During a 10-year stint at J.P. Morgan, Steven Katz, CISSP, became known as the financial industry's first CISO, or chief information security officer. He was recruited by Citibank in 1994 after a highly-publicized hacking incident and then recently spent a year working with Merrill Lynch. Now, Katz invests in and advises companies providing information security solutions to the financial industry as president and CEO of Security Risk Solutions, based in Melville, N.Y.
Katz boils down information security into seven fundamental questions:
1. IDENTIFICATION: Can you identify your customers?
2. ACCESS: Can you control what your customers are allowed to do?
3. INTEGRITY: Can you ensure that the data involved in a transaction makes it safely from the customer to the institution?
4. CONFIDENTIALITY: Can you ensure that only authorized entities can view information about customer relationships?
5. NONREPUDIATION: Can you prevent customers from backing out of confirmed transactions?
6. RESPONSE: Would you know if something went wrong in time to respond?
7. AUDIT: Do you have sufficient audit trails?