Conferences & Education
Education Summit & Expo
November 11–15, 2010
Planet Hollywood, Las Vegas
Technology/Security Track
Innovation, change and creating efficiencies have long been a role for technology – but this environment demands more. At the Summit you will get IT know-how with a strong focus on technology risk management, contributing to bank performance, improving efficiency and more.
Our security focus keeps you abreast of the latest trends and solutions that help keep your customers, staff and assets safe.
Who Should Attend
- Chief Technology Officers
- Chief Information Officers
- IT Directors & Managers
- Network Administrators
- IT Security Directors & Managers
- IT Compliance Officers
- Physical Security Managers
Technology/Security Track Schedule
As of August 6, 2010
Click here to view Technology/Security Track Speaker Biographies
| Thursday, November 11 | |
| 7:00 am-7:30 pm | Registration Desk Open |
| 7:30-8:00 am | Breakfast |
| 8:00-10:00 am | Opening General Sessions - Strategy for Major Technology Shifts - Top Security Threats Facing Community Banks |
| 10:15-11:15 am | Learning Sessions - Server Virtualization and Shared Storage Best Practices - Protecting Customers from Internet Hijackings |
| 11:30 am-12:30 pm | Learning Sessions - Information Security Risk Assessments – Lessons Learned - Cyber Resiliency for Financial Institutions |
| 12:30-2:00 pm | Lunch with Speaker - Social Media Risk Management for Financial Institutions |
| 2:15-3:30 pm | Learning Sessions - Service Provider Oversight - The New Role of the CTO/CIO |
| 3:45-5:00 pm | Banker Peer Exchange Sessions - Technology/Security (Combined): Best Practices |
| 6:00-7:30 pm | Welcome Reception |
| 7:30 pm | Evening Open |
| Day 2: Friday, November 12 | |
| 7:00 am-6:30 pm | Registration Desk Open |
| 7:30-8:00 am | Breakfast |
| 8:00-9:15 am | Learning Session - Technological & Social Solutions to Security Issues |
| 9:15-10:15 am | Learning Session - Realizing Payments Security Through Encryption and Tokenization |
| 10:30-11:45 am | Banker Peer Exchange Sessions - Technology: How to Identify the Best New Technologies for Your Bank - Security: Customer Information Security & Incident Response Programs |
| 11:45-1:30 pm | Lunch & Product Showcase Presentations in Expo |
| 1:45-2:45 pm | Learning Session - Encryption of Confidential Information |
| 2:45-3:45 pm | Refreshments & Product Showcase Presentations in Expo |
| 3:45-5:00 pm | General Session - Moderated Regulator Panel |
| 5:00-6:30pm | Reception in Expo |
| 6:30 pm | Technology/Security Track Concludes |
Technology/Security Track Sessions
Click here to view Technology/Security Track Speaker Biographies
Click on the "Handout" links below to view and print PDFs of Speaker Handouts (where available).
Thursday, November 11 | 8:00-10:00 am Opening General Sessions
Strategy for Major Technology Shifts
Dan Holt, CEO, HEIT
2011 will be dramatically different than the last couple of years. Consumers and commercial customers have dramatically changed the way that they consume financial services, including mobile, payments, PFM, credit, and the like. It is critical now more than ever for the role of IT to strategically change as well, especially with the “Cloud” movement happening right now. Not only will we discuss the perspectives and research on the major technology shifts at community financial institutions, but also, we will share successes and the future.
Top Security Threats Facing Community Banks
Jon Ramsey, Chief Technology Officer, SecureWorks
This session discusses current and emerging security threats faced by community banks. The threats are compiled from more than 100 security engagements (IT audits, network assessments, penetration tests) performed in 2010. The presentation is designed to be interactive and provide meaningful information related to high-risk and repeat findings.
Thursday, November 11 | 10:15-11:15 am Learning Sessions
Server Virtualization and Shared Storage Best
Practices
Steve Kaplan, Vice President, INX, Inc.
Many financial institutions take a tactical approach to virtualization, deploying it as a point solution that keeps expanding until it becomes an enterprise platform. A strategic approach enables a much more elegant architectural design. Traditional silos of computer, storage and network are optimized while minimizing management. This session covers best practices for taking a strategic approach to successfully virtualizing a data center with an emphasis on servers and shared storage.
Protecting Customers from Internet Hijackings
William Schoch, President and CEO, Western Payments Alliance
Recent news stories have reported on the theft and misuse of valid corporate banking credentials via malware and keylogging to take over corporate accounts. Once an account has been taken over, a perpetrator can do virtually anything the legitimate account owner can do. Businesses and their financial institutions should be aware of this risk and take steps to ensure that these credentials are appropriately secured in order to prevent hijacking of business accounts.
Thursday, November 11 | 11:30 am-12:30 pm Learning Sessions
Information Security Risk Assessments – Lessons
Learned
Ruth Razook, CEO, RLR Management Consulting, Inc.
For years now we have been performing Information Security Risk Assessments. You would think after all this time we would have figured it all out, but that is not always the case! Believe it or not, we still see Risk Assessments that are not complete, do not include all the information they should and just don’t work. This session addresses the lessons we have learned over the years of what an Information Security Risk Assessment should be, and how it is the pre-requisite to the strategies the bank needs to develop to mitigate risks.
Cyber Resiliency for Financial Institutions
Marlene Roberts, Sr. Specialist, Critical Infrastructure Protection,
Financial and Banking Information Infrastructure Committee
Special Agent, Office of Infrastructure Protection, U.S. Secret Service,
Department of Homeland Security
Handout 1 | Handout 2 | Handout 3
Our speakers address the policy issues concerning physical and cyber resiliency for financial institutions. In this session, you’ll learn about national cyber-related issues such as the National Cyber Incident Response Plan and the financial services sector initiatives being undertaken in Washington, D.C.
Thursday, November 11 | 12:30-2:00 pm Lunch with Speaker
Social Media Risk Management for Financial
Institutions
Jon Ramsey, Chief Technology Officer, SecureWorks
Social technologies (blogs, social networks, chat, etc.) are prolific, and conversations are occurring whether your institution is aware of them or not. You must mitigate brand, security and compliance risks that arise when your bank, employees, members, vendors and competitors participate or are involved. This session outlines best practices for protecting against social engineering, brand attacks and a myriad of cyber threats so you can more safely leverage powerful social media to build business and create conversations.
Thursday, November 11 | 2:15-3:30 pm Learning Sessions
Service Provider Oversight
Michael Edison, CEO, Fortrex Technologies
You rely on a number of third-party providers to deliver products and services to the bank as well as to your customers. As an extension of your brand, you need to ensure that your vendors provide quality service and remain compliant in an ever-changing environment. This session addresses who should be responsible for the vendor management program, methods for determining vendor criticality, how to address vendors, key elements to rolling out a successful vendor management program, due diligence frequency determination and risk mitigation.
The New Role of the CTO/CIO
Michael Wofford, Engagement Manager, Sheshunoff Consulting +
Solutions
Who exactly is the CTO in a community bank? The answer can be vastly different depending on the type of organization, but the salient characteristics of a CTO should remain the same: a senior advisor on the strategy of building technology architecture and making sound technology investments. The CTO maintains a working knowledge of the latest trends in bank technology, oversees all technology projects, and leads and trains IT staff – and of course performs all other duties as assigned. This session explores the ways that a CTO should contribute to the executive team, lead IT managers and staff and consider strategies for remaining conversant with the myriad developments in banking and mainstream technology.
Friday, November 12 | 8:00-9:00 am Learning Session
Technological & Social Solutions to Security
Issues
Dana Turner, Security Practitioner, Security Education Systems LLC
Examiners require financial institutions to continually assess both current and emerging technological solutions that contribute to the security function’s ability to reduce losses from both internal and external sources. Technological solutions can’t stand alone, however, as a deterrent. The institution must also develop and implement effective policies, procedures, risk assessment practices and targeted training programs. This presentation uses the “people, places and things” concept to promote the integration of technological, physical and behavioral techniques that may avert or eliminate losses. Participants will learn about the relationships among the industry-standard security priorities.
Friday, November 12 | 9:15-10:15 am Learning Session
Realizing Payments Security Through Encryption and
Tokenization
Steven M. Elefant, Chief Information Officer, Heartland Payment Systems
Payment card data is a valuable target for fraudsters. Our speaker reviews the challenges and opportunities to secure sensitive card data through end-to-end encryption and tokenization, including the prospect to reduce the scope and cost of PCI.
Friday, November 12 | 1:45-2:45 pm Learning Session
Encryption of Confidential Information
Ken Liao, Senior Project Marketing Manager, Proofpoint, Inc.
As security, privacy and data breach regulations continue to increase, more organizations are looking to encryption to help protect confidential information. But, just as critical, policies need to be put in place that define when and what information needs to be encrypted. The best solutions address both of these points by implementing policy-based encryption to ensure the automatic encryption of sensitive information.
Friday, November 12 | 3:45-5:00 pm General Session
Moderated Regulator Panel
Dan Medici, National Bank Examiner, OCC
George Mori, Operational Risk Coordinator, FRB-SF
Eugene G. Moyes, Examination Specialist, FDIC
Moderator: Ruth Razook, CEO, RLR Management Consulting, Inc.
We will focus on current hot topics related to IT examination issues and provides insight on new updates and regulations that are on the horizon.
CEU Credits
Up to 10.25 CEUs hours may be available for this portion of the program.
Technology Advisory Committee Members
Kris Ainger, Vice President, IS Manager, First Community
Bank, Santa Rosa, CA, Chair
Matt Baxter, SVP, Information Technology, Bank of Utah, Ogden, UT
Cheryl Dunshee, SVP Sr. System Administrator, Montecito Bank & Trust, Santa Barbara, CA
Russ Furze, VP, IT Manager, Canyon National Bank, Palm Springs, CA
Sherman Lee, VP, Information Technology, National Bank of California, Los Angeles, CA
Ken Long, SVP/Chief Information Officer, American Perspective Bank, San Luis Obispo, CA
Nestor Lopez, Network Administrator, D. L. Evans Bank, Burley, ID
Jeanneine Miller, VP/ IT Manager, Pacific Continental Bank, Eugene, OR
Kelly Schlitz, Vice President – Operations, Security Business Bank of San Diego, Carlsbad, CA
Peter Tomaszewski, Information Security Officer, Exchange Bank, Santa Rosa, CA