Info Risk Today Podcast

Listen to an audio report on a House hearing where key federal lawmakers explain why Katherine Archuleta should be fired as Office of Personnel Management director in the wake of what could be the largest government breach ever.

Before healthcare entities consider accepting data from consumers' wearable devices, they need to take appropriate security measures, says Verizon security expert Suzanne Widup.

The 'Cybersecurity Domino Effect' is a new term to describe the cumulative impact of multiple data breaches. How should organizations and individuals respond? Michael Bruemmer of Experian offers guidance.

Employing context-aware security can reduce the risk of a hacker mimicking a legitimate user to illicitly access a system, says Bill Evans of Dell Security.

Those advocating the use of the ".bank" top-level domain argue that it offers better security than ".com." In part one of a two-part interview, Craig Schwartz of fTLD Registry Services and Doug Johnson of the ABA explain the security provisions.

When it comes to malware, how wide is the gap between infection and detection - and what is the potential business impact on organizations? Paul Martini, CEO of iboss Cybersecurity offers insights and strategies.

Enterprise developers are under pressure to produce quickly mobile apps, often leaving security as a second thought. Denim Group's John Dickson suggests ways to make security a priority.

Chris Feeney, recently named president of BITS, the technology and policy division of the Financial Services Roundtable, describes his top cybersecurity priorities, including helping members deal with insider threats.

Threat intelligence is increasingly being brought to bear to help businesses apply kill-chain concepts, focusing on disrupting discrete parts of online attacks as early as possible, says Fortinet's Simon Bryden.

What's your digital identity strategy? Numerous agencies in countries across Europe - such as the Italian postal service - are creating new approaches to verifying identities and allowing them to be used as a trusted service, says CA's Paul Briault.

The Internet of Things is posing an increased risk to all organizations. One global data center provider, for example, recently discovered that its malware-infected power supplies were part of a botnet, says Chris Richter of Level 3 Communications.

MasterCard's Oliver Manahan says merchants and issuers must embrace stronger cardholder authentication and security methods, such as biometrics and tokenization, to ensure payment card data is secure.

The list of information security threats facing organizations continues to grow longer. But it's up to CIOs to put the right defenses - and priorities - in place, says David White at BAE Systems Applied Intelligence.

Wary of intrusions, data compromise and theft, organizations increasingly are deploying privileged access management solutions. Idan Shoham of Hitachi ID Systems offers the essential do's and don'ts.

Keeping track of missing devices is a critical aspect of information security. Ali Solehdin, senior product manager at Absolute Software, discusses Computrace, which helps organizations secure endpoints and the sensitive data those devices contain.

EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.

Christophe Birkeland, CTO of malware analysis for Blue Coat Systems, was part of the team that discovered the Russia-targeting Inception campaign, and says the hunt for new APT attacks remains ongoing.

Too few security systems interoperate, which makes it difficult for organizations to block or detect data breaches. But Cisco has an interoperability plan to improve the state of cybersecurity defenses, Chief Security Architect Martin Roesch says.

Phishing campaigns are becoming harder to mitigate because of an uptick in spoofed websites tied to top-level domains, such as .bank, says Dave Jevans of the Anti-Phishing Working Group.

For Symantec, the investigation into the Duqu 2 began May 29, when Kaspersky Lab shared samples of the espionage malware - which is based on Flame and Stuxnet - and asked the security researchers to help verify its findings.