ANCHORAGE – At most credit unions, system security is the bailiwick of the IT department. At Denali Alaskan Federal Credit Union, a 47,000-member credit union with nine branches in Anchorage, Fairbanks, Juneau, and Wasilla and $336 million in assets, security is a department unto itself, charged with developing and implementing a unified plan for the entire organization. "This department is really just at the very beginning," said Brit Bolsinger, assistant vice president of support services, who with director of security Gordon Klein runs the new department, which started operating as a separate unit on June 1. "We're just starting to work with our IT department to identify some of the risks within our network. We recognize that we're very vulnerable there, as are most organizations. We're getting our arms around some critical issues and prioritize the direction in which we're going to go. One of the things that became apparent early on was that we need to develop a disaster recovery plan for our business continuity plan. But we really haven't implemented anything at this time." That a credit union the size of Denali Alaska is taking this step is hardly surprising, though it does put it at the forefront of credit unions that have found security and business continuity issues to require increasing vigilance. Just last month, for example, the National Institutes of Health Federal Credit Union and the University of Michigan Credit Union, each of which has more than 40,000 members, reported identity theft scams. Moreover, Financial Data Protection bills have been introduced in both the House and the Senate that will essentially extend provisions of the Gramm-Leach-Bliley Act and require more safeguards on consumer financial data. But not every attack comes from outside. A new Deloitte Touche, Tohmatsu Global Security Survey indicates that internal breaches have affected many financial institutions worldwide-a far higher incidence than reported in the 2005 survey. Regardless of the source of a security breach, one pattern is definitely emerging: miscreants are becoming ever-more sophisticated, skillful, and thorough. In the current Deloitte study, 72% of respondents who said they had a breach estimated the cost to their organization in excess of $1 million. Nearly all (95%) are spending more on information security. At Denali Alaskan security "wasn't a problem so much as some of the challenges we had in getting our business continuity plan down, which involved all the departments in the credit union," Bolsinger said. "We also had a mortgage company and insurance agency we needed to include. The number of employees was reaching 250. Typically when you have a network of branches, some things are happening differently one branch to the next. "We also have seen a slight increase of forgeries and fraud, and we're always concerned about armed robberies in our branches. I thought with my background and Gordon's background in security, it would be a good time to blend our experience to identify the challenges within the organization and develop a plan to implement this risk management department." The first area likely to feel the impact of Denali Alaska's new security department is training. "That would be the biggest thing we've started," said Klein. "Training in the branches, the new hires during orientation, and continuing that training. We hope to meet with department heads on a regular basis also." So far, Bolsinger and Klein have encountered no employee resistance, but both know that could change. "We anticipate that once we get into the department audits and branch audits there is going to be some resistance. That's human nature, especially if a department has operated under a certain set of beliefs or procedure for some time. When we come in and tighten the reins a bit, we expect some resistance. But we're taking almost an internal audit approach to it, the approach that we're here to help, to advise. We're not going to be heavy-handed," said Bolsinger. – [email protected]