CreditUnionMagazine.com
Navigation bar
Lending Marketing Technology Operations Human Resources Communications Credit Union Data Products Buyers Guide Info Systems Guide
Online Poll

Should CUs accept the matricula consular as a form of ID?

Yes
No
CUNA: Credit Union National Association

What Are the Components of Information Security?

Kelly Dowell, president of Garrison Technologies Inc., Austin, Texas (www.garrison.com), and founder of the new Credit Union Information Security Professionals Association (CUISPA), recently shared his thoughts about information security with Credit Union Magazine.

What are the biggest information security risks CUs face?

In information security, seemingly small controllable risks can escalate into critical risks. Destructive worms could cripple a network, putting the credit union out of business until they’re cleaned up. A large-scale identification theft could present serious reputation risk. A system failure could put you off-line, making members impatient. It’s hard to say what the biggest risk is, considering what a credit union has at stake. The biggest risk could be the lack of adequately preparing for the possible.

How have these risks changed over the years, and how might they change in the future?

Although scams and threats haven’t changed dramatically for decades, technology has added a new level of risk. The problem we now face is that technology is pervasive throughout the financial industry. It’s far easier for criminals to attempt a scam using technology. Hacking tools are widely available and relatively simple to use. Even when a credit union isn’t specifically targeted it can fall victim to a widely distributed attack on a particular piece of software or technology.

When protecting an environment, it’s not always the criminal you’re trying to prevent, it’s the technology’s overall susceptibility. For example, proper patching can prevent a wide array of risks. Policies can prevent a wide array of litigation. As long as technology and business processes evolve, security concerns will remain a risk.

How can CUs prevent information security breaches?

Beside the typical countermeasures, the single most effective tool in preventing security breaches is a comprehensive awareness program. Educating employees on security risks and their role in protecting the credit union’s assets can have a tremendous impact on your security program.

Most people want to do the right thing, but it’s our nature to lose interest in things that don’t effect us directly on a daily basis. It’s easy to say, "It won’t happen to me right now. I’ll do something when I have more time." The trick is making security an instinctive and integral part of your daily operations. Awareness and education can go a long way.

What’s a common mistake CUs make concerning information security?

Handling information security as a technology problem with technological solutions. Much of this can be blamed on the security industry. Over the past several years, there has been a flood of new security vendors promoting their products. While many of these products are very good, credit unions need to consider the entire strategy before buying. A budget may be more effective if applied to a different problem. Your annual security assessment should shed light on deficiencies.

What are the components of proper information security?

The most important thing to keep in mind is that information security requires ongoing diligence. Environments change over time, whether through mergers, technology, or processes. And even if they don’t change, people do.

Many different security organizations have broken down the components of a security program, but they always refer to the same key areas:

  • Policies and procedures that outline proper use of information and information systems;
  • Technology countermeasures to prevent intrusions, attacks, and system misuse;
  • Awareness and education programs for the information technology (IT) staff, management team, and all employees;
  • Roles and responsibilities for managing information security; and
  • Periodic review and evaluation of the program’s effectiveness.

How will CUISPA help CUs?

CUISPA's mission is to facilitate collaboration between security specialists, vendors, regulatory bodies, and credit union IT professionals to improve security throughout the movement. CUISPA’s Web site will give members direct access to quality education, relevant information, confidential knowledge sharing, and services.

When protecting an environment, it’s not always the criminal you’re trying to prevent, it’s the technology’s overall susceptibility.
Policy development is one example. CUISPA and one of its affiliate members, has initiated a security policy collaboration project members can access through www.cuispa.org. The policy project will provide standardized, credit union-specific templates, policies, and management tools to help members maintain comprehensive policies.

CUISPA’s Web site will consolidate relevant security information, updates, and news to eliminate the need for IT administrators to visit multiple sites to find what they need. Based on member input and requests, we’ll continually evolve a highly focused and informative Web site. Participation in CUISPA is a sign of a credit union’s commitment to securing cyberspace and protecting members’ private information.

What factors led to CUISPA’s formation?

Securing information is a complex challenge. The threats and risks are in a constant state of change, and the culprits’ sophistication continues to advance along with the sophistication of hacking software. In addition, security vendors are getting increasingly competitive. Despite a tremendous amount of security information that’s available through the Internet, finding relevant information and impartial advice has become a real challenge.

CUISPA’s directors envision an association that will provide impartial expertise through a network of cooperating organizations to help member credit unions maximize security efforts and reduce costs.

One initiative CUISPA is developing is a consumer awareness program. With the cooperation of affiliate members, we’re developing a security Web portal for credit union members. This portal will provide advice on protecting home computers, preventing identification theft, and staying safe online. Unlike other similar sites, this program will provide information from the credit union movement. CUISPA members will be able to put an icon on their Web sites that links members to this educational information, demonstrating their commitment to safeguarding member information.

More security articles:
 

Copyright © 2008 - Credit Union National Association, Inc.