Government Information Security Podcast

The Washington think tank Center for Strategic and International Studies released in December a report from the Commission on Cybersecurity for the 44th Presidency, a bipartisan comprehensive study initiated in 2007 of the cybersecurity challenges the next president would face. Among the commission's recommendation was the creation within the White House of an Office of Cyberspace that would address federal government information challenges. In a two-part interview with GovInfoSecurity.com, commission co-chair Harry Raduege discusses how he sees the Obama administration addressing the panel's recommendations. In Part 1, Raduege explains: The stark reality that the bad guys are winning and our nation is at risk. Why a White House Office of Cyberspace is critically needed to secure federal IT. How the government must change the mindset of federal employees to help assure IT security. Harry D. Raduege Jr., chairman of the Deloitte Center for Network Innovation, is a retired Air Force lieutenant general who s

Government Accountability Office auditors will have a busy spring, examining a number of federal government programs aimed at securing government information systems and data. In an interview with GovInfoSecurity.com, Gregory Wilshusen discusses how the GAO is looking at how private industry and two dozen federal agencies employ metrics to measure the effectiveness of information security control activities. Other current GAO information security investigations he discusses include: Federal Desktop Core Configuration intended to standardize security features on personal computers purchased by the government. Trusted Internet Connection initiative aimed at slashing government Internet connections to fewer than 100 from more than 2,000. Einstein automated networking monitoring program run by U.S Computer Emergency Readiness Team. Gregory Wilshusen is director of information security issues at GAO, where he leads information security-related studies and audits of the federal government. He has more than 2

As Congress tackles reforming the Federal Information Security and Management Act, known as FISMA, provisions in the new legislation likely will more precisely define responsibility for departmental and agency information security. In this exclusive interview, cybersecurity expert Paul Kurtz, chief information office of Good Harbor Consulting, explains: How a lack of accountability hinders safeguarding federal government information; Why officials who fail to properly assure government data often go unpunished; Why these leaders should be fired when an information security breach occurs. Paul Kurtz served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush and advised President Obama during the transition. Among his government posts: senior director for national security of the National Security Council's Office of Cyberspace Security; member of the president's Critical Infrastructure Protection Board, where he developed the interna

Fearful of man-made, natural and pandemic disasters, organizations everywhere are adopting or improving business continuity/disaster recovery programs. And at Norwich University, there now is a Master's of Science in Business Continuity program for mid-career professionals to hone their skills in this in-demand area. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Master's of Science in Business Continuity, discussing: What's unique about this program; Requirements for students entering the program; How the MSBC will evolve to meet industry/government needs.

It's become a cliché: Information security professionals need to get closer to the business. Now it's also a Master's degree program in which instructors base their whole curriculum on helping security professionals get closer to - and rise higher in the ranks of - their companies and agencies. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Masters of Science in Information Assurance, discussing: What's unique about this program; Requirements for students entering the program; How the MSIA helps security professionals advance their careers.

The Heartland Payment Systems data breach is on everyone's mind, and the case is in the hands now of the Federal Trade Commission (FTC) if it chooses to investigate. While the FTC will neither confirm nor deny a Heartland investigation, staff attorney Alain Sheer does offer his insight on: How the FTC investigates data breaches like Heartland's; The timeline and milestones of such an investigation; Details of the CardSystems data breach - which closely resembles Heartland's.

Reform legislation is expected to be introduced this spring to update the Federal Information Security and Management Act, known as FISMA. A major complaint about FISMA is that complying with its rules does not necessarily guarantee departmental and agency information systems are secure. In this exclusive interview, Sen. Tom Carper, chairman of the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, discusses: Key provisions in the bill to improve ways to measure and determine the security of federal government information systems; Efforts to create a government-wide Chief Information Security Officer Council; His views on the most pressing cybersecurity challenges facing the nation: identity theft and the viability of financial institutions and threats by foreign nations to federal information systems. Tom Carper has held elective office for 32 consecutive years, ever since 1976 when Delaware voters tapped him to be state treasurer

The number of identity fraud victims has increased 22 percent in the U.S., costing 9.9 million victims a total of $48 billion in 2008. This is the news from the fifth annual Identity Fraud Survey Report from Javelin Strategy & Research. In an exclusive interview, James Van Dyke, Javelin founder and President, discusses: Highlights - and surprises - from the study; What it all means to banking institutions; Trends for institutions and their consumers to watch for in 2009.

The Heartland Payment Systems data breach - it's the first major security incident of 2009. But how big is it really? What are the key takeaways for banking institutions left explaining this breach to their customers? In an exclusive interview, James Van Dyke, Founder and President of Javelin Strategy & Research, discusses the implications of the Heartland case, offering insight on: Conclusions we can draw from the Heartland breach; How banking institutions should communicate with their customers; Vulnerabilities we should watch to avoid the next big breach. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

Higher education hasn't been immune to the ravages of the recession economy. Scholarships and tuition reimbursements are tougher for students to come by, and career opportunities have diminished. That said, job opportunities for information security students abound - in both the private and public sectors. In an exclusive interview, Dr. Peter Stephenson, CISO at Norwich University, discusses: His school's graduate and undergraduate security programs; How Norwich is preparing students for careers in information security; Ways that businesses and government agencies can collaborate with educational institutions to better prepare students for productive careers. Stephenson is a writer, consultant, researcher and lecturer on information assurance and risk, digital investigation and forensics on large-scale computer networks. He has lectured extensively on digital investigation and security and has written or contributed to 14 books and several hundred articles, in major national and international trade,

Check fraud. Crimes against children and the elderly. These are among the current faces of Identity Theft, and experts expect to see even more of these opportunistic crimes in 2009. To help prevent these crimes - and to help banking institutions to protect their customers - Linda Foley, founder of the Identity Theft Resource Center, discusses: The greatest ID theft concerns of 2008; What to expect in 2009; How banking institutions can help customers help themselves. Linda Foley founded the Identity Theft Resource Center with Jay Foley in 1999. The nationally recognized victim assistance and public education organization was established in response to an epidemic rise in identity theft crimes. Today, Linda is acknowledged as an expert on identity theft issues.

Interview with Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk At a time when risks are high and consumer confidence is low, corporate boards of directors aren't paying nearly enough attention to information security and cyber threats. This is the key takeaway from a new Carnegie Mellon University CyLab survey, which shows that there is a "gaping hole as wide as the Grand Canyon" in board and senior executive oversight of these critical business issues. Read more about this survey in an article by Linda McGlasson. To understand this study, we spoke with its author, Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk. In an exclusive interview, she discusses: Key findings; Greatest concerns from the study; Recommendations for what financial institutions should do now to address these concerns. Jody Westby received her B.A., summa cum laude, University of Tulsa; J.D., magna cum laude, Georgetown University Law Center; Order of the Coif. Drawing

The recession is officially here, and major banking institutions are announcing thousands of layoffs weekly. And, yet, now is a good time for information security professionals, whose skills and expertise are in greater demand than ever. In this exclusive interview, W. Hord Tipton, Executive Director of (ISC)², discusses: Career trends in information security; New certification programs available from (ISC)²; Job-hunting advice for security professionals looking to start or switch careers in financial services. W. Hord Tipton is the executive director for (ISC)², the global leader in educating and certifying information security professionals throughout their careers. Tipton previously served as president and chief executive officer of Ironman Technologies, where his clients included IBM, Perot Systems, EDS, Booz Allen Hamilton, ESRI, and Symantec. Before founding his own business, he served for five years as Chief Information Officer for the U.S. Department of the I

To quote from his own biography, Eugene H. Spafford is one of the most senior and recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies, including two Presidents of the United States. In this exclusive interview, Spafford discusses: The state of information security education today; The communication gap between businesses who need security professionals and schools that educate them; Trends in information security education.

Interview with Cyber Crime Expert Eric Fiterman In the wake of the arrests of 11 hackers tied to the TJX data breach, security experts everywhere are warning of bigger, bolder threats to come. So, what should banking institutions have learned from TJX-style breaches, and what can they do now to protect their customers and critical financial/informational assets? In this interview, former FBI agent Eric Fiterman, founder of Methodvue, offers: Insights on the TJX and other breach investigations; How banking institutions can better protect their assets; The types of crimes institutions need to look out for in the months ahead.

Interview with John Pironti of ISACA's Education Board Security leaders are quickly evolving in their roles to focus more on the business of banking, less on the technology of information security. This is the main message delivered by the results of ISACA's recent Information Security Career Progression Survey of 1400 Certified Information Security Managers (CISMs) in 83 countries. To learn more about the survey results and the trends they identify, listen to this interview with John Pironti, Chief Information Risk Manager with Getronics, and a member of ISACA's Education Board. Pironti touches on: The survey results; Trends impacting security professionals; What it all means specifically for security leaders at financial institutions.

Interview with Kim Matlon, Business Continuity/Crisis Management Expert Workplace violence - it's one of the most common but least understood risks to all businesses. From robberies gone awry to bullies in the workplace to domestic anger spilling over from home, the workplace is rife for violent situations. In this interview, Kim Matlon, COO of R&A Crisis Management Services, an Ill.-based business continuity, crisis management and project management consulting firm, offers insight on: The four types of workplace violence; Red flags to look for in employees and communications; How to help ensure employees' safety.