[ISN] Incident Response: How BB&T Handles Client Notification After a Breach

From: InfoSec News <alerts_at_private>
Date: Tue, 7 Apr 2009 03:23:05 -0500 (CDT)
http://www.bankinfosecurity.com/articles.php?art_id=1350

By Tom Field
Editorial Director
Bank Infosecurity
April 6, 2009

What happens after a major security breach? How do banking institutions 
go about notifying their customers - whose responsibility is it?

At BB&T in Winston-Salem, NC, the role is filled by Dick Langford, Vice 
President and Manager, Information Security Compliance Management. In an 
exclusive interview, Langford discusses:

* How BB&T approaches client notification;

* Lessons learned from security breach response;

* The different ways the bank approaches customer awareness to meet all 
  customers' needs.

Langford has 19 years experience in information protection in the 
financial sector. Previously with the Federal Reserve Bank of Kansas 
City, he has managed elements of BB&T's information protection program 
since 1998. His current responsibility is directing a network of over 
100 Information Security Compliance Managers representing each line of 
business, subsidiary, and affiliate company in BB&T Corporation, thereby 
ensuring compliance with federal and state information protection 
legislation and regulations.

BB&T Corporation, headquartered in Winston-Salem, N.C. , is among the 
nation's top financial holding companies with $152 billion in assets. 
Its bank subsidiaries operate approximately 1,500 financial centers in 
the Carolinas, Virginia, West Virginia, Kentucky, Georgia, Maryland, 
Tennessee, Florida, Alabama, Indiana and Washington, D.C.


TOM FIELD: Hi, this is Tom Field, Editorial Director with Information 
Security Media Group. The topic today is information security 
compliance, and we are speaking with Dick Langford, Vice President at 
BB&T. Dick, thanks so much for joining me today. DICK LANGFORD: It is my 
pleasure ,Tom.


FIELD: For our listeners that might not be familiar with BB&T, why don't 
you tell us a little bit about the institution and then about yourself 
and your role and your day-to-day responsibilities.

LANGFORD: Certainly. BB&T stands for Branch Bank & Trust Company. We are 
a regional bank holding company on the East Coast. We have approximately 
1,500 bank operation branches located from D.C. down to Florida. We are 
about a $140 billion dollar organization with about 28,000 employees.

My role with the company is to assist the Chief Information Security 
Officer in ensuring that the organization is aware of and complaint with 
legislative and regulatory requirements around information protection, 
and I am able to achieve this with two basic tools.

I manage the awareness and education program, which communicates out to 
the organization and their responsibilities in this regard. And then I 
also have a network of information security compliance managers that are 
located in each one of our lines of business, subsidiary or affiliate 
companies, that have a dotted line relationship back to me, and those 
folks help us to ensure consistent implementation of our programs across 
the enterprise.

And then lastly I manage and direct a group that is called the Client 
Information Compromise Response Team, which is a virtual team of 
corporate representatives that respond to any event that involves the 
unauthorized disclosure of client non-public information. This is the 
team that directs the client notification aspects that are required by 
law. 

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Tue Apr 07 2009 - 01:23:05 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 07 2009 - 01:31:22 PDT