BankInfoSecurity.com Interviews Alan Paller of the SANS Institute
As Director of Research for the SANS Institute, Alan is responsible for overseeing all research projects ranging from the SANS Step-by-Step guides to the SANS digests to the Top Twenty Internet Security Threats.
He is the founder of the CIO Institute, and earned his degrees in Computer Science and Engineering from Cornell and MIT. Alan is the author of the EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.
In 2001 the President named Alan as one of the original members of the National Infrastructure Advisory Council, and in 2005 the Federal CIO Council chose him as its 2005 Azimuth Award winner recognizing his vision and outstanding service to federal information technology.
In the interview Paller describes the state of information security, cybercrime and its impact on online banking, inoculation programs and user rights, need for disclosure in banks, need for strong incident response program with forensics, long term solutions for information security, plans to test computer grads on information security, malicious software hidden on computers and more.Excerpt from podcast:
LINDA MCGLASSON: As youâ€™ll know, the banking industry is one of the most highly regulated of all businesses. If you were the â€œdeciderâ€ at a federal regulatory agency, what regulation would you enact or repeal for banks and credit unions in regards to strengthening information security?
ALAN PALLER: Only one: Thatâ€™s disclosure. The character of security is that as long as it can be swept under the rug, it will be considered an insurance adjustment. And if the money werenâ€™t going to the terrorists, I wouldnâ€™t care; but given that weâ€™re funding the bombs, we need to stop the losses. And the only way youâ€™re going to get senior bank officials to stop the losses is if they have criminal penalties for not reporting it.