Government Information Security Podcast

It's a simple proposition for successful applicants to the Scholarship for Service (SFS) Program: Get your information security education paid for, and then come work for the U.S. government. "It's one of the most generous scholarships I've ever seen," says Victor Piotrowski, Lead Program Director of SFS for the National Science Foundation. In an exclusive interview, Piotrowski discusses: The origins of SFS; How students can apply; Where graduates are finding jobs. Before joining NSF, Piotrowski served as a Professor and Chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.

From the Heartland data breach to the new Massachusetts data protection law, privacy is the hot topic in business and government. In an exclusive interview, Peter Kosmala, assistant director of the International Association of Privacy Professionals (IAPP), discusses: The top privacy topics in business and government; How organizations are tackling these issues; The potential impact of state and federal privacy legislation; The value of the Certified Information Privacy Professional (CIPP) credential. Kosmala oversees product management for the IAPP with specific oversight of distance learning products, privacy certifications and industry awards programs. He also manages business development efforts between the IAPP and peer organizations in the information security, information auditing and legal compliance arenas as well as organizations based in the Asia-Pacific region. The IAPP, based in York, Maine, was founded in 2000 with a mission to define, promote and improve the privacy profession globally.

Chief of Computer Security Division Describes New Challenges Computer scientists at the National Institute of Standards and Technology are actively working on a number of projects aimed at helping federal agencies secure their IT systems. Helping direct those projects is Curtis Barker, chief of the Computer Security Division at NIST's Information Technology Laboratory. The division provides standards needed to protect federal government information systems against threats to the confidentiality, integrity and availability of information and services. In an interview, Barker describes active projects underway in the division, including: Identifying information security processes that can be automated; Improving ways for federal information security managers to more easily identify controls NIST identifies as crucial to secure government IT; and Identifying the security challenges of Web 2.0 and cloud computing so federal agencies can safely implement these technologies. Barker has been at NIST for more

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated iden

The Information Resources Management College isn't your father's or mother's graduate school. Part of the National Defense University, run by the Defense Department and based at Fort McNair in Washington, D.C., IRMC offers graduate-level courses to government employees working in civilian and defense agencies in 10 programs, including its fastest growing, information assurance. In this interview, college Director Robert Childs and faculty members Robert Young and Stephen Mancini discuss: What government information security professionals can get out of the college to help advance their careers. The unusual background of some of its faculty. How the college will align its future courses with the information security goals of the Obama administration. Robert Childs was named head of the Information Resources Management College in 1999. He established Centers of Excellence for Education in E-government and Information Assurance while expanding the number of institutions offering cooperative masters and doctor

A big complaint about the Federal Information Security Management Act (FISMA) is that agencies complying with its provisions merely prove they're following processes aimed at securing information systems, but they don't necessarily prove the systems are indeed secure. In an exclusive interview, Ron Ross, the National Institute of Standards and Technology's FISMA guru, explains: The current challenges agencies face in complying with FISMA. How NIST standards, if adopted, will help secure government IT. Why no metric will fully assure systems will always be safe. Ron Ross is a senior computer scientist at the National Institute of Standards and Technology's Computer Security Division. His areas of specialization include security requirements definition, security testing and evaluation and information assurance. Ross leads the Federal Information Security Management Act Implementation Project for NIST.

Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources. In an exclusive interview, Joe Restoule, President of the Risk and Insurance Management Society (RIMS), discusses: The top risk management issues of 2009; How risk managers should focus their available resources; Advice for professionals looking to start a career in risk management. Restoule currently serves as RIMS president. He has served on RIMS board since 2001 in various capacities, including vice president and secretary. RIMS is a not-for-profit organization dedicated to advancing the practice of risk management. Founded in 1950, RIMS represents more than 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 10,500 risk management professionals around the world.

Despite the recession and record job losses, information security remains a top concern for public and private sector organizations. But what can security professionals do to protect their careers and be considered for these jobs? In an exclusive interview, Pat Myers, chair of (ISC)2, discusses: Top security and risk management issues facing organizations; How security professionals can protect and invest in their careers; Advice for people looking to either start or move into an information security career. An (ISC)² Board member since 1999, Myers has more than 23 years experience in all facets of information security, working extensively in financial services for such companies as Charles Schwab, Inc., Wells Fargo Bank, American Express, and Williams-Sonoma, Inc. She was previously a Director with RedSiren and was "CyberDean" of their Information Security University.

Cybersecurity is a major priority of the Obama Administration, and at Carnegie Mellon University's Software Engineering Institute, it's a key component of the CERT Program's Survivability and Information Assurance (SIA) curriculum. In an exclusive interview, Lawrence Rogers, chief architect of the SIA program, discusses: The need for cybersecurity education; The greatest cybersecurity needs in government and business; Potential career paths for cybersecurity professionals. Lawrence R. Rogers is a senior member of the technical staff in the CERT Program (also the home of the CERT Coordination Center). He has been writing articles for the non-computer professional for several years and was the chief architect and main contributor to the CERT Survivability and Information Assurance (SIA) Curriculum. He is currently a member of the Cyber Forensics team and teaches courses on system administration, cyber forensics, and incident handling.

Tom Davis wrote the original Federal Information Security Management Act in 2002, and says the legislation has served the government and nation well. The one-time powerful chairman of the House Government Reform Committee, which provides oversight on information technology matters, feels it's time for Congress to update FISMA. With a strong reputation as a lawmaker who worked well with Democrats, the Virginia Republican is now director of Federal Government Services at the consultancy Deloitte. In this exclusive interview, Davis: Expresses disappointment that President Obama didn't include money for information security in the stimulus bill. Wants Congress to significantly increase the money appropriated for information security. Believes the scorecard that graded departmental and agency performance in regards to information security, once useful, should be abandoned. Tom Davis represented Virginia's Washington suburbs where many government workers live and government IT and defense contractors have off

We all know the risk of the insider threat is high, but what are the specific vulnerabilities for which organizations should be particularly vigilant? In an exclusive interview, Randy Trzeciak of Carnegie Mellon's CERT program discusses recent insider threat research, including: Patterns and trends of insider crimes; Motives and means displayed in real insider cases; What employers and staffs can do to prevent and detect crimes. Trzeciak is currently a Senior Member of the Technical Staff for the Threat and Incident Management Team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. He is a member of a team in CERT focusing on insider threat research, including insider threat studies being conducted with the US Secret Service National Threat Assessment Center, DOD's Personnel Security Research Center (PERSEREC), and Carnegie Mellon's CyLab.

The Washington think tank Center for Strategic and International Studies released in December a report from the Commission on Cybersecurity for the 44th Presidency, a bipartisan comprehensive study initiated in 2007 of the cybersecurity challenges the next president would face. Among the commission's recommendation was the creation within the White House of an Office of Cyberspace that would address federal government information challenges. In a two-part interview with GovInfoSecurity.com, commission co-chair Harry Raduege discusses how he sees the Obama administration addressing the panel's recommendations. In Part 2, Raduege addresses: Balancing the use of new technologies by federal employees with the need to secure IT. The relationship between the chief information officer and the chief information security officer. Building trust between the private and public sectors that's required to secure information technology. Harry D. Raduege Jr., chairman of the Deloitte Center for Network Innovation, is a r

The Washington think tank Center for Strategic and International Studies released in December a report from the Commission on Cybersecurity for the 44th Presidency, a bipartisan comprehensive study initiated in 2007 of the cybersecurity challenges the next president would face. Among the commission's recommendation was the creation within the White House of an Office of Cyberspace that would address federal government information challenges. In a two-part interview with GovInfoSecurity.com, commission co-chair Harry Raduege discusses how he sees the Obama administration addressing the panel's recommendations. In Part 1, Raduege explains: The stark reality that the bad guys are winning and our nation is at risk. Why a White House Office of Cyberspace is critically needed to secure federal IT. How the government must change the mindset of federal employees to help assure IT security. Harry D. Raduege Jr., chairman of the Deloitte Center for Network Innovation, is a retired Air Force lieutenant general who s

Government Accountability Office auditors will have a busy spring, examining a number of federal government programs aimed at securing government information systems and data. In an interview with GovInfoSecurity.com, Gregory Wilshusen discusses how the GAO is looking at how private industry and two dozen federal agencies employ metrics to measure the effectiveness of information security control activities. Other current GAO information security investigations he discusses include: Federal Desktop Core Configuration intended to standardize security features on personal computers purchased by the government. Trusted Internet Connection initiative aimed at slashing government Internet connections to fewer than 100 from more than 2,000. Einstein automated networking monitoring program run by U.S Computer Emergency Readiness Team. Gregory Wilshusen is director of information security issues at GAO, where he leads information security-related studies and audits of the federal government. He has more than 2

As Congress tackles reforming the Federal Information Security and Management Act, known as FISMA, provisions in the new legislation likely will more precisely define responsibility for departmental and agency information security. In this exclusive interview, cybersecurity expert Paul Kurtz, chief information office of Good Harbor Consulting, explains: How a lack of accountability hinders safeguarding federal government information; Why officials who fail to properly assure government data often go unpunished; Why these leaders should be fired when an information security breach occurs. Paul Kurtz served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush and advised President Obama during the transition. Among his government posts: senior director for national security of the National Security Council's Office of Cyberspace Security; member of the president's Critical Infrastructure Protection Board, where he developed the interna

Fearful of man-made, natural and pandemic disasters, organizations everywhere are adopting or improving business continuity/disaster recovery programs. And at Norwich University, there now is a Master's of Science in Business Continuity program for mid-career professionals to hone their skills in this in-demand area. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Master's of Science in Business Continuity, discussing: What's unique about this program; Requirements for students entering the program; How the MSBC will evolve to meet industry/government needs.

It's become a cliché: Information security professionals need to get closer to the business. Now it's also a Master's degree program in which instructors base their whole curriculum on helping security professionals get closer to - and rise higher in the ranks of - their companies and agencies. In an exclusive interview, John Orlando, MSBC Program Director at Norwich University, talks about the school's Masters of Science in Information Assurance, discussing: What's unique about this program; Requirements for students entering the program; How the MSIA helps security professionals advance their careers.

The Heartland Payment Systems data breach is on everyone's mind, and the case is in the hands now of the Federal Trade Commission (FTC) if it chooses to investigate. While the FTC will neither confirm nor deny a Heartland investigation, staff attorney Alain Sheer does offer his insight on: How the FTC investigates data breaches like Heartland's; The timeline and milestones of such an investigation; Details of the CardSystems data breach - which closely resembles Heartland's.

Reform legislation is expected to be introduced this spring to update the Federal Information Security and Management Act, known as FISMA. A major complaint about FISMA is that complying with its rules does not necessarily guarantee departmental and agency information systems are secure. In this exclusive interview, Sen. Tom Carper, chairman of the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, discusses: Key provisions in the bill to improve ways to measure and determine the security of federal government information systems; Efforts to create a government-wide Chief Information Security Officer Council; His views on the most pressing cybersecurity challenges facing the nation: identity theft and the viability of financial institutions and threats by foreign nations to federal information systems. Tom Carper has held elective office for 32 consecutive years, ever since 1976 when Delaware voters tapped him to be state treasurer

The number of identity fraud victims has increased 22 percent in the U.S., costing 9.9 million victims a total of $48 billion in 2008. This is the news from the fifth annual Identity Fraud Survey Report from Javelin Strategy & Research. In an exclusive interview, James Van Dyke, Javelin founder and President, discusses: Highlights - and surprises - from the study; What it all means to banking institutions; Trends for institutions and their consumers to watch for in 2009.