Info Risk Today Podcast

Current solutions are good at authenticating users, but not the integrity of the transactions, says Rik Ferguson of Trend Micro. "We're not authenticating the right things."

Adequate funding for privacy and security measures is essential to the success of sharing electronic health records to improve the quality of care, says William Braithwaite, M.D., Ph.D.

Australia's government agencies can learn a lot from the nation's banks, when it comes to risk management and protecting privacy, says Graham Ingram, General Manager of the Australian Computer Emergency Response Team. "There are too many people in government organisations who are in denial [of risks]," he says.

Zayd Sukhun says global political unrest has upped regulators' expectations for banks to streamline fraud-detection tools and techniques.

Privacy and security specialist Phyllis Patrick offers practical tips on preparing for the upcoming federal HIPAA compliance audits.

Susan McAndrew of the HHS Office for Civil Rights discusses recent high-profile HIPAA cases, upcoming state attorneys general training and the pending HIPAA audit program.

This week's report focuses on one story: Senate WikiLeaks hearing, in which administration officials explained how the WikiLeaks episode occurred and what's being done to prevent such a breach from occurring again.

Joy Pritts of the Office of the National Coordinator for Health IT says the office intends to develop standards that would give patients the ability to exclude clinicians from accessing certain portions of their electronic health records.

In the initial wake of Japan's devastating earthquake and subsequent tsunami, business continuity plans have been tested, and organizations now are dealing with severe aftershocks and a growing national crisis, says Alan Berman, executive director of DRI International.

<b>SWIFT's Gottfried Leibbrandt says conflicting regulatory mandates could further fragment the international payments market.</b>

Pay-at-the-pump card skimming is back, just in time for spring break; and Editorial Director Tom Field shares thoughts from Phoenix about BAI's recent Payments Connect conference.

Pay-at-the-pump card skimming is back, just in time for spring break; and Editorial Director Tom Field shares thoughts from Phoenix about BAI's recent Payments Connect conference.

Domain Name Security - it's one of the most neglected aspects of information security, but critical to healthcare organizations.

This week's top news and views: State AGs to Get HIPAA Lawsuit Training; Eight Breach Prevention Tips; Evolving Uses for Smart Cards.

<b>Iowa CISO Jeff Franklin explains how collecting real-time information helps the state information security office transition its focus from technology to risk management.</b>

Skimming remains the top threat to ATMs worldwide, but certain regions in Europe and Latin America are also seeing a rise in logical security breaches. Bottom line: ATMs are under attack.

Russ Jones of Albert Einstein Healthcare Network describes why the delivery system shifted from magnetic stripe cards to smart cards for a variety of applications.

The Internet is inherently insecure, and the only way to ensure today's evolving information systems is to build them upon three pillars of trust.

<b>Today's technology is not adequately used, says attorney Lucy Thomson.</b>

For former New York State CISO Will Pelgrin, mobile devices, insiders and old infrastructure represent the major challenges local and state governments face in 2011 in securing information technology.

<b>The Smart Card Alliance's Vanderhoof says U.S. card issuers will likely rely on contactless mag-stripe technology to bridge a payments migration to EMV.</b>

<b>The CISO's CISO still sways government infosec from the outside</b>

Patrick discusses how to consolidate network traffic monitoring into a single appliance and management console, along with web application security and PCI compliance.

<b>This week's top news and views: New NIST guidance focuses on risk management; DHS seeks hundreds of millions of dollars for cybersecurity projects; and former New York State CISO Will Pelgrin on federal-state-local IT collaboration.</b>

AML concerns heat up, as FinCEN warns U.S. institutions to scrutinize accounts held by foreign political figures. And the unofficial release of an FFIEC draft about online authentication guidance opens regulators to more feedback and criticism.

AML concerns heat up, as FinCEN warns U.S. institutions to scrutinize accounts held by foreign political figures. And the unofficial release of an FFIEC draft about online authentication guidance opens regulators to more feedback and criticism.

<b> This week's top news and views: Overlooked Breach Prevention Steps; HIPAA Enforcement Picks Up; EHRs and Cloud Computing.</b>

<b>Mobile banking, social media, cloud computing. These all are part of the global banking landscape today, and with these innovations come new expectations, says Alessandro Moretti of (ISC)2 and UBS Investment Bank.</b>

Enforcing standards for privacy and security is a major part of a new health information exchange accreditation program, says Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission.

Physicians implementing electronic health records should consider cloud computing as a way to improve security, says healthcare IT consultant Patricia Dodgen.

Terrell Herzig, information security officer at UAB Medicine, pinpoints frequently overlooked breach prevention steps.

A preliminary draft of new authentication guidance puts greater responsibility on financial institutions, and the ACH/wire fraud case between Experi-Metal Inc. and Comerica Bank marks the first major corporate account takeover incident to hit a courtroom.

A preliminary draft of new authentication guidance puts greater responsibility on financial institutions, and the ACH/wire fraud case between Experi-Metal Inc. and Comerica Bank marks the first major corporate account takeover incident to hit a courtroom.

<b>Government IT security practitioners address the cloud challenge.</b>

An audio review of some of the most compelling content posted on HealthcareInfoSecurity.com in February.

Doug Fridsma, M.D., of the HHS Office of the National Coordinator for Health IT, compares and contrasts the security approaches of two national health information exchange projects.

<b>Cisco's Don Proctor longs for days of Microsoft patches.</b>

<b>ADT's John Pearce says continued use of the magnetic-stripe is to blame for growing card-skimming trends and threats in the U.S.</b>

<b>Functionality hasn't changed much in two decades, but capabilities have expanded immensely.</b>

Lee Aase of Mayo Clinic describes the organization's social media guidelines and offers insights on protecting privacy and security.

<b>Tom Oscherwitz says consumers put themselves at risk by giving out too much personal information that is often used for online banking log-in credentials.</b>

Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising federal regulators, offers insights on how the team's recommendations might be implemented and what topics it will tackle next.

Visa says a move toward EMV can help merchants cut PCI compliance costs, and SWIFT says globalization, regulation and the introduction of new services from non-financial providers will set the tone for payments 2011.

This week's top news and views: New York Breach Affects 1.7 Million; Privacy Protections for Backup Files; Shifting to Hardware-Based Encryption.

This week's top news and views: Government infosec pros question the federal government's security resolve, according to our new survey; Steve Jobs is Apple of Pentagon's eye; and a Department of Cyber -- a fleeting idea?

Visa says a move toward EMV can help merchants cut PCI compliance costs, and SWIFT says globalization, regulation and the introduction of new services from non-financial providers will set the tone for payments 2011.

<p>Visa's Eduardo Perez, head of Global Payment System Security, says the EMV chip is an ideal dynamic data technology, but mobile and others offer similar security benefits.</p>

<b>SWIFT's Stacy Rosenthal says globalization, regulation and the introduction of new services from non-financial providers will set the tone for 2011.</b>

<b>The 451 Group's Joshua Corman says merely complying with stagnant standards won't ensure security.</b>

Attracting and retaining IT security professionals may be the No. 1 staffing challenge states face, but the numbers alone unveiled in a recent National Association of State Chief Information Officers survey don't tell the whole story.