|2010 FS-ISAC/ BITS/ FSTC Annual Summit: Building a Layered and Integrated Defense Strategy
May 3-5, 2010, St. Pete Beach, FL*Participants should reference the contact list included in their registration packet and contact speakers directly for copies of their presentations.FS-ISAC, FSTC and BITS hosted 400 security and risk professionals in Florida, May 3-5, to focus on protecting the financial services industry from cyber threats and security issues. Security experts, regulators and service providers exchanged information on risk management topics covering a swath of topics from malware to cloud computing to a world wide Internet outage.Bob Carr, Chairman and CEO of Heartland Payment Systems, opened the Summit by sharing lessons learned from the 2008 data breach and the security solutions that came from them. The meeting wrapped up with Mike McConnell of Booz Allen Hamilton stressing the importance of senior industry involvement in security issues and a panel of CISOs, who synthesized the information shared over the past three days.
BITS and FSTC Summit Highlights:
In addition to the Summit sessions, BITS and FSTC held member Steering Committee, Working Group, and Project meetings.
- The BITS Security Steering Committee discussed the status of the email authentication initiative and eCert Systems as the service provider to pilot the Registry. The Committee also reviewed options for the Software Assurance Initiative and scoped projects and possible deliverables for cloud computing, social networking and malware projects.
- The BITS Security Working Group met with representatives from the Federal Reserve, Treasury, Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) on top security and operational risks. FaceTime Communications, Inc. presented on the opportunities and risks of social media for financial services and myNetWatchman presented on malware analysis. The FaceTime presentation is available on the members-only BITS Security meeting page.
- The BITS Regulation Steering Committeediscussed overall program management, anticipated authentication guidance, and ICANN governance. Members also assessed pending cybersecurity legislation, FCC’s proposed rule on Auto-dialing, and the SEC’s proposed rule on Asset-Backed Securitization.
- FSTC President Paul Smocer presented BITS and FSTC’s joint email security work on a panel, “Phishing Prevention: Restoring Trust to the Email Channel,” and moderated the “Authentication: Industry Efforts and Supervisory Concerns” panel. The discussion covered preventing email abuse, protecting email as a delivery channel, implementation challenges, and current and future regulatory actions. BITS’ email security white papers are available on our publications page.
- John Ingold, BITS Vendor Management Director, moderated the panel “Effective Vendor Risk Management through Relationship Management.” Discussion centered on the Shared Assessments program and BITS’ current Vendor Engagement efforts. Ingold relayed information on the process to identify critical service providers and establish objective evaluation criteria for effective vendor risk management. Additional information on the Shared Assessments program is available atwww.sharedassessments.org. Download the BITS Framework for Managing Technology Risk for Service Provider Relationships on our publications page.
- FSTC’s ID Management Project members met to share information on trends and alternative business models. Roundtable CTO Dan Schutzer led the discussion.
More than 20 breakout sessions provided an interactive format to share information on topics including:
- Data protection methods, including authentication, encryption and tokenization
- Setting a security standard and creating an operational architecture to secure mobile devices
- A detailed look into the Common Vulnerabilities and Exposures (CVE) enumeration and the Common Vulnerability Scoring System (CVSS)
- Malware, ACH and Wire Fraud – Detection points and methods to identify and detect activity to avoid losses
- Approaches to preventing and combating phishing, as well as industry efforts to protect the email channel
- Common web attacks, techniques and methods for mitigating risk in the overall web environment
- Key security and regulatory concerns of cloud computing as well as ways banks are using the cloud safely now
- How to develop best practices and risk management strategies for social media use
The 2011 conference will be held May 2-4 in Miami.
For more information on the Summit, BITS or FSTC, please contact Ann Patterson, email@example.com or