It used to be that, when an account holder suffered from a security breach, he might tell ten of his friends. Now through social networks, the word can quickly reach 10,000. Combined with an increase in banking alternatives like online direct, the stakes have never been higher for FI security. With that in mind, PwC’s Joe Nocera maps out an approach to security that can help FIs stay ahead in the 21st century.

It used to be that, when an account holder suffered from a security breach, he might tell ten of his friends. Now through social networks, the word can quickly reach 10,000. Combined with an increase in banking alternatives like online direct, the stakes have never been higher for FI security. With that in mind, PwC’s Joe Nocera maps out an approach to security that can help FIs stay ahead in the 21st century.

Click here to access the audio transcript.

Joe Nocera
Partner, PricewaterhouseCoopers

Joseph Nocera is a Partner in PricewaterhouseCoopers’ Financial Services Practice. Joe’s experiences range from IT auditing to large scale systems implementation. Joe leads our Information Security, IT Risk Management and IT Governance practice for the Midwest market. Joe has significantly experience in assisting IT organizations meet regulatory demands such as Sarbanes-Oxley, AML, Basel II and GLBA. Joe has assisted organizations in building information security departments, information risk management functions and overall IT governance functions. Joe graduated from the University of Notre Dame.

Recent projects Joe has led include:

• Leading the selection and implementation of a managed security provider – this project involved the creation of an RFP, a vendor scoring matrix and assisting the client through the vendor presentations and selection process. Once an MSSP was selected, Joe’s team worked with the MSSP to identify sensor placement and monitoring architecture. Joe’s team also worked to define the client’s remaining operational threat management processes and the governing relationships with the MSSP.

• Design and implementation of a event collection, IDS and monitoring solution – this project involved the design implementation of an overall threat monitoring solution for a large insurance client.

• Leading a Security Program assessment – comparing a numerous Banks’ information security function to other similarly sized institutions. The output of these assessments included a comparison benchmark study and 3 year strategic roadmap for each client.

• Leading the design and implementation of an Identity and Access Management solution for numerous banking clients. These projects also included the design and implementation of a role based access control model.

• Leading a team that performed an inventory and risk assessment of the top 100 applications for a leading US based bank. The project was performed in order to allow the bank to prioritize its Change Management and Access Management process improvements focused on critical applications.

• Leading a team that designed and implemented an Oracle Identity Management solution for a large insurance company.

• Leading the development of an IT Controls framework for a large insurance company. The framework combined components of ITIL, CobiT and ISO 27001.

• Leading an IT Transformation Program for a large insurance company. This program included the reengineering of the client’s SDLC, Project Management Methodology, Change Management Processes, Access Management Processes, and Incident Management processes. In addition, Joe’s team assisted in the development of IT-Wide Policies and the creation of an IT Risk Management program. Joe led PwC’s team of 45 consultants that assisted in providing Program Management, Training & Communications, Process Design and Subject Matter expertise for the program.

• Leading a team of consultants in establishing an IT Governance organization for a regional bank. The project included the development of an IT Controls framework (based in CobiT, ITIL and ISO 27001) and the supporting processes to facilitate risk management, compliance and prioritization activities.

• Leading attack and penetration studies for numerous banks and insurance companies. • Leading an Oracle Identity Management and User Provisioning project for a Fortune 500 company in support of Sarbanes-Oxley requirements.

• Assisting numerous banks and insurance companies in developing CobiT Controls Frameworks to achieve Sarbanes-Oxley compliance for IT General Controls.

• Assisting numerous banks and insurance companies in executing remediation projects in support of IT Controls for Sarbanes-Oxley. Specific projects included IT Controls Self Assessment projects, IT Risk Assessment Programs, Documenting IT Policies and Procedures, and Information Security Technology Implementations.

• Assisting numerous banks and insurance companies in assessing their existing Information Security & Governance Programs and developing Security & Governance roadmaps and strategies.