Info Risk Today Podcast

Millions of user credentials are breached regularly - whether we hear of the incidents or not. So, why do we continue to rely on passwords? Derek Manky of Fortinet discusses authentication and data retention.

When it comes to incident response, organizations don't lack threat intelligence. They lack the automation, tools and the skilled staff to act on that intelligence, says Craig Carpenter of AccessData.

The PCI Council has unveiled new guidance for mitigating payment card risks posed by third parties. Troy Leach, the council's CTO, explains how banking institutions and merchants can put the guidance to use.

That Russian hackers may be hording 1.2 billion credentials merely reflects the insecurity of the world we live in today, says David Perry, threat strategist at the Finnish IT security company F-Secure.

Healthcare fraud will increasingly be linked to some form of cybercrime, says Brendan Johnson, U.S. attorney in South Dakota, whose office is ramping up its anti-fraud efforts.

Ex-Navy Secretary Richard Danzig likens society's growing dependence on IT to surviving on a diet of poisoned fruit. He says we're taking risks with critical cybersystems that ultimately can cause irreparable harm.

Detecting and preventing advanced attacks isn't just a technology issue - it's a business risk that needs to be elevated to the highest levels of an organization. Trend Micro's Tom Kellermann shares strategies.

In devising advice to help organizations identify which information security and privacy controls to adopt, NIST risk management expert Ron Ross, a NASCAR fan, looks to the way mechanics decide how to fix a car.

Vendors are rushing useful new "Internet of Things" products to market, but too often treat device security and data privacy as an afterthought, says Forrester Research analyst Andrew Rose.

Financial institutions feel the pain of recent retail breaches, and they seek new ways to secure payments and fight fraud. But how can security leaders influence changes within their own organizations?

Karl Schimmeck of the Securities Industry and Financial Markets Association won't discuss reports about the group's alleged backing of the formation of a cyberwar council, but says financial institutions must play a role in protecting critical infrastructure.

A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.

As a customer, Delaware Chief Security Officer Elayne Starkey has seen the evolution of cloud computing over the past three years to a point where she has more sway over the security terms of cloud services contracts.

Big data has been the recent buzz in security circles, but what are organizations missing by overlooking the power of "small data?" Verizon's Jay Jacobs discusses how to get the most from data analytics.

Attackers increasingly focus on software vulnerabilities in what application security expert Anthony Lim calls "the invisible onslaught." How can the CISO exert more control over software development?

Attacks are more frequent, severe and complex. How can security pros defend against the entire attack continuum - before, during and after? Cisco's Bret Hartman describes a threat-centric approach.

New research shows consumers believe online purchases are more secure than those made at bricks-and-mortar retailers. Researcher Shirley Inscoe of Aite explains why misconceptions about card fraud should be worrisome to banks.

To detect and deter today's threats, security teams need new and dynamic data analytics capabilities. Haiyan Song of Splunk discusses the analytics-enabled SOC and how to improve incident response.

"United we stand; divided we fall." That's the message from Art Coviello to kick off the 2014 RSA Conference Asia Pacific & Japan in Singapore. What advice does the RSA chair offer to global security leaders?

Enterprises should test the processes they establish to respond to advanced persistent threat attacks, just as they vet their business continuity plans, ISACA International President Robert Stroud says.