Information Security and Compliance for the Financial Industry presented at 44Con 2011

by Nahil Mahmood,

Summary : This presentation will provide a holistic view of information security and compliance within the banking industry from the perspective of a CISO (Chief Information Security Officer). It will cover the organization structure within a typical global bank and also introduce particularly challenging aspects of being the CISO of a bank with cash machines in remote areas and coping with tribal loyalties in the business, from the auditing, compliance, and IT angles, and summarize the typical challenges that are faced in securing the banking IT infrastructure.
The presentation will describe the typical challenges that are faced in securing and hardening infrastructure that is already in production, serving thousands of customers. Working with IT Operations teams is always a challenge as their KPI is to keep the infrastructure running - not necessarily to secure it. Hence the task of the information security professional becomes significantly challenging.
The presentation will also cover effective approaches to securing the IT infrastructure, as well as what strategies work best to gain the approval of management. After attending this presentation, the audience will gain a very thorough grasp of the IT environment within a financial institution, how audit and compliance play their roles in driving IT Security, and how the information security professional can best adopt strategies to succeed in securing the infrastructure.