Government Information Security Podcast

How might a national unique patient identifier improve the accuracy of patient record matching and potentially help address identity fraud? Julie Dooling of the American Healthcare Information Management Association - which has been lobbying for the development of such an ID - makes the case.

The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.

To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.

What should healthcare organizations know about complying with the breach notification and data security requirements of New York's SHIELD Act? And how does the new law compare with HIPAA? Jon Moore, chief risk officer at consulting firm Clearwater, explains.

What is a "reasonable" response to a cyber incident? Following a recent roundtable dinner discussion of the topic, Jonathan Nguyen-Duy of Fortinet discusses getting cyber right.

When it comes to identifying and stopping malicious and even accidental insider threats, organizations are often overlooking a significant gap. Nathan Hunstad of Code42 discusses how to plug this costly leak.

As part of a multi-city tour, ISMG and Sonatype visited Atlanta recently for an engaging discussion on how to mitigate risks introduced by open source code. Here's a conversation with DevOps advocate Derek Weeks.

Amidst a multi-city tour, ISMG and Sonatype visited Boston for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses how the conversation highlights the offense vs. defense approaches to securing critical applications.

Organizations must take a number of critical steps to prepare a response to ransomware attacks before they hit, says Caleb Barlow, the new president and CEO of security consulting firm CynergisTek, who offers a guide.

Healthcare organizations can take steps to start mitigating risks while awaiting vendor software patches to address URGENT/11 IPnet vulnerabilities in their medical devices, says researcher Ben Seri of security firm Armis, which identified the flaws.

The latest edition of the ISMG Security Report analyzes concerns about the use of Huawei equipment by U.S. telecommunications firms. Also featured: A Huawei executive discusses 5G security, plus an update on an Australian ransomware attack.

ISMG and Rapid7 kicked off a roundtable dinner series in San Francisco, where Rapid7's Scott King says the conversation showcased the challenges security leaders face in engaging business leaders to discuss risk.

Microsoft's Remote Desktop Protocol is one of the most widely used utilities for connecting to remote machines. But it poses risks if organizations don't actively monitor how it's used, says Chris Morales of the security firm Vectra.

With all of the tools deployed for endpoint detection and response, enterprises today are often overwhelmed by threat intelligence, says J.J. Thompson of Sophos. To alleviate "analysis paralysis," Sophos has just launched its Managed Threat Response service. Thompson details its offerings.With all of the tools deployed for endpoint detection and response, enterprises today are often overwhelmed by threat intelligence, says J.J. Thompson of Sophos. To alleviate "analysis paralysis," Sophos has just launched its Managed Threat Response service. Thompson details its offerings. Thompson, senior director of Managed Threat Response, says the new service combines sophisticated tools and expert analysts in a service that surpasses what traditional EDR can do today. "Of the landscape of MDR providers out there, very few take action," Thompson says. "Other services simply notify customers of attacks or suspicious events, and then it's really up to them to manage things from there." But with the new Sophos service, "ne

What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.

The latest edition of the ISMG Security Report features an analysis of Donald Trump's comments about "the server" in a discussion with the president of Ukraine. Also: insights on "privacy by design" and highlights of ISMG's Cybersecurity Summit in Toronto.

A new resource designed to help healthcare organizations of all sizes engage in cybersecurity information sharing is now available. Errol Weiss, who helped create the "cybersecurity matrix," describes how to use it.

Technology companies often don't build in controls to protect privacy during the application development process, says Jason Cronk, a lawyer and privacy engineer. But using "privacy by design" principles during software development can help avoid trouble, he says.

Barracuda is out with its latest Spear Phishing Update, and among the key findings: a rise in email account takeover and lateral phishing. Why are enterprise defenses failing to detect these strikes? What new solutions will improve defenses? Barracuda's Michael Flouton shares insights.

The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.