State of Banking Information Security Survey: Your Chance to Ask Questions, Get Answers
This is because I'm just now helping to put the finishing touches on our annual State of Banking Information Security survey, which helps us take the pulse of the banking/security community, so we can gauge the priorities for the year ahead.
Last year - the survey's first - we quickly determined that customer confidence was a huge topic for banking institutions, and see how that's played out this year. Same for vendor management - we didn't predict the specific regulatory guidance that came down on the topic this year, but we sure did pinpoint the need for it.
Over the past couple of weeks, I've reached out to a variety of colleagues - bankers, regulators, academics, analysts - and here are some of the topics they'd like to see discussed in the 2009 State of Banking Information Security survey
So, what will be 2009's hot topics?
I've got my ideas. I believe vendor management is going to remain a top priority for some months, especially as the global economic situation pushes more institutions to at least explore the expansion of their outsourcing initiatives.
Confidence will remain an agenda item, too, as Main Street institutions continue to reach out to their customer base to distinguish themselves from Wall Street.
Regulatory compliance, anyone? With a new administration and Democratic Congress, it's a shoe-in that we'll see new oversight for financial institutions. Just a matter of what and when.
But what do you foresee?
Over the past couple of weeks, I've reached out to a variety of colleagues - bankers, regulators, academics, analysts - and here are some of the topics they'd like to see discussed in the 2009 State of Banking Information Security survey:
Insider Threat: From a former big-bank CISO: There is growing debate about whether employees still are the primary threat to institutions. It might be interesting to quantify the perceived level of threat.
What do you see as the primary threat to the security of your institution's and your customer's information?
a). Hackers, identity thieves and other criminals
b). Disgruntled employees
c). Inattentive or poorly trained employees
Vendor Management: From another large institution security officer: Will we move towards using recognized industry standards such as ISO 27001, FISAP and Type II SAS 70 when evaluating 3rd parties in lieu of banks continuing to perform their own unique IT audits and reviews?
Confidence: From a current CSO at a large bank: Given the nightly media blitz that the financial system is on the brink of collapse, how are we communicating with our customers and ensuring their awareness of the controls we have in place to protect them...and what they can do to help?
Customer Acquisition: From a federal regulator: Do you plan to use social networking sites, e.g., Facebook or MySpace, in marketing efforts to retail clients, especially to attract new, younger consumers?
So, those are their thoughts; what are yours?
Take a few minutes right now and share your ideas with me. What are your top-of-mind topics that should be included in the 2009 State of Banking Information Security survey?