Info Risk Today Podcast

The role of identity and access management is as critical as ever. But the demands of the role? They are radically different, says Sam Curry, CTO of RSA, who discusses the new skills needed.

The Zeus Trojan is frightening because of its agility, evolution and success at stealing banking credentials. How can institutions fight back? Malware expert Andreas Baumhof offers new ideas.

Local and state governments improving their cyberthreat awareness could be the main benefit from a new program designed to help them save money in acquiring IT security products and services, says Center for Internet Security Chief Executive William Pelgrin.

Gartner's Tom Scholtz doesn't see a shortage of technically skilled IT security practitioners. But he perceives a dearth of infosec pros who truly understand how security links to an enterprise's business goals.

Gartner's Peter Firstbrook, to illustrate the vulnerability of IT systems, cites research that pegs at about 400 days the average time a targeted virus remains undetected on a computer. And, he says, that doesn't speak highly of the current offerings from security vendors.

Relating risk to information security initiatives can help IT security managers persuade their bosses to fund these projects, sponsors of a new survey contend.

Federal action to set aside broadband spectrum for <a href="https://www.healthcareinfosecurity.com/mobility-c-212"><b>wireless</b></a> patient monitoring systems has the potential to improve treatment without increasing risks, says medical device expert Dale Nordenberg, M.D.

A dramatic reduction in processing requirements for encryption may mean increased utilization of the technology, says Todd Thiemann of Vormetric.

The attack space is changing, with more enterprise users accessing data from their mobile device, leading to a new focus on data-centric security, says Jeremy Stieglitz of Voltage Security.

Cyber-attacks are becoming increasingly difficult for organizations to defend against, says Ashar Aziz of FireEye.

What's top of mind for the federal government when it comes to cloud security? David Berman of Centrify explains.

Organizations looking to leverage multi-factor authentication should consider mobile devices for their unique capabilities, says Sarah Fender of PhoneFactor.

What are the top GRC concerns within organizations? John Ambra of Modulo explains.

What are the top concerns around identity and access management within organizations? Avatier Chief Innovation Officer Ryan Ward says compliance, governance and audit issues are top-of-mind.

As BYOD continues to become more commonplace, mobile application risk management aids in identifying the risks on those devices and implementing policy to protect enterprise data, says Domingo Guerra, president and founder of Appthority.

What are the top bring-your-own-device concerns enterprises are facing today? Russell Rice of Cisco explains.

The bring-your-own-device trend is a huge issue for organizations today, says Rob Ayoub of Fortinet, who offers recommendations to address the security challenges involved.

What is business-driven identity and access management and how can it help organizations improve their security? Jason Garbis of Aveksa explains.

What are the top challenges with the bring-your-own-device trend? Stephen Midgley, vice president of global marketing at Absolute Software, says the top issue is organizations not knowing where their data is located.

Big data isn't about size, says Gartner's Neil MacDonald. It's much bigger: Big data is about volume, velocity, variety and complexity, and requires new approaches on how information is used to secure digital assets.

In the wake of the LinkedIn breach, what steps should organizations take to enhance online password protection? Araxid's Brent Williams offers advice.

Georgia Tech Research Institute is beta testing a malware intelligence system that research scientist Chris Smoak contends will help corporate and government security officials share information about the attacks they confront.

Mobile security threats can be managed through testing and strategic risk-mitigation strategies, says Keith Gordon, who oversees authentication and security strategies for Bank of America's consumer online and <a href="https://www.bankinfosecurity.com/mobile-banking-c-106"><b>mobile banking</b></a> units.

IT security practitioners realize much value from the monthly cybersecurity index created a year ago by Mukul Pareek and Dan Geer. Why? They benefit from knowing how others see the evolving threat environment.

Many organizations aren't devoting enough resources to ensure that applications for <a href=" https://www.healthcareinfosecurity.com/mobility-c-212"><b>mobile devices</b></a> are secure, says security expert Jeff Williams. He offers five tips for adequately addressing mobile <a href=" https://www.healthcareinfosecurity.com/application-security-c-205"><b>application security</b></a>.

For years, David Matthews, Deputy CISO of the City of Seattle, has been immersed in securing electronically stored information. Now he's written the book on the topic. What are the key themes addressed?

IT risk management, cyber insurance, privacy - these are hot topics for security leaders, but not for their boards of directors. Why do senior executives still fail to see IT risks as business risks?

Hacktivist attacks will increase, and researcher Gregory Nowak says organizations can take proactive steps to reduce exposure and protect brand reputation. Why, then, are many organizations failing?

Imagine a computer network that can fool intruders into seeing configurations that in reality don't exist, making it hard for them to invade the system. That's what Scott DeLoach is trying to figure out how to do.

From mobile and the cloud to DDoS attacks and risks surrounding big data, what should banks and credit unions do now to mitigate exposure? Gartner's Anton Chuvakin offers his top recommendations.

Do you have the right personality type to flourish in an IT security role? Laurence Shatkin, author of "50 Best Jobs for Your Personality," offers tips for finding the job that truly fits your type.

Banks have a lot of data, but how well is it integrated? How much are institutions gleaning from the data they house? State Street Corp's chief scientist says financial services could be doing more.

How common are padded resumes like the one that led to the departure of Yahoo CEO Scott Thompson? Far too common, says attorney Les Rosen, who offers tips to help organizations manage such risks.

When breaches occur, most organizations struggle to collect the right data and get investigations off the ground. How can breach response improve? Verizon's Chris Novak offers expert advice.

Many organizations realize they are at risk of insider attacks. But do they have evidence and capabilities to respond to these risks? That's the real challenge, says researcher Larry Ponemon.

Who is more likely to commit <a href='https://www.bankinfosecurity.com/fraud-c-148'><b>fraud</b></a> in your organization - the newly-hired youngster or the long-tenured veteran? The ACFE's new 2012 Global Fraud Study profiles the top fraudsters and their schemes.

Americans express a bit less anxiety about their security than they felt a year ago, perhaps because they've become desensitized by extensive news reports about cyberattacks last spring, says Unisys' Steve Vinsik.

Which security concerns should institutions be bracing for, as more consumers adopt <a href="https://www.bankinfosecurity.com/mobile-banking-c-106"><b>mobile banking</b></a>? BITS offers a collection of recommendations from some of the industry's top institutions.

Dollars lost of fraud are one measure of an incident's impact. But the "soft" costs - loss of reputation and productivity - are the ones that most get the attention of Terry Austin of Guardian Analytics.

A new IBM study identifies three distinct types of information security leaders: Influencers, Protectors and Responders. Which type are you? IBM's Marc van Zadelhoff offers tips for more effective leadership.

The information security profession is a 'war for talent' today, says recruiter Kathy Lavinder. But to win the war requires specialized skill sets. Here are today's top requirements.

Which Internet security threats pose the greatest risks to organizations in 2012 and beyond? Symantec has just released its <a href="http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf" target="_blank"><b>Internet Security Threat Report</b></a>, which reveals some surprising trends.

When it comes to curbing ACH fraud, banking regulators and law enforcement agencies have joined forces to keep institutions abreast of emerging best-practices. What are their top recommendations?

When Joseph Bognanno of Wolters Kluwer Financial Services examines 2012's financial fraud trends, all he sees is more - more of everything, from schemes to new guidance. How can banks stay ahead?

Lyndon Bird, technical director of the Business Continuity Institute, praises the ISO 22301 standard for <a href='https://www.careersinfosecurity.com/business-continuitydisaster-recovery-c-76'><b>business continuity</b></a>, calling it "An end to uncertainty." Learn about the emerging standard.

Eighty-five percent of data breaches go undetected, but organizations have a new type of cop on the beat to ferret out these illicit activities - the data scientist, says Phil Neray, head of security intelligence strategy and marketing for Q1 Labs, an IBM company.

When it comes to fighting financial fraud, Peter Tapling of Authentify says banking institutions are chronically underestimating and under-utilizing one key resource: Their own customers.

When it comes to the FFIEC Authentication Guidance, Aite analyst Shirley Inscoe fears too many banking institutions are investing only in achieving compliance - not ongoing security.

Cloud computing for governments in the United States, especially services tailored for the federal government, may not be as efficient or as cheap as many would hope, says Richard Falkenrath, a principal with the security consultancy The Chertoff Group.

One of the biggest mistakes companies make after a major <a href='https://www.databreachtoday.com/category.php?catID=318'><b>data breach</b></a> is communicating with the news media, consumers and others before all the facts are clear, says attorney Ronald Raether.