BankInfoSecurity.com Interviews Alan Paller of the SANS Institute
The SANS Institute is the largest source for information security training and certification in the world. BankInfoSecurity.com recently interviewed Alan Paller, Director of Research for SANS and probed his views on information security and cyber threats facing financial institutions.

As Director of Research for the SANS Institute, Alan is responsible for overseeing all research projects ranging from the SANS Step-by-Step guides to the SANS digests to the Top Twenty Internet Security Threats.

He is the founder of the CIO Institute, and earned his degrees in Computer Science and Engineering from Cornell and MIT. Alan is the author of the EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

In 2001 the President named Alan as one of the original members of the National Infrastructure Advisory Council, and in 2005 the Federal CIO Council chose him as its 2005 Azimuth Award winner recognizing his vision and outstanding service to federal information technology.

In the interview Paller describes the state of information security, cybercrime and its impact on online banking, inoculation programs and user rights, need for disclosure in banks, need for strong incident response program with forensics, long term solutions for information security, plans to test computer grads on information security, malicious software hidden on computers and more.Excerpt from podcast:

LINDA MCGLASSON: As you’ll know, the banking industry is one of the most highly regulated of all businesses. If you were the “decider” at a federal regulatory agency, what regulation would you enact or repeal for banks and credit unions in regards to strengthening information security?

ALAN PALLER: Only one: That’s disclosure. The character of security is that as long as it can be swept under the rug, it will be considered an insurance adjustment. And if the money weren’t going to the terrorists, I wouldn’t care; but given that we’re funding the bombs, we need to stop the losses. And the only way you’re going to get senior bank officials to stop the losses is if they have criminal penalties for not reporting it.




Around the Network