Government Information Security Podcast

Most industries say PCI is improving payment card security, but driving consumer and employee awareness about vulnerabilities remains a challenge.

Philip Andreae was there when EMV was born, and he plans to see the EMV evolution through, until it becomes a global standard embraced throughout the world.

Executives deal with risk all of the time, except that is, information technology risk. For many non-IT leaders in government and business, IT risk is outside their comfort zone. Oregon CISO Theresa Masse wants to change that.

When it comes to sizing up the privacy agenda for 2011, the tone at the top of organizations is all about improving data security, says privacy expert and lawyer Lisa Sotto.

This week's top news and views: Conscripting cybersecurity experts to protect IT, State battles data leakage and President Obama signs bill to reorganize the National Institute of Standards and Technology.

To Brian Lapidus, COO of Kroll's Fraud Solutions group, the main threat to data security can be summed up in two words: social networking.

Researchers explore adapting geolocation technology to identify where data reside on the cloud so organizations can comply with IT security laws and regulations, RSA Chief Technology Officer Bret Hartman says.

This month's most compelling news and views: top 10 government IT security stories of 2010, four components on the insider threat, pragmatic optimist Howard Schmidt and failure to enact major cybersecurity bill foreseen. And don't miss our audio week-in-review podcast by Executive Editor Eric Chabrow

Dmitri Alperovitch, McAfee Labs threat research vice president, discusses the company's annual threat predictions, saying: "We are seeing an escalating threat landscape in 2011."

"The environment that started by supporting whistleblowers ... is essentially morphing into 'Gee, we as an organization need to be completely transparent, whether we want to or not,'" says Cal Slemp, managing director of Protiviti.

Thwarting the insider threat entails more than knowing an individual with access to a computer, but to recognize the synergy between the individual, organization, technology and environment, I3P Research Director Shari Lawrence Pfleeger says.

2011 will be the year of more -- more sophisticated malware, more WikiLeaks-style breaches and more regulatory compliance headaches.

"Literally, in my entire time working in the privacy field, I've never seen such profound and aggressive activity by the government in the privacy space," privacy expert Thomas Oscherwitz says.

This week's top news and views: Cyber reforms vanish, State Department creates cyber issues post, why risk management is hot and less stress during social media blackout. Don't miss our audio week-in-review podcast by Executive Editor Eric Chabrow

NIST's Ron Ross Tackles the Risk Management Framework

If Marcus Ranum were your CISO, this would be his 2011 resolution: To launch a "War Games" style exercise.

A new White House plan to reform how the feds manage IT should not only drive efficiencies but help secure digital assets, says Tim Young, former Office of Management and Budget deputy administrator for e-government and IT.

Cybersecurity reform stopped in the Senate, White House unveils new way to manage federal IT that emphasizes cloud computing and data consolidation and tips on preventing a WikiLeaks-style breach.

Hemu Nigam says WikiLeaks founder Julian Assange has become akin to a "cyber messiah" And Assange's followers have proven: "If you turn your back on our messiah, we are going to take you down."

"We use the Social Security number in every aspect, both mundane and sensitive," says Conti, coauthor of a report on the military's use of personal identifiable information. "It's everywhere, so we're courting disaster in how we us it."