http://www.bankinfosecurity.com/articles.php?art_id=1350 By Tom Field Editorial Director Bank Infosecurity April 6, 2009 What happens after a major security breach? How do banking institutions go about notifying their customers - whose responsibility is it? At BB&T in Winston-Salem, NC, the role is filled by Dick Langford, Vice President and Manager, Information Security Compliance Management. In an exclusive interview, Langford discusses: * How BB&T approaches client notification; * Lessons learned from security breach response; * The different ways the bank approaches customer awareness to meet all customers' needs. Langford has 19 years experience in information protection in the financial sector. Previously with the Federal Reserve Bank of Kansas City, he has managed elements of BB&T's information protection program since 1998. His current responsibility is directing a network of over 100 Information Security Compliance Managers representing each line of business, subsidiary, and affiliate company in BB&T Corporation, thereby ensuring compliance with federal and state information protection legislation and regulations. BB&T Corporation, headquartered in Winston-Salem, N.C. , is among the nation's top financial holding companies with $152 billion in assets. Its bank subsidiaries operate approximately 1,500 financial centers in the Carolinas, Virginia, West Virginia, Kentucky, Georgia, Maryland, Tennessee, Florida, Alabama, Indiana and Washington, D.C. TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. The topic today is information security compliance, and we are speaking with Dick Langford, Vice President at BB&T. Dick, thanks so much for joining me today. DICK LANGFORD: It is my pleasure ,Tom. FIELD: For our listeners that might not be familiar with BB&T, why don't you tell us a little bit about the institution and then about yourself and your role and your day-to-day responsibilities. LANGFORD: Certainly. BB&T stands for Branch Bank & Trust Company. We are a regional bank holding company on the East Coast. We have approximately 1,500 bank operation branches located from D.C. down to Florida. We are about a $140 billion dollar organization with about 28,000 employees. My role with the company is to assist the Chief Information Security Officer in ensuring that the organization is aware of and complaint with legislative and regulatory requirements around information protection, and I am able to achieve this with two basic tools. I manage the awareness and education program, which communicates out to the organization and their responsibilities in this regard. And then I also have a network of information security compliance managers that are located in each one of our lines of business, subsidiary or affiliate companies, that have a dotted line relationship back to me, and those folks help us to ensure consistent implementation of our programs across the enterprise. And then lastly I manage and direct a group that is called the Client Information Compromise Response Team, which is a virtual team of corporate representatives that respond to any event that involves the unauthorized disclosure of client non-public information. This is the team that directs the client notification aspects that are required by law. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Tue Apr 07 2009 - 01:23:05 PDT
This archive was generated by hypermail 2.2.0 : Tue Apr 07 2009 - 01:31:22 PDT