The Field Report with Tom Field

State of Banking Information Security Survey: Your Chance to Ask Questions, Get Answers

State of Banking Information Security Survey: Your Chance to Ask Questions, Get Answers

As wild as the end of 2008 has been, I can't get my mind off 2009.

This is because I'm just now helping to put the finishing touches on our annual State of Banking Information Security survey, which helps us take the pulse of the banking/security community, so we can gauge the priorities for the year ahead.

Last year - the survey's first - we quickly determined that customer confidence was a huge topic for banking institutions, and see how that's played out this year. Same for vendor management - we didn't predict the specific regulatory guidance that came down on the topic this year, but we sure did pinpoint the need for it.

So, what will be 2009's hot topics?

I've got my ideas. I believe vendor management is going to remain a top priority for some months, especially as the global economic situation pushes more institutions to at least explore the expansion of their outsourcing initiatives.

Confidence will remain an agenda item, too, as Main Street institutions continue to reach out to their customer base to distinguish themselves from Wall Street.

Regulatory compliance, anyone? With a new administration and Democratic Congress, it's a shoe-in that we'll see new oversight for financial institutions. Just a matter of what and when.

But what do you foresee?

Over the past couple of weeks, I've reached out to a variety of colleagues - bankers, regulators, academics, analysts - and here are some of the topics they'd like to see discussed in the 2009 State of Banking Information Security survey:

Insider Threat: From a former big-bank CISO: There is growing debate about whether employees still are the primary threat to institutions. It might be interesting to quantify the perceived level of threat.

What do you see as the primary threat to the security of your institution's and your customer's information?

a). Hackers, identity thieves and other criminals
b). Disgruntled employees
c). Inattentive or poorly trained employees

Vendor Management: From another large institution security officer: Will we move towards using recognized industry standards such as ISO 27001, FISAP and Type II SAS 70 when evaluating 3rd parties in lieu of banks continuing to perform their own unique IT audits and reviews?

Confidence: From a current CSO at a large bank: Given the nightly media blitz that the financial system is on the brink of collapse, how are we communicating with our customers and ensuring their awareness of the controls we have in place to protect them...and what they can do to help?

Customer Acquisition: From a federal regulator: Do you plan to use social networking sites, e.g., Facebook or MySpace, in marketing efforts to retail clients, especially to attract new, younger consumers?

So, those are their thoughts; what are yours?

Take a few minutes right now and share your ideas with me. What are your top-of-mind topics that should be included in the 2009 State of Banking Information Security survey?

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.