Cyber Security Best Practices for Banking and Financial Sectors in 2011
Live Webcast Date:
Wednesday, November 30, 2011 from 12:00 pm to 2:00 pm (ET)
TheJoin us for this Knowledge Group Webinar. emergent use of the internet, ATMs, credit cards and online banking has made cyber security especially challenging for banks and other financial institutions because they have been vulnerable targets for cybercrimes. While the government has taken steps to counter cyber-attacks with the introduction of certain bills such as the Cybersecurity and American Cyber Competitiveness Act, Cybersecurity and Internet Freedom Act and Cyber Security Enhancement Act, cyber security remains a critical issue for the financial industry.
Since companies are required to work closely with the governing bodies on cyber security, financial institutions and their chief security officers and business leadership team must create and implement cyber security best practices by deploying highly developed technologies to avoid potential pitfalls. The Knowledge Group is assembling a panel of distinguished thought leaders, professionals and key regulators to help security and financial executives and management teams learn the latest best practices & policies for cyber security. The speakers will present their expert opinions in a two-hour webcast.
Since companies are required to work closely with the governing bodies on cyber security, financial institutions and their chief security officers and business leadership team must create and implement cyber security best practices by deploying highly developed technologies to avoid potential pitfalls. The Knowledge Group is assembling a panel of distinguished thought leaders, professionals and key regulators to help security and financial executives and management teams learn the latest best practices & policies for cyber security. The speakers will present their expert opinions in a two-hour webcast.
Agenda
SEGMENT 1: Jenny Menna, Director, Co-Lead Cybercrime Practice, Forensic Services, Director, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security Division- Government perspective on the cyber threat
- What DHS can offer the Banking and Financial Sectors
- What the Banking and Financial Sectors can do to enhance their, and the nation’s, cyber security posture
- Targeted cyber attacks and how to enhance security controls around such attacks
- Cyber crisis management - broadening the scope of incident response
- Raising cyber awareness within non-IT management and the GC's office
- "Social media" and "e-Espionage" - the innocent use of one can result in the other.
- Does a company need to be compromised before they address security issues?
- The larger the company, the taller the silos - miscreants love tall silos.
- Go over a few issues/incidents impacting the financial (and other) communities.
- Some high-level best practice suggestions for defense
- The changing Federal regulatory framework of cyber-security enforcement
- Can regulation adequately address cyber-security threats in light of increase sophistication and rapid technology development
- Adopting a practical compliance strategy in light of existing best practices and proposed new legislation
Who Should Attend
- CFOs
- Chief Security Officers
- Senior Executives
- Bank Executives
- Financial Crime Attorneys & Consultants
- Chief Risk Officers
- IT Heads
SEGMENT 1: Jenny Menna, Director, Co-Lead Cybercrime Practice, Forensic Services, Director, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security Division
- Government perspective on the cyber threat
- What DHS can offer the Banking and Financial Sectors
- What the Banking and Financial Sectors can do to enhance their, and the nation’s, cyber security posture
- Targeted cyber attacks and how to enhance security controls around such attacks
- Cyber crisis management - broadening the scope of incident response
- Raising cyber awareness within non-IT management and the GC's office
- "Social media" and "e-Espionage" - the innocent use of one can result in the other.
- Does a company need to be compromised before they address security issues?
- The larger the company, the taller the silos - miscreants love tall silos.
- Go over a few issues/incidents impacting the financial (and other) communities.
- Some high-level best practice suggestions for defense
- The changing Federal regulatory framework of cyber-security enforcement
- Can regulation adequately address cyber-security threats in light of increase sophistication and rapid technology development
- Adopting a practical compliance strategy in light of existing best practices and proposed new legislation
Jenny MennaDirector, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security DivisionU.S. Department of Homeland Security
Ms. Menna oversees the Critical Infrastructure Cyber Protection & Awareness (CICPA) branch within NCSD that includes the Critical Infrastructure Protection Cyber Security, Control Systems Security, Cyber Exercise, Cyber Security Evaluations, and International programs. Through these programs, CICPA provides leadership, expertise and coordination to assess and mitigate risk to the nation’s critical cyber infrastructure. Recognizing the shared ownership, responsibilities, and the interconnected nature of cyberspace and the nation’s critical infrastructure each program executes its mission in collaboration with federal, state, local, private sector and international partners.
Ms. Menna also formerly served as the Deputy Director of the Infrastructure Partnerships branch in the Office of Infrastructure Protection. Prior to joining the Department of Homeland Security, Ms. Menna held a variety of program management roles for a large systems integration firm. She received both her M.A. and B.A. from the University of Chicago and is a certified Project Management Professional.
Edward P Gibson, CISSP, FBCSDirector, Cyber/Risk AssessmentsPwC
Edward P. Gibson, Esq., CISSP, FBCS, is a Director in PricewaterhouseCoopers' Forensic Services Group. He specializes in gathering intelligence to detect, mitigate, and prevent corporate IT and security risks such as economic espionage, IT / bank fraud, and cyber attacks. Prior to PwC, 2005-2009, Gibson was the Chief cyber Security Advisor for Microsoft Ltd in the United Kingdom (UK) and praised for his unique ability to make security issues relevant and personal. From 1985-2005 Gibson was a career FBI Special Agent. He specialized in investigating complex international white-collar crimes, and was cited for his work in various espionage investigations involving FBI & CIA traitors. Assigned to the FBI’s Office of Legal Attaché, US Embassy London, from 2000-2005, he was responsible for FBI matters such as cyber matters in the UK and Ireland involving terrorism, extortion, kidnapping, crimes against children, and various complex financial frauds. Gibson also advised on Mutual Legal Assistance Treaty (MLAT) requests, extraditions, USA Patriot Act (emergency requests), and the increasingly crime plagued cyber environment. From 1980-1985, Gibson was a lawyer for a US based multi-national corporation. He is also a qualified Solicitor in England and Wales, was a Special Assistant United States Attorney, is a Vietnam era veteran (US Army), and holds an active Top Secret Security clearance. He is a Certified Information Systems Security Professional (CISSP), Fellow of the British Computer Society (FBCS), and a member of the Information Security - Europe “Hall of Fame”. E-Mail: Ed.Gibson@us.pwc.com.
Kimberly PerettiDirector, Co-Lead Cybercrime Practice, Forensic ServicesPwC
Kimberly Kiefer Peretti, J.D., LL.M., CISSP, joined PricewaterhouseCoopers in May 2010 as a Director in the Washington D.C. Forensic Services practice. Peretti, a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section, focuses on the prevention, response and remediation of all types of data breaches, including breaches involving payment card information (PCI), personally identifiable information (PII), and personal health information (PHI). She also services a wide range of clients in matters of cyber intrusions, cyber investigations, cyber security, financial crime, fraud, and regulation, payment systems compliance and risk mitigation, economic espionage, and Intellectual Property theft. Peretti is a Board Advisor to the Financial Services Information Sharing and Advisory Center (FS-ISAC).
While at the Department of Justice, Peretti led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez who is currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the Department of Justice in which over 170 million credit and debit card numbers were stolen from over 14 major U.S. retailers. For this prosecution, Kimberly received the U.S. Attorney General's Distinguished Service Award and Visa's Leadership in Security Award.
Peretti's law review article entitled "Data Breaches: What the Underground World of Carding Reveals," resulted in a hearing before the US House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry and has been cited by at least one State Supreme Court. She is a frequent keynote speaker and lecturer on the topic of data breaches, cyber investigations and cyber crime, and has been recognized as an "industry pioneer" by SC Magazine in the information security industry.
Gavin ReidSenior ManagerCisco CSIRT
As an IT security specialist with more than two decades of experience, Gavin Reid works with some very interesting people - from leaders in the vanguard of information security to hackers in the computer underground.
Gavin leads the Computer Security Incident Response Team at Cisco Systems - a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cyber security incidents. As an active member of the computer security community, he also supports security training with the SANS Institute and chairs the working group responsible for the Common Vulnerability Scoring System.
Gavin joined Cisco in 1999 from the National Aeronautics & Space Administration where he oversaw IT Security at the Johnston Space Center.
Mauricio F. PaezPartner - Privacy and Data Security, Intellectual Property, Outsourcing, and Technology Transactions Jones Day
Mauricio Paez advises Jones Day's global clients on privacy and data protection, cross-border intellectual property and technology commercial transactions, and strategic sourcing and outsourcing matters. In addition, he advises clients on the acquisition and disposition of technology assets and intellectual property rights worldwide.
As a co-chair of the Firm's global privacy practice, he advises Fortune 100 companies on all legal aspects of privacy and information security. He regularly advises global clients on current and emerging information management, privacy, security, and data protection laws. He has assisted clients in developing and implementing worldwide policies and compliance procedures for handling and safeguarding personal and company information, maintaining and transferring customer and employee information, and regulating data transfers with third parties.
He also conducts all phases of privacy assessments and information security policy audits, and assists clients in handling and responding to data security incidents on a worldwide basis. Mauricio advises clients on US laws (such as GLB, HIPAA, COPPA, CAN-SPAM, FCRA/FACTA, and security breach notification obligations) and data protection compliance risks in other major jurisdictions (for example, Canada, EU, Latin America, and Asia). He was recently recognized in The Legal 500 (2010) as a leading individual in global data protection and privacy.
Course Level:
Intermediate
Advance Preparation:
Print and review course materials
Method Of Presentation:
On-demand Webcast
Prerequisite:
NONE
Course Code:
114155
Total Credits:
2.0 CLE
No Access
You are not logged in. Please Login or register to the event to gain access to the materials and login instructions.
About the Knowledge Group
The Knowledge Group has been a leading global provider of Continuing Education (CLE, CPE) for over 13 Years. We produce over 450 LIVE webcasts annually and have a catalog of over 4,000 on-demand courses.
Speaker Firms
Click firm logo/firm name to learn more
U.S. Department of Homeland Security
Faculty
Click show bio to learn more
Jenny Menna
Director, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security Division
U.S. Department of Homeland Security
Director, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security Division
U.S. Department of Homeland Security
Edward P Gibson, CISSP, FBCS
Director, Cyber/Risk Assessments
PwC
Director, Cyber/Risk Assessments
PwC
Kimberly Peretti
Director, Co-Lead Cybercrime Practice, Forensic Services
PwC
Director, Co-Lead Cybercrime Practice, Forensic Services
PwC
Gavin Reid
Senior Manager
Cisco CSIRT
Senior Manager
Cisco CSIRT
Mauricio F. Paez
Partner - Privacy and Data Security, Intellectual Property, Outsourcing, and Technology Transactions
Jones Day
Partner - Privacy and Data Security, Intellectual Property, Outsourcing, and Technology Transactions
Jones Day
About the Knowledge Group
The Knowledge Group has been a leading global provider of Continuing Education (CLE, CPE) for over 13 Years. We produce over 450 LIVE webcasts annually and have a catalog of over 4,000 on-demand courses.
Website: https://www.cisco.com/
Established in 1893 Jones Day has more than 2,500 lawyers resident in key centers of business and finance worldwide. The Firm acts as principal outside counsel to, or provides significant legal representation for a majority of the Fortune Global 500, more than half of the Fortune 500 and a wide variety of other business entities and individuals.
As one of the world's largest and most diverse firms, Jones Day's clients benefit from the strength of multidisciplinary teams and the seamless transfer of resources across multiple jurisdictions and borders. Its Privacy and Data Security lawyers work with clients on a broad range of matters, from conducting privacy audits to assisting with the development of compliance policies, to providing representation in the face of enforcement actions.
Website: https://www.jonesday.com/
Ms. Menna oversees the Critical Infrastructure Cyber Protection & Awareness (CICPA) branch within NCSD that includes the Critical Infrastructure Protection Cyber Security, Control Systems Security, Cyber Exercise, Cyber Security Evaluations, and International programs. Through these programs, CICPA provides leadership, expertise and coordination to assess and mitigate risk to the nation’s critical cyber infrastructure. Recognizing the shared ownership, responsibilities, and the interconnected nature of cyberspace and the nation’s critical infrastructure each program executes its mission in collaboration with federal, state, local, private sector and international partners.
Ms. Menna also formerly served as the Deputy Director of the Infrastructure Partnerships branch in the Office of Infrastructure Protection. Prior to joining the Department of Homeland Security, Ms. Menna held a variety of program management roles for a large systems integration firm. She received both her M.A. and B.A. from the University of Chicago and is a certified Project Management Professional.
Edward P. Gibson, Esq., CISSP, FBCS, is a Director in PricewaterhouseCoopers' Forensic Services Group. He specializes in gathering intelligence to detect, mitigate, and prevent corporate IT and security risks such as economic espionage, IT / bank fraud, and cyber attacks. Prior to PwC, 2005-2009, Gibson was the Chief cyber Security Advisor for Microsoft Ltd in the United Kingdom (UK) and praised for his unique ability to make security issues relevant and personal. From 1985-2005 Gibson was a career FBI Special Agent. He specialized in investigating complex international white-collar crimes, and was cited for his work in various espionage investigations involving FBI & CIA traitors. Assigned to the FBI’s Office of Legal Attaché, US Embassy London, from 2000-2005, he was responsible for FBI matters such as cyber matters in the UK and Ireland involving terrorism, extortion, kidnapping, crimes against children, and various complex financial frauds. Gibson also advised on Mutual Legal Assistance Treaty (MLAT) requests, extraditions, USA Patriot Act (emergency requests), and the increasingly crime plagued cyber environment. From 1980-1985, Gibson was a lawyer for a US based multi-national corporation. He is also a qualified Solicitor in England and Wales, was a Special Assistant United States Attorney, is a Vietnam era veteran (US Army), and holds an active Top Secret Security clearance. He is a Certified Information Systems Security Professional (CISSP), Fellow of the British Computer Society (FBCS), and a member of the Information Security - Europe “Hall of Fame”. E-Mail: Ed.Gibson@us.pwc.com.
Kimberly Kiefer Peretti, J.D., LL.M., CISSP, joined PricewaterhouseCoopers in May 2010 as a Director in the Washington D.C. Forensic Services practice. Peretti, a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section, focuses on the prevention, response and remediation of all types of data breaches, including breaches involving payment card information (PCI), personally identifiable information (PII), and personal health information (PHI). She also services a wide range of clients in matters of cyber intrusions, cyber investigations, cyber security, financial crime, fraud, and regulation, payment systems compliance and risk mitigation, economic espionage, and Intellectual Property theft. Peretti is a Board Advisor to the Financial Services Information Sharing and Advisory Center (FS-ISAC).
While at the Department of Justice, Peretti led several benchmark cybercrime investigations and prosecutions, including the prosecution of the infamous TJX hacker Albert Gonzalez who is currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the Department of Justice in which over 170 million credit and debit card numbers were stolen from over 14 major U.S. retailers. For this prosecution, Kimberly received the U.S. Attorney General's Distinguished Service Award and Visa's Leadership in Security Award.
Peretti's law review article entitled "Data Breaches: What the Underground World of Carding Reveals," resulted in a hearing before the US House of Representatives Homeland Security Committee to consider vulnerabilities in the payment card industry and has been cited by at least one State Supreme Court. She is a frequent keynote speaker and lecturer on the topic of data breaches, cyber investigations and cyber crime, and has been recognized as an "industry pioneer" by SC Magazine in the information security industry.
As an IT security specialist with more than two decades of experience, Gavin Reid works with some very interesting people - from leaders in the vanguard of information security to hackers in the computer underground.
Gavin leads the Computer Security Incident Response Team at Cisco Systems - a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cyber security incidents. As an active member of the computer security community, he also supports security training with the SANS Institute and chairs the working group responsible for the Common Vulnerability Scoring System.
Gavin joined Cisco in 1999 from the National Aeronautics & Space Administration where he oversaw IT Security at the Johnston Space Center.
Mauricio Paez advises Jones Day's global clients on privacy and data protection, cross-border intellectual property and technology commercial transactions, and strategic sourcing and outsourcing matters. In addition, he advises clients on the acquisition and disposition of technology assets and intellectual property rights worldwide.
As a co-chair of the Firm's global privacy practice, he advises Fortune 100 companies on all legal aspects of privacy and information security. He regularly advises global clients on current and emerging information management, privacy, security, and data protection laws. He has assisted clients in developing and implementing worldwide policies and compliance procedures for handling and safeguarding personal and company information, maintaining and transferring customer and employee information, and regulating data transfers with third parties.
He also conducts all phases of privacy assessments and information security policy audits, and assists clients in handling and responding to data security incidents on a worldwide basis. Mauricio advises clients on US laws (such as GLB, HIPAA, COPPA, CAN-SPAM, FCRA/FACTA, and security breach notification obligations) and data protection compliance risks in other major jurisdictions (for example, Canada, EU, Latin America, and Asia). He was recently recognized in The Legal 500 (2010) as a leading individual in global data protection and privacy.
