Cyber Security Best Practices for Banking and Financial Sectors in 2011

Ms. Menna oversees the Critical Infrastructure Cyber Protection & Awareness (CICPA) branch within NCSD that includes the Critical Infrastructure Protection Cyber Security, Control Systems Security, Cyber Exercise, Cyber Security Evaluations, and International programs. Through these programs, CICPA provides leadership, expertise and coordination to assess and mitigate risk to the nation’s critical cyber infrastructure. Recognizing the shared ownership, responsibilities, and the interconnected nature of cyberspace and the nation’s critical infrastructure each program executes its mission in collaboration with federal, state, local, private sector and international partners. 

Ms. Menna also formerly served as the Deputy Director of the Infrastructure Partnerships branch in the Office of Infrastructure Protection. Prior to joining the Department of Homeland Security, Ms. Menna held a variety of program management roles for a large systems integration firm. She received both her M.A. and B.A. from the University of Chicago and is a certified Project Management Professional. 

Edward P. Gibson, Esq., CISSP, FBCS, is a Director in PricewaterhouseCoopers' Forensic Services Group. He specializes in gathering intelligence to detect, mitigate, and prevent corporate IT and security risks such as economic espionage, IT / bank fraud, and cyber attacks. Prior to PwC, 2005-2009, Gibson was the Chief cyber Security Advisor for Microsoft Ltd in the United Kingdom (UK) and praised for his unique ability to make security issues relevant and personal. From 1985-2005 Gibson was a career FBI Special Agent. He specialized in investigating complex international white-collar crimes, and was cited for his work in various espionage investigations involving FBI & CIA traitors. Assigned to the FBI’s Office of Legal Attaché, US Embassy London, from 2000-2005, he was responsible for FBI matters such as cyber matters in the UK and Ireland involving terrorism, extortion, kidnapping, crimes against children, and various complex financial frauds. Gibson also advised on Mutual Legal Assistance Treaty (MLAT) requests, extraditions, USA Patriot Act (emergency requests), and the increasingly crime plagued cyber environment. From 1980-1985, Gibson was a lawyer for a US based multi-national corporation. He is also a qualified Solicitor in England and Wales, was a Special Assistant United States Attorney, is a Vietnam era veteran (US Army), and holds an active Top Secret Security clearance. He is a Certified Information Systems Security Professional (CISSP), Fellow of the British Computer Society (FBCS), and a member of the Information Security - Europe “Hall of Fame”. E-Mail: Ed.Gibson@us.pwc.com. 

Kimberly Kiefer Peretti, J.D., LL.M., CISSP, joined PricewaterhouseCoopers in May 2010 as a Director in the Washington D.C. Forensic Services practice. Peretti, a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section, focuses on the prevention, response and remediation of all types of data breaches, including breaches involving payment card information (PCI), personally identifiable information (PII), and personal health information (PHI). She also services a wide range of clients in matters of cyber intrusions, cyber investigations, cyber security, financial crime, fraud, and regulation, payment systems compliance and risk mitigation, economic espionage, and Intellectual Property theft. Peretti is a Board Advisor to the Financial Services Information Sharing and Advisory Center (FS-ISAC). 

While at the Department of Justice, Peretti led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez who is currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the Department of Justice in which over 170 million credit and debit card numbers were stolen from over 14 major U.S. retailers. For this prosecution, Kimberly received the U.S. Attorney General's Distinguished Service Award and Visa's Leadership in Security Award. 

Peretti's law review article entitled "Data Breaches: What the Underground World of Carding Reveals," resulted in a hearing before the US House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry and has been cited by at least one State Supreme Court. She is a frequent keynote speaker and lecturer on the topic of data breaches, cyber investigations and cyber crime, and has been recognized as an "industry pioneer" by SC Magazine in the information security industry. 

As an IT security specialist with more than two decades of experience, Gavin Reid works with some very interesting people - from leaders in the vanguard of information security to hackers in the computer underground. 

Gavin leads the Computer Security Incident Response Team at Cisco Systems - a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cyber security incidents. As an active member of the computer security community, he also supports security training with the SANS Institute and chairs the working group responsible for the Common Vulnerability Scoring System. 

Gavin joined Cisco in 1999 from the National Aeronautics & Space Administration where he oversaw IT Security at the Johnston Space Center. 

Mauricio Paez advises Jones Day's global clients on privacy and data protection, cross-border intellectual property and technology commercial transactions, and strategic sourcing and outsourcing matters. In addition, he advises clients on the acquisition and disposition of technology assets and intellectual property rights worldwide. 

As a co-chair of the Firm's global privacy practice, he advises Fortune 100 companies on all legal aspects of privacy and information security. He regularly advises global clients on current and emerging information management, privacy, security, and data protection laws. He has assisted clients in developing and implementing worldwide policies and compliance procedures for handling and safeguarding personal and company information, maintaining and transferring customer and employee information, and regulating data transfers with third parties. 

He also conducts all phases of privacy assessments and information security policy audits, and assists clients in handling and responding to data security incidents on a worldwide basis. Mauricio advises clients on US laws (such as GLB, HIPAA, COPPA, CAN-SPAM, FCRA/FACTA, and security breach notification obligations) and data protection compliance risks in other major jurisdictions (for example, Canada, EU, Latin America, and Asia). He was recently recognized in The Legal 500 (2010) as a leading individual in global data protection and privacy.