Workshops‎ > ‎cs-ga-2011‎ > ‎

Denise Anderson

Vice Chair-National Council of ISACs
Vice President FS-ISAC, Government and Cross Sector Programs
Financial Services Information Sharing and Analysis Center (FS-ISAC)


Denise Anderson has over 25 years of management level experience in the private sector in Finance, Operations, Sales and Marketing, Public Relations/Publications, Administration and Information Technology. Denise is Vice President FS-ISAC, Government and Cross Sector Programs at the Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit association comprised of financial institution members, that is dedicated to protecting the financial services sector from physical and cyber attacks and incidents through dissemination of trusted and timely information.

  At the FS-ISAC, Denise serves on numerous committees and working groups including the Account Take Over Task Force, the Business Resiliency Committee, the Threat Intelligence Committee, the Education Committee and the Online Fraud Working Group and coordinates with DHS on National Level Exercises and Cyber Storm. Denise is also part of the Financial Services Sector Coordinating Council (FSSCC) Crisis Management and Sector-Wide Activities Committees.

Denise currently serves as Vice Chair of the National Council of ISACs, is certified as an EMT (B), Firefighter I/II and Instructor I/II in the state of Virginia, and is an Adjunct Instructor at the Fire and Rescue Academy in Fairfax County, Virginia. She is also certified under the National Incident Management System (NIMS). In addition, Denise has served on the Board and as President of an international credit association, has been recognized and awarded for her professional and volunteer achievements and has spoken at events in both the US and Canada.

She was instrumental in implementing a CI/KR industry initiative to establish a private sector liaison seat at the National Infrastructure Coordinating Center (NICC) to enhance information sharing between the private sector CI/KR community and the federal government and serves as one of the liaisons. She has been nominated by the FS-ISAC Board to be a financial sector representative to the National Cybersecurity and Communications Integration Center (NCCIC) — a 24-hour, DHS-led coordinated watch and warning center that will improve national efforts to address threats and incidents affecting the nation’s critical information technology and cyber infrastructure — in order to provide a broad perspective across both physical and cyber domains on behalf of the FS-ISAC. She is also a member of the Cyber Unified Coordination Group, (UCG) under the National Cyber Incident Response Plan (NCIRP) – a public/private advisory group that comes together to provide guidance during a significant cyber event – where she also represents the financial services sector.

Denise holds a BA in English, magna cum laude, from Loyola Marymount University and an MBA in International Business from American University.

The Role of the ISACs in Critical Infrastructure Protection and Resiliency

The ISACs are a concept that was introduced and promulgated pursuant to US Presidential Decision Directive-63 (PDD-63), signed May 22, 1998. PDD-63 recognized the potential for the critical infrastructures of the United States such as Finance and Banking, Information Technology, Electricity, Communications, to be attacked either through physical or cyber means with the intent to affect the security or economic power of the country.

In PDD-63, the US federal government asked each of the determined critical infrastructures to establish infrastructure specific organizations to share information, within each sector, about threats and vulnerabilities. In response, many sectors established “Information Sharing and Analysis Centers” to meet this need.

Today, ISACs provide the operational function for the various critical infrastructure sectors and advance the physical and cyber protection and resiliency of critical infrastructure through establishing and maintaining collaborative frameworks for interaction within and among the sectors as well as with governments.
This session will provide an overview of the various ISACs and their capabilities and reach within each of their respective sectors and constituents as well as talk to specific case studies of information sharing/risk mitigation regarding cyber events such as the recent RSA Breach. In addition, it will cover the National Council of ISACs, and its role in enhancing critical infrastructure protection and resiliency as well as the various partnership activities of the Council including the cross-sector information sharing framework for relevant and actionable cyber information sharing amongst the sectors as well as its role in government entities such as the new National Cybersecurity and Communications Integration Center (NCCIC), which includes US CERT, and in government exercises like Cyber Storm III and the National Level Exercise 2012,
which will focus on cyber activity.

The presentation will then focus on the financial services sector and on specific cyber attacks seen in financial institution environments like the account take over attacks, and here you have campaign. It will also cover some of the trends, and attack vectors, and ISAC and financial institution actions taken in response.