Financial Services Cybersecurity Roundtable

Roundtable Purpose:

The Financial Services Cybersecurity Roundtable is a cross-organizational, cross-functional “learning community” committed to working together to better protect our community from bank fraud, credit card theft, identity theft and other forms of cyber crime.

Roundtable Members

• Information security, treasury and risk officers at commercial financial institutions
• Relationship managers and other-customer-centric professionals in the financial services industry
• Law enforcement personnel engaged in financially-related cyber crime
• Financial services regulatory community

Roundtable Objectives

• Increase information sharing to better protect our community from cybercrime
• Manifest increased collaboration between LA law enforcement and the LA financial services community
• Strengthen relationships between law enforcement and the financial services community
• Provide a shared-learning environment in meeting the many challenges of cybercrime
• Work for ways to better share electronic information, both between financial institutions and between financial institutions and law enforcement
• Collaborate — as appropriate — in Public Service Announcements and other public outreach activities

Roundtable Meetings:

The Financial Services Cybersecurity Roundtable meets for breakfast every other month. Meetings are open to anyone in financial services or law enforcement with an interest in Forum objectives.  If you are interested in attending, please RSVP to one of our upcoming events.

Upcoming Events:

• Financial Services Cybersecurity Roundtable – December 14th

  December 14 @ 8:00 am - 10:00 am

Roundtable Background:

Read about the Forum in the Los Angeles Business Journal.

Roundtable Resources

NEW FFIEC Cybersecurity Assessment Tool

• FDIC Cybersecurity Awareness Training, San Francisco, August 2015
• FFIEC Cybersecurity Assessment Tool, Overview, FSSF, July 2015
• FFIEC Cybersecurity Assessment Tool, Inherent Risk Profile, FSSF, August 2015
• FFIEC Cybersecurity Tool Template (with great thanks to Dean Birge)

Customer-Facing Information [Please email us links to your financial institution’s customer-facing information]

• City National Bank: https://www.cnb.com/about/privacy-security/
• East West Bank: https://www.eastwestbank.com/english/Phishing_Alert.asp

Information from Law Enforcement [Please email us links to your organization’s information]

• Los Angeles County District Attorney’s Office: Identity Theft
• Los Angeles County Sheriff’s Office: Consumer Guide to Preventing Identity Theft (National Crime Prevention Council)
• Orange County Sheriff’s Department: Scams
• Orange County Sheriff’s Department: Identity Theft

Cyberseecurity News and Blogs

• DarkReading: http://www.darkreading.com/
• BankInfoSecurity: http://www.bankinfosecurity.com/
• SC Magazine: http://www.scmagazine.com/
• Krebs On Security: http://krebsonsecurity.com/
• The Register: http://www.theregister.co.uk/security
• Sophos: http://nakedsecurity.sophos.com/
• Security World: http://www.net-security.org/secworld_main.php
• Ars Technica: http://arstechnica.com/security/
• NetSecurity: http://www.net-security.org/
• ThreatPost: http://threatpost.com/
• Reddit:NetSec: http://www.reddit.com/r/netsec/
• GovernmentInfoSecurity: http://www.govinfosecurity.com/
• HealthcareInfoSecurity: http://www.healthcareinfosecurity.com/
• HealthDataManagement: http://www.healthdatamanagement.com/
• SecurityWeekly: http://securityweekly.com/
• CitadelOnSecurity CyberNewsletter: Cybersecurity News of the Week and Weekend Vulnerability & Patch Report citadel-information.com

Cybersecurity Resources

• PCI Security Standards Council: https://www.pcisecuritystandards.org/
• The SANS Institute: http://www.sans.org/
• Privacy Rights Clearinghouse: https://www.privacyrights.org/
• DataLoss db: http://datalossdb.org/
• Secunia Vulnerability Database: http://secunia.com/advisories/historic/
• The Ponemon Institute: http://www.ponemon.org/index.php
• ISSA-LA: issala.org
• OWASP (Open Web Application Security Project): http://www.owasp.com
• ISACA-LA: isacala.org

Government Organizations

• Electronic Crimes Task Force (Los Angeles): http://www.secretservice.gov/ectf_losangeles.shtml
• Department of Homeland Security: http://www.dhs.gov/topic/cybersecurity
• DHS: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report
• DHS Stop. Think. Connect: http://www.dhs.gov/stopthinkconnect
• InfraGard: https://www.infragard.org/
• US-CERT (United States Computer Emergency Readiness Team): https://www.us-cert.gov/
• The FBI White-Collar Crime: http://www.fbi.gov/about-us/investigate/white_collar/whitecollarcrime
• FFIEC Cybersecurity Awareness: http://www.ffiec.gov/cybersecurity.htm

Information Sharing Organizations (receive or provide) / Kinds of Information Shared

• High Technology Crime Investigation Association (HTCIA): http://www.htcia.org/
• Financial Services –Information Sharing and Analysis Center: https://www.fsisac.com/
• National Cyber-Forensics & Training Alliance (NCFTA): http://www.ncfta.net/

Board Governance Bibliography

• Managing Cyber Risk: Job #1 for Directors and General Counsel, FTI Journal, July 2014
• The Board’s Role in Cybersecurity, Richard Clarke and Jacob Olcott, The Conference Board, March 2014
• Cybersecurity — A Board Primer, BDO Board Reflections, Winter 2014
• Cyber Security: The Burden Approaches the Boardroom, NACD October 2013
• Cyber Risk and the Board of Directors—Closing the Gap, Michael Gold, Bloomberg Law, October 2013
• Managing Cyber Security Risk: All organizations must be more vigilant in protecting themselves from cyber threats. NACD, June 2013
• 2013 NACD Advisory Council on Risk Oversight Summary of Proceedings. NACD, May 2013
• CISOs Must Engage the Board About Information Security. CIO May 31, 2013
• The Art of Cyber War. NACD, May 3, 2013
• Survey of GCs sees cybersecurity risk and anxiety, [Dr. Stahl quoted], Sue Reisinger, Daily Report, February 14, 2013
• Unbalanced alignment. Information security needs to become a board-level priority and its executives need to have a seat at the boardroom table. Ernst & Young 2012 Global Information Security Survey – Fighting to close the gap, October 2012
• Clueless’ boards risk lawsuits, threaten national security. Network World, May 23, 2012
• Boards Are Still Clueless About Cybersecurity. Forbes Magazine, May 16, 2012
• Governance of Enterprise Security – Carnegie Mellon University – CyLab Report, 2012

Citadel Guides

• Personal Guide to Staying Safe Online
• Six Simple Tips to Lower Risk of Online Bank Fraud (for commercial account holders)
• The Commercial Reasonableness of Bank ACH Security Procedures, Stan Stahl, Brad Maryman, 2010.