AUSTIN, Texas – After months of research and networking,security industry veteran Kelly Dowell says the Credit UnionInformation Security Professionals Association (CUISPA) is gettingready to roll. Dowell has been criss-crossing the country, talkingto credit unions, vendors and others to put together theorganization, which will aim to serve the information and peernetworking needs of the people responsible for protecting thetechnology and financial assets of thousands of credit unions andmillions of members across the country. “There are more than 10,000credit union IT professionals in the United States,” Dowell says.“Each day they all go to work and address similar challenges.Consider the possibilities if this group were to begincooperating.” Dowell intends the CUISPA to be a major force infostering that cooperation. He began forming the group about a yearago, about 10 years after he co-founded a security consulting firmthat ultimately worked with more than 400 financial institutionsand vendors. “We have organized a network of individuals, CU ITadmins and staff that will support progress and provide feedback,”Dowell says. An initial board of directors has been formed and“thanks to many gracious individuals, we are happy to say that theCUISPA is ready to begin accepting memberships.” Why should a CUjoin? “First are the direct benefits,” Dowell says. “CUISPA willprovide access to a network of CU IT peers, a knowledge base,solution discounts, alerting services and education. “Second,CUISPA is an effort to help the industry as a whole. Throughcooperation, CUISPA can improve security within every creditunion.” A membership drive will begin soon, and Dowell says morethan 60 credit unions, along with corporates such as Corporate Oneand WesCorp and some well-known security vendors specializing inthe credit union space, have made commitments, includingSecureWorks in Atlanta and South Carolina-based PM Systems Corp.The group's combination of diversity and common interests andchallenges may make it particularly effective for sharinginformation about topics that normally aren't dinner table fare,observes one credit union security veteran who's interested ingetting involved. “Credit unions have traditionally enjoyed thebenefits of cooperating with each other, and putting together anorganization like this that focuses specifically on securityconcerns should free up information that can tend to be kept underthe carpet,” says Tom Giangreco, information security officer at$4.9 billion Orange County Teachers Federal Credit Union inSouthern California. “We can share issues and solutions and maybenot have to re-invent the wheel every time we have to meet a newchallenge at our own credit unions,” says Giangreco, who haspetitioned to be a member of the CUISPA's initial board ofdirectors. Giangreco observes that large credit unions like his areworking on areas of security such as electronic signatures that areleading edge and also the focus of technology consortiums that thebig banks have put together. “If banks are cooperating on thingslike this, I'd like to see what credit unions can do as well,” theOCTCU security specialist says, adding that “large and small creditunions alike can benefit from this.” Chia Yang agrees. “I joinedCUISPA because I think it will be a great resource for keepinginformed about computer-related issues while building networkingrelationships with other IT professionals,” says the technologysystems administrator at $48 million Electrus Federal Credit Unionin Brooklyn Center, Minn. “I like the idea of having a portal whereIT individuals can collaborate, sharing knowledge and solutions,”says Yang, who says his biggest challenge is “securing memberinformation and data while providing more access to the membersthemselves.” Dowell stresses that the organization is for verifiedcredit union professionals and that vendors are being encouraged tocontribute to the effort, financially and intellectually, throughan Affiliate Member Program which will recognize the vendors fortheir contributions while maintaining impartiality. That soundsjust fine, says one of the vendors making an early commitment toCUISPA. “Security has become a crucial component of every creditunion's operations, and while we have improved information securitymeasures, the increasing sophistication of the perpetrators forcesus to stay on top of the situation,” says Niels Taylor, director ofPM Systems' CU Defense services. “Open communication and peerknowledge exchange is a tremendous step in the right direction. Weare happy to support the CUISPA and its important cause,” Taylorsays. Serving that cause will take a number of forms, Dowell says.A private online forum is one. Work also has begun on possibleannual conferences. And one of the CUISPA's first efforts will beto foster regional peer group meetings, which Dowell says will beopportunities for CUISPA members and other credit union ITprofessionals to get together conveniently and inexpensively. Thefirst three will be two-hour lunchtime sessions (with lunch onCUISPA) tentatively set for Dec. 8 in Las Vegas, Dec. 9 in SanDiego and Dec. 10 in Los Angeles. More information is available inthe Feedback Forum at www.cuispa.org, Dowell says. “Security is anissue that we must all address,” Dowell says. “Implementing afirewall or AV product is one thing, but having the knowledge tocontinually address new threats is another. Cooperation can behugely valuable. Why are so many addressing the challengesindependently? Why not leverage each other to create a resourcethat benefits everyone? “I see the CUISPA as a chance to fostercooperation and turn our industry into one of the best managed,from a security perspective, in the financial services business.”He does recognize that won't necessarily be easy. “Conceptually,the CUISPA is a no-brainer,” Dowell says. “Turning the concept intoreality is another story. Vendor-backed efforts fall prey toover-zealous marketing. Volunteer efforts typically fizzle whenvolunteers become too busy with their primary obligations. “Theassociation must be completely independent and governed by themembers, although it must have a dedicated team to ensure progress.As the executive director, I am tasked with promoting membership toensure the funding that will allow us to provide quality benefitsback to the members and the industry.” -

[email protected]