Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, December 08, 2006

Information Security Trends, Issues Continue to Evolve - FINSEC 2006 Conference, New York

The arms race against phishers, strengthening firewalls, FFIEC authentication deadline issues and the constantly evolving risk management model were among the many topics covered by the FINSEC 2006 conference speakers last week in New York.  With 10 vendor sponsors at the conference, attendees were availed to information security solutions during the conference breaks ranging from CD and DVD encryption to anti-virus software and authentication solutions.  The security strategies and tools and techniques presentations covered in the two-day conference were led by eleven information security experts from national banks and financial firms.  It was standing room only within five minutes of the start, showing many of the FINSEC 2006 attendees wanted to know how the authentication guidelines will apply to their institutions.

His descriptions of Key Indicators for the Financial Sector: What to Monitor and Log showed the approaches to logging and monitoring and noted that while regulatory rules mandate that banks regularly monitor event logging, it is growing more popular among institutional management as a way to protect not only the perimeter of the institution’s operations, but the data at rest too.  Centralized monitoring offers institutions economies of scale through consolidated reporting, and correlation opportunities on an enterprise-wide effort.

Among other presenters was Karl Kasper, of JP Morgan Chase who spoke on “Security Architecture as a Foundation for Risk Analysis.”

Parker Foley of Wachovia spoke on Trends in Information Security Standards.  Foley’s take on the drivers behind the trend toward higher-level models in policy structure and distributed models in management responsibility include the move to a business approach to security and the pressures of efficiency and cost reduction at larger banks.

Keynotes were presented by Thomas Dunbar, Global IT Chief Security Officer of XL Capital; Anish Bhimani, Managing Director of IT Risk Management for JP Morgan Chase Bank, and Ron Insana, Senior Analyst for CNBC.  Dunbar’s keynote on Beyond the Expected: The Impact of Sarbanes-Oxley on Information Security Management, showed the direct link between a strong InfoSec department effectively dealing with Information Security as a business risk management issue and compliance with SOX.

Bhimani sees the evolution of information security into risk management as necessary to align with operational risk, regulatory compliance; and the partnership of information security with IT Audit in larger organizations will help make info security more visible.

Posted on 12/08