Can't Beat 'Em-Join Together

An emerging information security roundtable, formed by credit unions and their vendors, is promising to join forces against the advancing threat of cybercrime.

"Worms and malicious software have plagued us for years, but in just the past year we have seen them become dramatically more sophisticated and dangerous," observed Kelly Dowell, executive director of the new roundtable, the Credit Union Information Security Professionals Association (CUISPA).

And Dowell pointed to recent "zero-day exploit" threats that plague systems "even before a flaw has been disclosed or a fix becomes available."

CUISPA's goal is to help credit union IT professionals by fostering collaboration and knowledge-sharing among the community," he continued. "Credit unions don't have a way to communicate at the national level."

As the former CEO of Garrison Technologies, Inc., Dowell offered network security solutions to CUs for more than eight years. He continues to support some clients through Garrison Security Services during his transition to CUISPA's board, which includes Joe Visconti, formerly of the NCUA.

CUISPA's attempts to share information, establish standards and develop an early-warning system could be validated next week as the roundtable begins accepting paid memberships.

Credit unions that join as general members will pay dues of $595 per year, said Dowell. Vendors will join a separate "affiliate" membership.

About 70 credit unions and a dozen vendors have already signed up for the free general registration at CUISPA's website, Dowell said.

Public Employees of Texas is a $228-million credit union that plans to pay to join CUISPA's general membership, said Richard Lopez, Data Processing supervisor at the Austin, Texas-based CU.

"Keeping current on security is a great concern - CUISPA will resolve that concern," Lopez said.

"I hope to gain the additional knowledge needed to address all security issues and acknowledge security compliance standards, which in turn will allow me to continually develop and update the credit union's policy and procedures on security," he continued.

Even though security threats are posed to organizations across the board, credit unions need their own Information Security association, Dowell added.

"Roughly 9.800 credit unions across the country almost all operate the same way, with similar infrastructures, core processing and homebanking," he explained. "If we sit down and resolve a problem for one credit union, then we can apply the solution to the whole industry."

CUISPA will set security standards and best practices that complement credit union capabilities, Dowell said.

Lopez agreed. "I hope to contribute insight from a credit union perspective to identify and address issues and participate in the development of strategic standards on security."

Dowell said that existing security guidelines issued by the NCUA, such as 12 CFR Part 748 Guidelines for Safeguarding Member Information, "are established at a regulatory level and not necessarily by the credit unions themselves."

Vendors will contribute to security expertise via designated sections of the website, without using CUISPA to market their own solutions, Dowell said. "There is a great deal of knowledge at the vendor level to bring into the fold," he said.

CUISPA members can access discussion forums, information consolidation, an experts panel, solution reviews and industry trending, for example, at cuispa.org. In addition, CUISPA will organize peer group events.

"Large credit unions spend money on information security and take it seriously," said Dowell. "They're interested in CUISPA and see the need to contribute, but it's the mid-sized and smaller credit unions that will really benefit. So much of the credit union market is small, with fewer resources and less time to devote to Information Security."

CUJ Resources

For additional information on this story:

* www.cuispa.org

* Public Employees CU of Texas at www.pecutx.org

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER