Government Information Security Podcast

Eddie Schwartz didn't shy away from the offer to become RSA's first chief security officer after the security firm experienced a sophisticated advanced-persistent-threat breach. Instead, Schwartz embraced the hack as the reason to take the job. (See RSA to Get Its First Chief Security Officer.)

Recent high-profile data breaches and heightened threats add up to one thing: a bright future for information security professionals who want to start or re-start a career in risk management.

Minnesota has seen an increase in malicious traffic since the state government shut down a week ago, but state CISO Chris Buse says sophisticated intrusion-detection systems and an alert skeleton staff have prevented any harm from being done, at least to the part of state government IT controlled by the Office of Enterprise Technology.

RSA customers who feel victimized by last March's breach of the security vendor's computers have viable options that include continued use of the SecurID authentication tokens, those offered by competitors, or something entirely different: biometrics.

Today's top fraud threats recognize no global boundaries, says James Ratley, head of the Association of Certified Fraud Examiners. And they require a stronger global workforce than ever before.

Eddie Schwartz, the new - and first - chief security officer of RSA, says the IT security provider hit by a sophisticated advanced-persistent-threat attack in March is focusing internal security on efforts to reduce the time an intruder can go undetected.

A key factor in minimizing the risk of a breach when working with business associates is to provide these partners with the minimum amount of information they need to perform their services, says security expert Brian Lapidus.

Minnesota faces a government shutdown Friday, and state CISO Chris Buse confronts unexpected barriers in preparing for it. No one yet knows what services the IT security organization must support once the midnight deadline passes.

Organizations' biggest obstacles to privacy protection are the organizations themselves - specifically, their silos - says Dr. Ann Cavoukian, proponent of the new concept, Privacy by Redesign.

SafeNet CEO Chris Fedde says top executives, not chief information or chief information security officers, should have final say on what data to encrypt.

Leigh Williams says preventing online data breaches requires cooperation within the online ecosystem from domestic and international organizations. Spearheading and maintaining that cooperation requires federal oversight, he contends.

Sen. Robert Menendez says regulators should have the power to compel banks to toughen IT security and offer timely customer notification of a breach. But if they don't, the Banking Committee member says in an interview, they should come to Congress to get that authority.

Northrop Grumman Cybersecurity Research Consortium's Robert Brammer says IT security researchers should think like Wayne Gretzky, the National Hockey League hall of famer: Skate to where the puck will be.

The latest component of the U.S. Department of Veterans Affairs' ongoing effort to protect medical devices from malware is the creation of a centralized patch management system, says Randy Ledsome, the VA's acting director of field security operations.

FDIC examiner Donald Saxinger says cloud computing can pose challenges when it comes to business continuity during disasters. Proactive vendor management, he says, is the best way to address potential hiccups before they become big problems.

IT security expert Marcus Ranum says RSA's offer to replace its SecurID tokens is a deal worth taking.

What's the top threat on the minds of global IT leaders? Employee-owned mobile devices - or BYOD (bring your own device), as the trend is known. The struggle: Do mobile device benefits outweigh the organizational risks?

Quantifying the safety or danger of cyberspace is tough. But a highly respected IT security practitioner and an experienced risk management consultant have teamed to develop an index they contend reflects the relative security of cyberspace by aggregating the views of information security industry professionals.

Adam Greene, the primary author of the proposed accounting of disclosures rule mandated under the HITECH Act, describes its major provisions and offers advice on how to prepare.

The same approach governments and businesses employ to protect individuals from the dangers of secondhand smoke could be applied to safeguard cyberspace, says Scott Charney, Microsoft's vice president of trustworthy computing, engineering excellence and environmental sustainability.