Info Risk Today Podcast

<a href='https://www.bankinfosecurity.com/phishing-c-32'><b>Phishing</b></a> - it's the classic scheme that never goes away. In fact, it evolves. Amy Blackshaw of RSA offers insights on how to respond to this and other trends identified in the <a href='https://www.bankinfosecurity.com/surveys.php?surveyID=11'><b>2012 Faces of Fraud</b></a> survey.

What's the best strategy for communications after a data breach, like the one suffered by Global Payments Inc.? Bob Carr, CEO of <a href="https://www.bankinfosecurity.com/heartland-suit-dismissed-a-4659"><b>Heartland Payment Systems</b></a>, discusses what to say in the weeks following a breach.

Securing the massive amounts of data swamping organizations, a trend known as big data, can be addressed, in part, by organizations simply getting rid of data no longer needed, Grant Thornton's Danny Miller says.

To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

"Regulation drives spending," says George Tubin of GT Advisors. "You're in a situation where the regulators are telling you, 'You have to do something; you have to make improvements.' Therefore, the bank has to spend some money on technology."

Creating a "culture of compliance" that emphasizes the importance of privacy requires far more than "management by committee," says change management specialist Jan Hillier.

What might the Global Payments breach investigation entail? Dave Ostertag of Verizon's Investigative Response unit describes a forensics investigation - how long it can take and what it might reveal.

Healthcare organizations need to make <a href='/mobility-c-212'><b>mobile device</b></a> security a top priority because so many recent data breaches can be tied to poor mobile device management, says consultant Jeff Brandt.

Where do time-strapped senior leaders go for education on cyber <a href='https://www.careersinfosecurity.com/forensics-c-315'><b>forensics</b></a> and <a href='https://www.careersinfosecurity.com/7-steps-to-improve-breach-incident-handling-a-4468'><b>incident response</b></a>? Carnegie Mellon University has a new option, and Dena Haritos Tsamitis explains its unique approach.

Current Analysis' Bernt Ostergaard describes using massive amounts of information, or big data, to help secure information systems.

Companies should hire a breach resolution vendor before they experience a <a href='/id-theft-c-318'><b>data breach</b></a> to help ensure rapid, appropriate response, says security consultant Robert Peterson.

Gartner Analyst Avivah Litan, one of the first fraud experts to report the Global Payments Inc. data breach, says the latest revelations raise more questions than answers about the incident's impact.

IPv6, known to some as the new Internet, is architected to be safer than IPv4, but that doesn't mean organizations shouldn't take steps to assure the security in Internet Protocol version 6, American Registry for Internet Numbers' John Curran says.

In the wake of the <a href='https://www.bankinfosecurity.com/banks-alerted-to-massive-card-breach-a-4638'><b>Global Payments Inc. card breach</b></a>, <a href='/id-theft-c-31'><b>ID theft</b></a> expert Neal O'Farrell says banks and credit unions must be proactive with outreach to customers. What should institutions' messages include?

As enterprises spend frugally on IT security, cybercriminals aren't, and that presents big problems for organizations working feverishly to secure their digital assets, says Steve Durbin, global vice president of the Information Security Forum.

From 2010: When he first learned of the full magnitude of the Heartland Payment Systems data breach, Heartland CEO Bob Carr had one overriding thought: "Can we survive this?"

Mobile device management systems are relatively immature, so shoppers need to ask probing questions about the systems' functionality, advises security consultant J. David Kirby.

Organizations and leaders seeking to assure the privacy of their customers should implement privacy by design in the development process, privacy lawyer Alan Friel says.

"Many financial institutions have watched for years as cybercrime has escalated, and now we are shutting it down," says Greg Garcia, describing Operation B71 and how it's helping combat ACH/wire and other forms of fraud.

The average per capita cost of a <a href='https://www.databreachtoday.com/data-breaches-c-318'><b>data breach</b></a> has declined from $214 to $194, according to the new Cost of a Data Breach study. But there are still plenty of causes for concern, says Dr. Larry Ponemon.

Verizon's <a href="http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z037" target="_blank"><b>2012 Data Breach Investigations Report</b></a> shows dramatic increases in attacks linked to hacktivist groups like Anonymous and LulzSec. How should organizations respond to this evolving threat?

Protecting the availability, confidentiality and integrity of information are the core tenets of IT security. But an FBI <b><a href='/cybersecurity-c-223'>cybersecurity</a></b> leader, Steve Chabinsky, suggests the central theme of IT security needs to be broadened to include assurance and attribution.

<b><a href='/cloud-computing-c-232 '>Cloud-computing</a></b> service provider contracts, for most businesses and government customers, are take-it-or-leave it propositions, so organizations must approach a services agreement cautiously, IT security lawyer Françoise Gilbert says.

One important way to prepare for Stage 2 of the <a href="/agency-releases/american-recovery-reinvestment-act-2009-r-1853"><b>HITECH Act</b></a> electronic health record incentive program is to take steps toward eliminating storage of patient records on mobile devices, says privacy expert Deborah Gascard Wolf.

Apple's introduction of its third iteration of the iPad e-tablet, coupled with the growing popularity of <b><a href='/cloud-computing-c-232'>cloud computing</a></b>, could lead to new methods of enterprise computing and IT security, Delaware Chief Security Officer Elayne Starkey says.

What emerging security challenges will new mobile devices and platforms pose for banks and credit unions? Brian Pearce and Amy Johnson shed light on Wells Fargo's approach to unique retail and commercial risks.

Apple's release of the new iPad will affect business. How should organizations incorporate new mobile concerns into their BYOD policies? Joe Rogalski of New York's First Niagara Bank weighs in.

Consumer advocate Deven McGraw describes what she likes and doesn't like about the privacy and security provisions in the proposed rules for Stage 2 of the <a href="/agency-releases/american-recovery-reinvestment-act-2009-r-1853"><b>HITECH Act</b></a> electronic health record incentive program.

Imperva would neither confirm nor deny it helped defend the Vatican website from a hacktivist assault last year, but the IT security provider's director of security, Rob Rachwald, explains how such an attack was constructed and defended.

Commerce Undersecretary for Standards and Technology Patrick Gallagher sees the private sector, not government, taking the lead to develop tools, processes and standards to help safeguard IT systems and data in and out of government.

What are the top global breach trends and threats that organizations should be watching? Wade Baker of Verizon offers insights gleaned from a new study of his group's latest investigations.

White House Cybersecurity Coordinator Howard Schmidt, in an exclusive interview, expresses optimism that Congress could enact significant cybersecurity legislation this year even if President Obama doesn't get all that he wants in an IT security bill.

A consortium of eight major information technology companies is continuing development of a free framework designed to make it easier to exchange information about security vulnerabilities.

No one - not even a security vendor - is immune to cyber attacks. "It's not a question of if or when companies will face an attack, but how they're going to defend against it," says Symantec's Francis deSouza.

The need for qualified security pros is growing - but so is the <a href='https://www.govinfosecurity.com/cyber-scholarship-to-require-more-work-a-2160'><b>Scholarship for Service Program</b></a>, which helps students train for roles in government. <a href='https://www.bankinfosecurity.com/interviews/one-most-generous-scholarships-ive-ever-seen-victor-piotrowski-nsf-i-221'><b>Victor Piotrowski</b></a> of the National Science Foundation discusses the opportunities.

The Obama administration's Consumer Privacy Bill of Rights should be seen as a vital document to help shape an expansive and globally accepted privacy framework in the United States, privacy and data security lawyer Lisa Sotto says.

This is the first <a href='https://www.bankinfosecurity.com/pages.php?pageID=rsa2012'><b>RSA Conference</b></a> since 2011's high-profile <a href='https://www.inforisktoday.com/breaches-serve-as-wake-up-call-for-risk-mgt-a-4161'><b>security breaches</b></a>. How did those incidents influence this year's agenda? Hugh Thompson explains in an exclusive event preview.

Mobile security is a new discussion track at <a href='https://www.bankinfosecurity.com/pages.php?pageID=rsa2012'><b>RSA Conference</b></a>, but it's long been a hot topic for CISOs. Entrust's Dave Rockvam discusses <a href='https://www.bankinfosecurity.com/phishing-c-325'><b>BYOD </b></a>and how organizations are securing personally-owned devices.

A mobile device management system is critical to any effort to accommodate the use of personally owned <a href='/mobility-c-212'><b>mobile devices</b></a> for work purposes, says Bill Spooner, CIO at Sharp Healthcare.

The <a href='https://www.bankinfosecurity.com/insider-fraud-c-247'><b>insider threat</b></a>: It's a top challenge for any organization, and it's a hot topic for <a href='https://www.bankinfosecurity.com/pages.php?pageID=rsa2012'><b>RSA Conference</b></a> attendees. Dawn Cappelli and Randy Trzeciak preview their new book, The CERT Guide to Insider Threats.

IT security practitioners who employ the RSA public-private key cryptography needn't lose sleep about its efficacy, despite new research that raises questions on how it creates large prime numbers to generate secret keys, IT security authority Gene Spafford says.

Data breaches are under-reported, and breached organizations aren't giving consumers the information they need about these compromises, says Karen Barney of the Identity Theft Resource Center.

Jason Clark, CSO of Websense, has met recently with 400 CSOs. In a pre-RSA Conference interview, he discusses how security leaders can be more effective when facing <a href='https://www.bankinfosecurity.com/mobility-c-212'><b>mobile security</b></a> and other challenges.

Getting forensics help should be one of the first steps an organization takes after a breach occurs, says IT security and privacy lawyer Miriam Wugmeister.

What are the top emerging fraud threats via mobile banking, and how must security leaders respond? In an RSA Conference preview, Julie McNelley of the Aite Group offers tips for fighting the newest threats.

NIST's Ron Ross will be quite busy at RSA Conference 2012, not only promoting revised guidance on security and privacy controls to be unveiled at the securing conclave, but also participating in a panel on one of his favorite topics: continuous monitoring.

What are the top emerging fraud threats to banking institutions via mobile banking, and how must security leaders respond? Julie McNelley of the Aite Group offers tips for fighting the newest threats.

Why must financial institutions pay more attention to risks posed by third-party payments processors? FDIC executive Michael Benardo explains the updated guidance in an exclusive interview.

From mobile malware to the Anonymous hacktivist attacks, how can banking institutions tackle the changing threat landscape? Joe Rogalski of First Niagara Bank has some new ideas.

Mike Mitchell, new chair of the Payment Card Industry Security Standards Council, says mobility is among his top priorities for action in 2012. How will emerging technologies influence the standard?