Download MP3 | Streaming Raytheon Oakley Systems Download MP3 | Streaming RedSeal Systems Download MP3 | Streaming Route1 Download MP3 | Streaming RSA Download MP3 | Streaming SafeNet Download MP3 | Streaming Secure Computing Download MP3 | Streaming Security Innovation Download MP3 | Streaming SenSage Download MP3 | Streaming Shavlik Technologies Download MP3 | Streaming Sigtec Download MP3 | Streaming Skybox Security Download MP3 | Streaming Sterling Commerce Download MP3 | Streaming Symark Software Download MP3 | Streaming TippingPoint Download MP3 | Streaming Tizor Systems Download MP3 | Streaming TriCipher Download MP3 | Streaming TriGeo Download MP3 | Streaming Tripwire Download MP3 | Streaming Unisys Download MP3 | Streaming Verisign 1 Download MP3 | Streaming Verisign 2 Download MP3 | Streaming Voltage Security Download MP3 | Streaming Wave Systems Download MP3 | Streaming > Download all MP3 files (ZIP file) Learn: Who they are; All about their solutions, and most importantly ... How their solutions meet your current banking/security needs. Also be sure to check out our articles and podcasts from the event's keynote speeches and conference sessions. Additional RSA Conference Coverage RSA Conference 2008: Event Wrap-Up PayPal Leads Fight Against Phishing Internet Banking Case Study: Banco do Brasil Online Banking: 'Deputizing Our Customers' at Bank of America DHS Secretary Chertoff to Business: 'Send us Your Best & Brightest' Interviews with many security vendors on topics of interest to financial institutions. Information Security Media Group recently attended the RSA Conference 2008, the premier information security conference showcasing over 300 of the top vendors in the information security technology space. The following audio is a selection of recordings taken on the expo floor where industry-leading vendors addressing all aspects of information security presented their products and services to attendees. Vendor solutions ranged from application security, encryption, multi-factor authentication, biometrics, ID and access management, compliance management, database security, email and messaging security, and many, many other solution categories. We hope you take the time to investigate all the vendors listed as they all have solutions, products, and services designed to help financial institutions deal with information security issues and regulatory compliance. Vendor interviews and recordings are presented in alphabetical order and please note, we are not endorsing any particular vendor or product, we are just reporting on their take on the finance industry.