Info Risk Today Podcast

To build an effective information security program, organizations and leaders need to take seven essential steps, including updating a <a href='/risk-assessment-c-44'><b>risk assessment,</b></a> says consultant Tom Walsh.

When <a href='/articles.php?art_id=4456'><b>Google</b></a> amended its policy, suddenly everyone was talking about <a href='/privacy-c-151'><b>privacy</b></a>. How do privacy officers turn these discussions to their advantage? Kirk Herath of Nationwide Insurance has some ideas.

What does a U.S. patent protect, and why should security leaders care? Attorney James Denaro details the risks and the questions you need to ask about the cybersecurity technologies you use.

Healthcare <a href='/id-theft-c-318'><b>breach</b></a> statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.

Organizations that have experienced a <a href='/phishing-c-324'><b>breach</b></a> report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.

Risk assessments are over. Now it's time for institutions to prove they conform to the <a href="https://ffiec.bankinfosecurity.com/"><b>FFIEC's Authentication Guidance</b></a>. Fraud expert George Tubin offers tips to prepare for the first regulatory exam.

What are the critical steps that IT security professionals should take in the aftermath of a breach? CEO Micky Tripathi of The Massachusetts eHealth Collaborative offers eight practical lessons based on his breach resolution experience.

The privacy risks involved in using <a href='/social-media-c-289'><b>social media</b></a> in healthcare can be minimized through innovative staff education, says risk management expert Paul Anderson.

Losses linked to debit fraud now exceed losses connected to check fraud, according to a new survey by the American Bankers Association. How are banks responding to the threat?

One reason why <a href='/fincen-c-209'><b>encryption</b></a> is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in improving security, says attorney Amy Leopard.

Online security starts with e-mail monitoring. BITS and FS-ISAC have partnered to launch a new registry service that aims to thwart phishing attacks.

Five years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.

You know your company's social media policy is a good one when it starts sounding less like a checklist and more like common sense, says Sherrie Madia, social media expert and author.

Does the U.S. government's shuttering of the file-sharing website Megaupload.com show that new laws are not needed to battle intellectual property piracy? Brookings's Allan Friedman believes it does.

The <a href="/emv-roots-go-deep-in-europe-a-3404"><b>Europay, MasterCard, Visa</b></a> standard, commonly used in most global markets, is coming to the U.S. The sooner issuers, acquirers and merchants initiate migrations, the better, says Stephanie Ericksen, head of authentication product integration at <a href="/visa-pushes-emv-in-us-a-3955"><b>Visa</b></a>.

The <a href="/emv-roots-go-deep-in-europe-a-3404"><b>Europay, MasterCard, Visa</b></a> standard, commonly used in most global markets, is coming to the U.S. The sooner issuers, acquirers and merchants initiate migrations, the better, says Stephanie Ericksen, head of authentication product integration at <a href="/visa-pushes-emv-in-us-a-3955"><b>Visa</b></a>.

The recent <a href="/zappos-breach-affects-24-million-a-4406"><b>breach</b></a> that affected 24 million customers of Internet retailer Zappos.com should lead others to consider how much client information to store, says cybersecurity expert Fred H. Cate.

<a href="http://www.maehc.org/" target="_blank"><b>The Massachusetts eHealth Collaborative, </b></a>a non-profit consultancy that experienced a health information <a href='/phishing-c-324'><b>breach,</b></a> learned eight important lessons from the experience, says CEO Micky Tripathi.

<a href='https://www.databreachtoday.com/zappos-breach-affects-24-million-a-4406'><b>Zappos</b></a> was quick to communicate after discovering a <a href='https://www.databreachtoday.com/data-breaches-c-318'><b>data breach</b></a> impacting 24 million customers. But did the online retailer respond appropriately, or make some missteps in its haste to notify? Francoise Gilbert of the IT Law Group gives a mixed review.

Security managers need the heads up from non-IT executives before they dismiss employees, some of whom might seek payback for their sacking by pilfering data or sabotaging systems, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.

When your site processes more transactions annually than the London Stock Exchange, you'd better care deeply about breach prevention, says Ionut Ionescu, Head of Threat Management at Betfair.

To help prevent breaches, <a href='/mobility-c-212'><b>mobile devices</b></a> should be encrypted even if storage of sensitive information on them is prohibited, says security expert Melodi Mosley Gates.

A breach is a disaster, says business continuity specialist Ken Schroeder. So organizing an effective breach-response team does not require a reinvention of the wheel. What it does require is a holistic approach.

Chief Information Officer Chad Eckes is overseeing the slow phase in of iPads and iPhones at the Cancer Treatment Centers of America, which has relied heavily on laptop computers, in an effort to mitigate security risks.

A national network of regional cancer hospitals that has relied heavily on laptop computers is slowly phasing in iPads and iPhones, taking steps to mitigate the security risks involved.

When it's time to stand up in court and discuss <a href='/id-theft-c-315'><b>forensic</b></a> evidence in a legal matter, you need someone who knows your business best, says Greg Thompson, VP enterprise security services at Scotiabank Group.

Malcolm Harkins, CISO of Intel was quick to embrace BYOD as a means to cut costs and improve employee productivity. His advice to leaders struggling with the trend: "Don't shy away from the risk issues."

Complexity is among the most significant information risk challenges IT security practitioners face. Mobile and cloud computing, new technologies, outsourcing and growing threats from malware and people make managing risk more complex.

As organizations move to the continuous monitoring of their IT systems to assure they're secure, they rely much more on automated processes. But don't forget the role people play.

How can government agencies protect against new and trending cyber attacks? What are today's top application security trends and threats? Robert Haas of HP has expert insight and tips.

Big <a href='/data-loss-c-208'><b>data</b></a>. <a href='https://www.bankinfosecurity.com/phishing-c-325'><b>Consumerization</b></a>. <a href='/mobility-c-212'><b>Mobile</b></a> growth. ISACA picks these as the top technology trends for IT and information security leaders to tackle in 2012. Robert Stroud offers tips to help manage the risks.

It's not a question of <i>if</i> employees will bring their own <a href='/mobility-c-212'><b>mobile devices</b></a> to work and connect to your systems. It's a matter of when. But the benefits of BYOD outweigh the risks, says Malcolm Harkins, CISO of Intel.

Complexity is among the most significant information <b><a href='/risk-management-c-38'>risk management</a></b> challenges organizations face at the dawn of the new year.

Regulators push tougher cybersecurity measures. But the challenge for smaller organizations isn't compliance - it's budgets. Wendy Nather of 451 Research defines the 'Security Poverty Line' and what to do about it.

A new survey identifies the Top 10 Cybersecurity Trends for financial service organizations. Malware and mobility head the list of risks to watch. What are the other key concerns?

<a href='https://www.bankinfosecurity.com/faces-fraud-2011-beware-cross-channel-threats-a-3206'><b>Fraud threats</b></a> have changed little in the past decade. But their global scale has, and James Ratley, president of the ACFE, details how <a href='https://www.bankinfosecurity.com/interviews/inside-fraud-investigation-i-1207'><b>fraud examiners</b></a> must change their approach to fighting these crimes in 2012.

Information risk management, at its core, is about tradeoffs, says NIST Senior Scientist Ron Ross.

A federal appeals court has ruled in favor of victims of the 2007 <a href='https://www.bankinfosecurity.com/hannaford-data-breach-may-be-tip-iceberg-a-810'><b>Hannaford data breach</b></a>. Attorney Ronald Raether explains the ruling and what it potentially means to future breached entities and their customers.

If management <a href='/awareness-training-c-27'><b>awareness</b></a> of information security issues increases, will an organization's commitment to securing practices and policies also increase? This is the question answered by an eye-opening new study.

Every organization likes its <a href='/business-continuity-getting-right-a-3021'><b>business continuity/disaster recovery plan</b></a> before a disaster, says Al Berman of DRI International. But in the aftermath? Different story - and one that must be addressed in 2012.

The lack of uniformity in federal and state privacy and security requirements is creating major challenges for health information managers attempting to comply, says Lynne Thomas Gordon, the new CEO of the <a href="http://www.ahima.org" target="_blank"><b>American Health Information Management Association.</b></a>

Donna Flynn says Liberty Bank discovered three key gaps when it tackled FFIEC <a href="https://ffiec.bankinfosecurity.com/articles.php?art_id=3802"><b>authentication guidance</b></a> compliance. Two were easy to fill. The third required an out-of-the-box solution.

BITS, the technology policy division of The Financial Services Roundtable, has just named a new VP of cybersecurity and fraud prevention. What's John Carlson's mission, and what's it mean to banks?

Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising federal healthcare regulators, explains why she's frustrated by delays in rolling out new regulations to protect electronic health records and safeguard the exchange of patient information.

Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the <a href="http://www.walgreens.com" target="_blank"><b>Walgreens</b></a> national drugstore chain.

Vulnerabilities in applications developed for the Commonwealth of Pennsylvania contributed to a major security breach a few years back, one that state CISO Erik Avakian does not want repeated.

New York's Pace University has just announced its new Seidenberg Cyber Security Institute. What is the school's mission, and why is now the ideal time to open its doors to career-minded students?

Customers want to be involved with their banking security, but few institutions allow them to play active roles in fraud prevention. What has to change?

It's one thing to have a <a href='/incident-response-c-40'><b>data breach response team</b></a>. It's quite another to ensure that team is made up of savvy personnel, says Brian Dean, a former privacy executive for KeyBank.

The threat landscape has evolved, and India's banking institutions must grow their information security strategies, says Anand Naik of Symantec, which just released a report that offers a new security agenda to institutions.