The Enemy from Within
As criminals become more of a threat to financial institutions, banks, especially senior executive have to be vigilant in identifying and proactively managing security threats. "The Enemy from Within" is a live teleconference which will explore security management issues from the senior manager perspective: how to spot threats, employees, customers, structure your org chart, cyber security, working with IT.
<strong id="ep-name-of-speaker">Ruth Hill Bro, Partner,</strong>
<em id="ep-speaker-firm">Baker & McKenzie LLP</em>
- Key drivers for this issue -- technology, law, media.
- You're in the driver's seat -- not just an IT issue/duty, it's a business legal issue/duty.
- Going down new roads -- initiatives with implications for personal data.
- Won't come back from Dead Man's Curve -- real-life examples of data security missteps.
- The costs of not planning for the road ahead.
- Rules of the road/lessons learned.
<strong id="ep-name-of-speaker">Don Kohtz, Director of Investigative & Compliance Solution,</strong>
<em id="ep-speaker-firm">Continuum Worldwide</em>
- What is the profile of the typical white collar criminal.
- Examples of accidental and intentional threats that may occur in a bank.
- Prevention -- how to limit fraud losses.
- Best practices to combat violence in the workplace.
<strong id="ep-name-of-speaker">Mark A. Eich, Principal, Information Security Services Group,</strong>
<em id="ep-speaker-firm">LarsonAllen </em>
I would like to focus on social engineering. This type of attack focuses on leveraging insiders to enable and perpetuate the scheme. The goal may be the harvest of information or the actual theft of money from the bank. High level points include:
- E-mail attacks
- Telephone attacks
- In-person attacks
- Macro policies
- Micro policies
- Event logging
<strong id="ep-name-of-speaker">Jonathan G. Gossels, President & CEO,</strong>
<em id="ep-speaker-firm">SystemExperts Corporation</em>
- Security is a firm-wide responsibility, not an IT function.
- Understanding your true security stance, as measured against an objective and comprehensive security framework like ISO 177999/27002 lets you manage real business risk and prioritize spending.
- Most security breaches are caused accidentally by insiders just trying to do their jobs. Establishing a culture of security awareness is arguably the most important single activity you can do.
- Just like quality is not something you inspect-in at the end of a manufacturing process, security has to be an integral part of every job in a bank.
- Applications are your Achilles heal. If you don’t have a systematic application vulnerability assessment program in place, you are at risk.
- The threat profile is changing; many banks are now dealing with threats from international organized crime and hostile foreign governments.
Who Should Attend:
At banks & Financial Institutions: Chief Security Officers, Chief Risk managers, Senior Executrices, Financial Crime Attorneys & Consultants.
Ruth Hill Bro is a partner at Baker & McKenzie LLP (Chicago), where she advises businesses on privacy strategy and global compliance and is the founding North American member of the firm’s Global Privacy Steering Committee and its Privacy Newsletter editorial board. Now Chair-Elect of the ABA Section of Science & Technology Law, she founded/chaired the ABA’s E-Privacy Law Committee for five years. She also chairs the Section's new Committee for the Advancement of Science and Technology Law and Education (CASTLE). Ruth speaks and writes extensively, including her quarterly column, CPO Corner, and her most recent book, The E-Business Legal Arsenal: Practitioner Agreements and Checklists. Listings include Chambers USA: America's Leading Business Lawyers and The Legal 500 US. Her views have been noted in the Wall Street Journal, NY Times, National Law Journal, Corporate Counsel, BNA Privacy & Security Law Report, Bloomberg Radio, and CNBC. She received a Bachelor of Arts degree from Northwestern University and a Juris Doctor degree from the University of Chicago. And she won New York Law Journal's 2006 fiction contest for her short story, "Privilege".
Ruth Hill Bro is a partner at Baker & McKenzie LLP (Chicago), where she advises businesses on privacy strategy and …
Don Kohtz is the Director of Investigative & Compliance Solutions with Continuum Worldwide. He was formerly an Assistant Attorney General for the State of Nebraska, the Fraud Bureau Chief at the Nebraska Department of Insurance, and was legal counsel to insurance companies and financial institutions.
Don has presented and published articles on the topics of fraud, risk mitigation, and compliance matters. He has investigated matters involving fraud, white collar crime and unethical behavior.
Don holds a Bachelor of Science degree, a Doctorate of Jurisprudence, and is certified as a HIPAA Professional (HIPPAP). He is a member of the Nebraska Power Review Board, which regulates Nebraska’s publicly owned electrical utility industry. He is a former executive board member of the Nebraska Crime Stoppers, Inc., and the Heartland Chapter of the Association of Certified Fraud Examiners (ACFE). He is an associate member of both the local chapter and the national organization of the ACFE. He is a recipient of the Distinguished Achievement Award from the ACFE for his efforts in the fight against fraud.
Don Kohtz is the Director of Investigative & Compliance Solutions with Continuum Worldwide. He was formerly an Assistant Attorney General …
Mark is Principal in charge of the Information Security Services Group at LarsonAllen. He has over 20 years experience in auditing and technology consulting. In this position, he has actively led many IT audits and security assessments for banks with a diversity of operating environments. He leads a team of technology and industry specialists in an efficient approach to provide security analyses that are balanced with business needs. Information security assessments include:
• Network penetration services.
• Internal network security assessments.
• Information security general controls.
• Information security policies and procedures assessment / consulting.
• Incident response and electronic forensics services.
Mark is a frequent speaker on information security topics for banks and has been retained by the Independent Community Bankers of America to teach information systems auditing course as part of their Audit Institute for bank internal auditors.
Mark is Principal in charge of the Information Security Services Group at LarsonAllen. He has over 20 years experience in …
Jonathan Gossels is President of SystemExpertsTM Corporation, a consulting firm specializing in computer and network security and compliance. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this work, balancing all technical initiatives with business requirements and impact.
Prior to founding SystemExperts, Jonathan built the Consulting Services operation for OpenVision Technologies (now Veritas). Before that, he was the Director of Business Development and Business Area Manager of Interoperability for the Open Software Foundation (OSF). In that role, Jonathan initiated and led the Distributed Computing Environment (DCE) project from its inception through its three major releases.
Jonathan is frequently quoted on the emerging challenges as well as best practices in information security in leading publications such as ComputerWorld, Information Week, CSO Magazine, Wall Street & Technology Magazine, and InfoWorld. He is also a regular contributor to SC Magazine and the ISSA Journal.
Jonathan has served on the editorial advisory board of Information Security Magazine, as technical advisor to Dateline NBC, and has been a guest on CBS news radio.
Jonathan is a graduate of Yale University and MIT's Sloan School of Management.
Jonathan Gossels is President of SystemExpertsTM Corporation, a consulting firm specializing in computer and network security and compliance. He plays …
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE)
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3