Info Risk Today Podcast

Worldwide, banking institutions face evolving fraud threats. What are some of the new strategies and solutions they employ to fight back? ACI Worldwide's Patrick Higgins and Andy Morris share insights.

Banks struck by the wave of DDoS attacks are communicating badly and missing a great opportunity to educate their customers about cybersecurity, says Gregory Nowak of the Information Security Forum.

Delaware Chief Security Officer Elayne Starkey leads, but does not supervise, hundreds of information security officers, many of whom have technical expertise in areas other than security.

Earlier this year, Bill Wansley of Booz Allen Hamilton warned of nation-state attacks against U.S. banks. Are his predictions now coming true? What should institutions expect in weeks ahead?

NIST's Ron Ross, one of the world's top information risk thought leaders, says new guidance he co-wrote doesn't dictate how organizations must approach risk assessment, but gives enterprises options on how to conduct risk appraisals.

Five pilot projects unveiled by the federal government, if successful, should build trust in online commerce, helping to boost the economy, says Jeremy Grant, head of the National Strategy for Trusted Identities in Cyberspace National Program office.

When it comes to cybersecurity in Delaware, Gov. Jack Markell sees his job as being the state's head cheerleader. In an interview, Markell discusses his role and the state's cybersecurity accomplishments.

The PCI Security Standards Council has issued new guidelines on mobile payment acceptance security. What are the key recommendations? The council's Bob Russo and Troy Leach discuss the new guidance.

Organizations mulling the purchase of cyber insurance should vet their brokers to see if they truly understand policies that provide breach protection, cyber liability lawyer Richard Bortnick says.

The iPhone 5 is coming, and so are a slew of new or upgraded smart phones and tablets. How should security leaders prepare for this new wave of mobility? Malcolm Harkins, CISO of Intel, offers advice.

Thor Ryan, chief security officer at the Alaska Department of Health and Social Services, offers lessons learned as a result of his organization's $1.7 million settlement following a HIPAA compliance investigation triggered by a small breach incident.

Visa's new end-to-end encryption service aims to eliminate payment card data at the merchant level. Eduardo Perez of Visa's Risk Group discusses the security value of this emerging solution.

The information security threat landscape has evolved considerably over the past six years, and it's time that organizations' defenses evolve to match them, says Tom Kellermann of Trend Micro.

William Henley of the FDIC has just returned to banking regulation after a two-year stint working in the private sector. How did his business experience influence his approach to enforcing compliance?

Gauss is the latest malware variant likely connected to nation-states. But Roel Schouwenberg of Kaspersky Lab says Gauss' aim at banking credentials is unique. How should organizations respond?

To address the security and privacy challenges magnified by the velocity, volume and variety of big data, the Cloud Security Alliance has formed a big data working group. What are the group's objectives?

Which employees are most apt to commit cyberfraud, and how can organizations detect and prevent their crimes? Researcher Randy Trzeciak shares insights and tips from a new insider threat study.

As Tropical Storm Isaac strikes, many organizations still sting from the impact of Hurricane Irene and 2011's other natural disasters. What lessons were learned, and how can they be applied now?

Healthcare organizations need to rethink security best practices and tap new technologies as a result of the growth in health information exchange and the use of mobile devices, says researcher Carl Gunter.

One takeaway from the $1-billion-plus verdict against Android-maker Samsung for infringing Apple patents is that the users of infringed technology also could be held legally liable, patent attorney Jim Denaro says.

E-mail, IM, text messaging - we all increasingly depend on messaging technologies. And so do the fraudsters. Craig Spiezle of the Online Trust Alliance discusses how to mitigate our vulnerabilities.

Ron Ross, the NIST IT security and risk guru, sees cloud computing as a vehicle to help organizations implement an information risk management framework.

RSA's Etay Maor says Citadel malware and ransomware attacks highlight a growing threat banking institutions and consumers must be prepared to fight. What can institutions do to mitigate risk?

By combining responsible management, risk management and compliance functions and internal audits, organizations will go far in securing their data and systems, says PricewaterhouseCoopers Partner Carolyn Holcomb.

The Wisconsin Health Information Exchange uses a hybrid data model approach that lets members retain control over information, but makes security less complicated, says CEO Kim Pemble.

Banks and the U.S. payments infrastructure are prime targets for international cyberattacks. And it's not just money hackers are after, says Bill Wansley of Booz Allen Hamilton. What else is at risk?

In the wake of recent merchant breaches, a new PCI training program aims to enhance point-of-sale security. Which payment card risks does this program address? PCI Council chair Bob Russo explains.

When two organizations merge, their top security/privacy challenge doesn't necessarily involve technology. Sometimes it's culture, says Christopher Paidhrin of PeaceHealth Southwest Medical Center.

People with good analytical backgrounds that understand regulatory compliance are in demand. Their counterparts - defenders of IT systems - will always be in demand. <p> "We need the tens of thousands that can manage those defenders and then we need 100,000 that are out there learning the trade, that are passionate about what they do and that are willing to put in the extra hours to keep the citizens of the nation and the state secure," Dan Likarish, assistant professor and program chair of the IT department at CO-based Regis, says. <p> In an exclusive interview about information assurance and why the job market for information assurance professionals has seen astounding growth, Likarish discusses: <p> <ul> <li>Opportunities for information assurance professionals;</li> <li>Trends impacting information assurance education;</li> <li>Best options for someone to get into the information assurance profession.</li> </ul>

Increasingly, security and <a href='https://www.inforisktoday.com/'><b>risk</b></a> issues have the attention of boards of directors. What are the keys to discussing these topics with the board? John South, CSO of Heartland Payment Systems, shares tips.

Google's <a href='https://www.inforisktoday.com/google-to-pay-225-million-ftc-fine-a-5031'><b>$22.5 million settlement</b></a> with the Federal Trade Commission is the largest fine ever imposed by the FTC. But the case sends a bigger message about <a href='https://www.inforisktoday.com/privacy-c-151'><b>privacy</b></a>, says attorney Francoise Gilbert.

CSC's Sam Visner sees organizations, in growing numbers, thinking more intelligently about cloud computing, its security and architecture. Yet, he says, they're being very deliberate in their approach in adopting cloud computing.

The benefits from employing social media as a way to connect with stakeholders outweigh the risks, says David Bradford, the editor of a new survey of risk managers. Still, he says, the risks must be adequately addressed.

The United States - and other advanced societies - shouldn't let the reliability of their electric grids lull them into being unprepared for possible massive power outages caused by cyberattacks, cybersecurity expert Harry Raduege says.

Guardian Analytics is out with its third annual Business Banking Trust Study. What are the latest fraud threats, and how do businesses expect their banking institutions to respond to these threats?

Her first nine months on the job included a data breach and a CEO shakeup. Hear how Symantec CISO Patricia Titus has adapted to business change and re-focused the company's security team.

Now that Congress has failed to enact significant cybersecurity legislation, President Obama needs to find new ways to secure key government and business IT systems, says Melissa Hathaway, a former top White House cybersecurity adviser.

Microsoft says its next version of the Internet Explorer web browser will feature "do not track" as a default user setting. What are the online privacy implications? Trevor Hughes of the IAPP weighs in.

As more consumers take advantage of <a href="https://www.healthcareinfosecurity.com/mobility-c-212"><b>mobile devices</b></a> for telemedicine, they need to be educated on steps to take to help ensure that their medical information remains secure, says telehealth expert Chuck Parker.

The truth about preventing a breach, like the advanced-persistent-threat attack RSA experienced in 2011, is that an organization can't defend critical systems alone, says RSA CISO Eddie Schwartz.

The number of phishing sites is at an all-time high. And so are the targeted brands. The message, says Peter Cassidy of the Anti-Phishing Working Group: "No brand is safe."

ISACA just issued COBIT 5 for Information Security, a business-centric approach to <a href='https://www.inforisktoday.com/governance-c-93'><b>governance</b></a> and IT management. ISACA's Robert Stroud explains what COBIT 5 means to your organization.

When it comes to breach planning and response, well-intentioned organizations often go wrong. Experian Data Breach Resolution VP Michael Bruemmer tells where they fail and offers advice on how to do these important jobs right.

RSA CISO Eddie Schwartz says he spends more time talking to other chief information security officers and IT security practitioners today than he did a decade ago, when he held the same job at Nationwide Insurance Co.

The smart grid is unlike any other type of critical information infrastructure, and its complexity creates a heightened challenge to secure it, says ENISA's Konstantinos Moulinos.

Too many organizations that experience a <a href="https://www.databreachtoday.com/breaches-c-318"><b>data breach</b></a> fail to reveal information on the cause of the incident so that consumers can take appropriate action, one consumer advocacy group contends.

The so-called High Roller cyberattack uses automation to drain high-value bank accounts. What can institutions do to protect customers? Chris Silveira of Guardian Analytics offers advice.

Acquiring information security wares gets more complicated every day - some 1,000 vendors offer 150 categories of products - so it's unreasonable to expect even the most informed chief information security officers to know everything about them.

Financial institutions store lots of data. But most don't exploit or even know how to manage it. How can institutions get a handle on big data and use it to deter fraud? Zions Bank offers tips.

Don't be too quick to write off the PATCO court ruling as a victory for banking customers in the debate over ACH/wire fraud liability. The reversal could actually be a win for banks.