COLUMBIA, S.C. – Encouraged by feedback at the recent CUNA Future Forum, the organizers of the Credit Union Information Security Professionals Association are moving forward with plans to get the new education and networking group up and running. "We were a bit surprised by the level of interest in participation, beyond general membership," says Kelly Dowell, who represented CUISPA at the Future Forum in Reno. The organization's goal is to help improve cyber security in credit union land through impartial knowledge sharing and networking, educational programs, peer collaboration, trend analysis, threat and compliance monitoring and other services. The combined Liberty Internet Services/CUNA Network Services provided space for the organization in its booth at the Reno, Nev., trade show, which Dowell says gave CUISPA a chance to meet with "individual credit unions, CU vendors and subject-matter experts." "Many of the individuals we spoke with see the CUISPA as an association that can provide a lot of value to the industry, and they want to be part of it," says Dowell, who's also CEO of IS security vendor Garrison Technologies in Austin, Texas. "As a member-driven association, this is precisely what we want to see." The organization already has posted a Web site at www.cuispa.org and hopes to officially launch at the first of the year. And there's much to be done, organizers say. "The main need will be to establish some core best practices that fit the budgets and security needs of credit unions of all sizes," says John Hobko, the Tampa-based online services veteran heading up the combined CUNA Network Services/Liberty Internet Services operation. "Right now, CU's have liability risks if their members' data are comprised due to security shortcomings," Hobko says. "They are continually faced with questions of `how much security is enough' and where should I be spending my security dollars?' "CUISPA, by drawing on industry security professionals, will develop `best practices' answers to these questions." Hobko also was encouraged by the response at the Future Forum. "If anything, it has put some pressure on us to expedite the launch," he says. "The CUISPA's direction will be determined by feedback. The feedback we are receiving is reassuring. We are now coordinating with affiliates, advisors and experts to bring these benefits to the community." Dowell, the CUISPA representative, says the organizers have spoken with hundreds of credit unions about IT security and there seems to be a common theme: Security is a concern for everyone. "Technology solutions are expensive and can't solve all their problems. They want relevant security knowledge and impartial advice. They want to be able to consult their peers. The CUISPA will provide them with these services," says Dowell. As an example of what a cooperative membership can do, Dowell gave this example: "Say, for instance, we run a poll to determine what CUISPA members' most pressing security concerns are. Maybe compliance stands out as a common response and we decide to make it the educational topic for the following month. "The CUISPA would solicit assistance from proven industry experts to provide educational content through an article, or Webcasts or on the Web site. We may solicit members to discuss their experiences. We may run additional surveys to identify common experiences in the NCUA examination process. "Over the course of a month, the topic will be comprehensively covered, providing greater awareness of that topic through the community. It is this type of collaboration that the CUISPA will strive to foster." The organization plans to use the Web site as the centerpiece of its effort, but the outreach also could grow, Hobko says, adding that the organization will work to maintain its neutrality. "Since CUISPA involves security professionals from CUs and vendors, and possibly regulators and other organizations, it will have balanced input," he says. "Other industries use similar forums to successfully address key common interests and establish essential practices. Knowledge, feedback and support will be accomplished initially through a Web-based forum, but may lead to regional and even national physical meetings of security professionals," Hobko says. "It was a first toe-in-the-water, and we are seeing growing interest as news of the organization is getting out," Hobko says of the new group's coming-out in Reno. "We will be continuing to work with other industry professionals to develop the CUISPA model and shape it to best serve the community," he says. -

[email protected]