Info Risk Today Podcast

Organizations in all industries can embrace the bring-your-own-device trend if they take adequate steps to authenticate mobile users, says Soumya Das of SecureAuth.

How is the six-hospital Barnabas Health delivery system tackling the challenge of complying with the new HIPAA Omnibus rule? Hussein Syed, director of IT security, explains.

Because managing identities is a global problem, it requires a global solution, says Paul Simmonds of the Jericho Forum. A new organization has been established to address global identity. Simmonds offers insight.

Call center fraud is increasing, and it's not just financial institutions feeling the pain, says Pindrop Security's Matt Anthony. Now, a database of phone numbers aims to help organizations mitigate risks.

We are no longer facing a global IT security staffing shortage - it's a full-blown crisis. This is the conclusion of new research conducted by (ISC)². Julie Peeler and Bruce Murphy offer insight.

More than merely a phishing incident, a targeted attack is part of an advanced persistent threat. How can organizations defend against these attacks? Kevin Epstein of Proofpoint offers insight.

The PATCO fraud case shows why banking institutions cannot rely on compliance to ensure security. In an RSA 2013 preview, attorney Joseph Burton discusses legal lessons from the PATCO settlement.

An information risk management framework isn't implemented in a vacuum, as National Institute of Standards and Technology Fellow Ron Ross points out.

Risk management is an art, not a science. That is the contention of Andy Ellis, CSO of Akamai and a keynote speaker at RSA Conference 2013. How can psychology change one's approach to risk and security management?

Intrusion detection is challenging for most organizations, and hackers' ever-increasing skill to evade monitoring tools only compounds the problem. But Zions Bank's Michael Fowkes says big data can help.

<a href='https://www.inforisktoday.com/mobility-c-212'><b>Mobile security</b></a>, <a href='https://www.inforisktoday.com/addressing-apts-in-2013-a-5446'><b>advanced persistent threat</b></a> and <a href='https://www.inforisktoday.com/hacktivists-suspend-ddos-attacks-a-5458'><b>DDoS attacks</b></a> on banks have been among the hottest security stories. How have they influenced RSA Conference 2013? Program Chair Hugh Thompson previews the event.

Mobile malware, jailbroken devices and unpatched systems are three of the top security threats to mobile workers. How can organizations mitigate the risks? Dave Jevans of Marble Security offers tips.

From sophisticated malware to socially-engineered schemes, banking institutions of all sizes are under constant, multi-channel attack. How can they respond? Daniel Ingevaldson of Easy Solutions shares ideas.

Malware, DDoS and mobile security aside, one of the biggest risks is organizations' lack of visibility into specific threats. Don Gray of Solutionary explains the need for actionable threat intelligence.

Highly publicized breaches at Facebook, Twitter, the New York Times and other organizations in recent weeks suggest there's a new normal in the cyberthreat arena. But the onetime head of U.S. CERT, Mischel Kwon, doesn't think so.

Organizations typically secure data where it resides and is transmitted. Data-centric security strategies focus on securing the data itself. Mark Bower of Voltage Security explains.

A proposed directive requiring the reporting of serious cyber-attacks to national authorities could add complexity to organizations operating online in the European Union, says IT security lawyer François Gilbert.

Federal regulators have issued draft guidance for the use of social media. What are the specific security risks? The FDIC's Elizabeth Khalil discusses how banking institutions can address emerging threats.

Some of the largest banks in the U.S. were unable to ward off sophisticated DDoS attacks, so what can smaller organizations do? Plenty, says Marty Meyer, President of Corero Network Security.

We've seen user-driven trends such as BYOD before, says Kevin Flynn of Fortinet. And if organizations remember past security lessons, they will avoid falling prey to mistakes that could lead to breaches.

Security threats to healthcare organizations are on the rise - and so are regulatory requirements. Kim Singletary of McAfee discusses the top breach prevention and response challenges for healthcare organizations in 2013.

It isn't just a staffing shortage that stops organizations from building cyberteams. It's a skills crisis, says SANS Institute founder Alan Paller, who tells why now is the ideal time to fill top roles with qualified professionals.

Outsourcing to the cloud poses new risks, especially for card data. The PCI Council addresses those risks in its just-released cloud security guidance, and Bob Russo offers exclusive insights.

How can security pros help organizations prevent breaches and data loss? The Online Trust Alliance has released its latest guide to data protection and breach readiness, and OTA founder Craig Spiezle offers tips.

Although hacktivists announced suspension of DDoS attacks against banks, other industries are now getting hit, and banks can't afford to get complacent because of the fraud risk, says security specialist Bill Stewart.

The new, much more objective guidance for reporting breaches that's included in the HIPAA omnibus rule will result in an increase in notifications, predicts privacy law expert Marcy Wilder.

Containerization - it's the latest strategy for securing the critical data accessed by remote workers and mobile devices. How is the concept deployed? David Lingenfelter of Fiberlink offers insight.

As the National Institutes of Health ramps up research projects involving human genomes, electronic health records and other sensitive data, it's exploring the best ways to protect that data, says research director Eric Green, M.D., PhD.

As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.

In 2012, we saw the rise of state-sponsored malware, as well as the evolution of Trojans and ransomware. What new threats will 2013 bring? Adam Kujawa of Malwarebytes offers insights.

It's not malware, crime rings or hacktivists. What, then, are among the threats that concern security leaders most? CISO Tom Newton offers new insight on today's top threats and strategies to combat them.

Sharing information about physical and cyber threats needn't be segregated under the U.S. federal government's National Strategy for Information Sharing and Safeguarding, says Kshemendra Paul, who manages the implementation of the strategy.

ENISA, the European Union cyber-agency, is out with its first-ever Threat Landscape report. What are the emerging threats and vulnerabilities, and how should organizations globally respond to them?

The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster.

Smart phones that give many IT security managers headaches in developing security policies are being used in increasing numbers to help safeguard systems and applications, thanks to more muscular biometric features, says Steve Vinsik of Unisys.

It isn't so much the changing threat landscape that causes <a href='https://www.careersinfosecurity.com/ciso-c-313'><b>security leaders</b></a> to re-assess their approach to <a href='https://www.inforisktoday.com/response-c-40'><b>incident response</b></a>. <a href='https://www.inforisktoday.com/mobility-c-212'><b>Mobility</b></a> and the expanding <a href='https://www.inforisktoday.com/network-perimeter-c-213'><b>perimeter</b></a> are the real factors driving change.

With Congress facing $1.2 trillion in budget cuts, Federal Chief Information Officer Steven VanRoekel says funding for cybersecurity initiatives will likely be affected. But with smart planning, government information technology should not be placed at risk.

How will new guidance on criminal background checks change the way organizations approach employment screening? This is one of the key trends to watch in 2013, says screening expert Les Rosen.

ID theft is a growing global problem. Eva Velasquez, head of the ITRC, outlines how public and private organizations in 2013 can update approaches to ID theft prevention.

Which fraud trends need the most attention from U.S. banking institutions in 2013? Distributed-denial-of-service attacks and account takeover, says FS-ISAC's Bill Nelson, who offers fraud-fighting tips.

Does cyber defense competition help prepare college students for real-world jobs in information security and risk management? Dan Likarish and Rick Cisneros of Regis University say yes. Here's why.

The evolution of threats and rise of mobility are leading organizations to improve user authentication. What are the new strategies and solutions security leaders in all sectors will employ this year?

Tom Ridge, the first Homeland Security secretary, questions the wisdom of granting the Department of Homeland Security greater authority to influence IT security within the federal government and the nation's critical IT infrastructure.

Arlan McMillan, the chief security officer for Chicago's government, says the city employed processes established by the federal government to assure its new cloud computing initiative is secure.

With different nations establishing different privacy standards, organizations face adopting the most stringent regulations in order to be compliant everywhere they operate, says Marc Groman, a director of the International Association of Privacy Professionals.

<a href='https://www.inforisktoday.com/cloud-computing-c-232'><b>Cloud computing</b></a> and <a href='https://www.inforisktoday.com/mobility-c-212'><b>mobility</b></a> are areas likely to see new regulatory attention in the year ahead. But what are the other hot topics that leading attorneys believe will be addressed in new <a href='https://www.govinfosecurity.com/legislation-c-191'><b>legislation</b></a> worldwide?

What are the top account takeover threats to banking institutions in 2013? Ken Baylor of NSS Labs discusses Zeus variants, mobile malware and how institutions can protect themselves from fraudsters.

When it comes to mobility, how do leaders balance security needs with employees' BYOD desires? The easy answer: Just say no. But that's also the wrong answer. What security tips do these leaders offer?

Members of the U.S. Congress may be more sensitive to cyberthreats than they were in the past, but that doesn't mean they truly all appreciate the risk key government and private-sector IT systems face, says House Cybersecurity Caucus Co-Chair Jim Langevin.

From <a href='https://www.databreachtoday.com/global-payments-breach-exam-complete-a-4992'><b>Global Payments</b></a> to <a href='https://www.databreachtoday.com/linkedin-new-breaches-raise-issues-a-4847'><b>LinkedIn</b></a> and <a href='https://www.bankinfosecurity.com/zappos-breach-affects-24-million-a-4406'><b>Zappos</b></a>, 2012 was filled with notable data breaches. What were the most significant <a href='https://www.databreachtoday.com/breaches-c-318'><b>breaches</b></a>, and how should they influence organizations' <a href='https://www.databreachtoday.com/response-c-40'><b>breach responses</b></a> in 2013?