Info Risk Today Podcast

A leader of ISACA, Sarb Sembhi, defends President Obama's cybersecurity framework, which critics contend lacks sophistication. He says detractors miss the point about how frameworks evolve.

Too many organizations have a device-centric BYOD policy that fails to look at big picture issues, including building a comprehensive strategy for protecting corporate information no matter how it's accessed, says Ian Evans of AirWatch.

As members of the workforce increasingly rely on mobile devices to access corporate data, secure sharing of files becomes more challenging, says Accellion's Vidhya Ranganathan, who describes an effective strategy.

On the day Target's CEO resigned in the aftermath of a massive data breach, the Ponemon Institute issued its 2014 Cost of Data Breach Study, which Chairman Larry Ponemon says helps explain why CEOs should be more involved in breach preparedness and response.

A behavioral analysis approach to fighting malware can be more effective than a signature-based approach in the current threat environment, contends Webroot's Patrick Kennedy.

Voltage Security's Mark Bower contends data-centric security can help break down barriers to the widespread use of encryption and help protect sensitive information, including credit card numbers.

Network "situational awareness" can help organizations in all business sectors improve regulatory compliance by identifying networks and devices that need protection, says Lumeta's Reggie Best.

Hurt the criminals and cyberthreats will decrease. That's how organizations in all sectors, working with law enforcement, should approach cybersecurity, says Juniper Networks' Kevin Kennedy.

Individuals resort to lying about themselves to protect their identities when accessing systems in today's imperfect cyber world, says Peter Tapling, president of Authentify, an out-of-band authentication service.

Trusted Identity is the end-goal, and mobile devices are the means to get there, says Dave Rockvam of Entrust. How are mobile devices being leveraged for security in the enterprise today?

The old, standard dashboards are no longer sufficient. To be truly effective, network pros now need new data to help find and resolve network security issues, says Mike Heumann of Emulex.

For too long, code writers have been measured on the features built into their applications - not the potential security vulnerabilities. It's time to change that perspective, says Maty Siman of Checkmarx.

When it comes to DDoS attacks, the hacktivists get all the headlines, but there is a robust service industry behind the scenes, supporting these sophisticated strikes, says Darren Anstee of Arbor Networks.

When marketing a secure Web gateway worldwide, iboss has to take into consideration the culture of each region and offer customization to meet local needs, says Roy Harris, senior vice president.

Ethical hackers can play an important role in testing the security of websites, says High-Tech Bridge's Ilia Kolochenko, who describes a new on-demand security assessment service.

DDoS attacks have grown in sophistication. But so have organizations' dependencies on the services disrupted by DDoS, says Corero's Ashley Stephenson. How should security leaders respond to protect their critical services?

Organizations across all industry sectors understand the importance of information security. But turning security awareness into meaningful action - that's the challenge that many midsized entities face, says Sophos' Nick Bray.

Cloud-based advanced threat protection helps organizations detect sophisticated malware that is able to bypass existing security measures. The key is to start with the premise that the network is already infected, says Seculert's Dudi Matot.

Organizations and security threats have changed dramatically, but many information security strategies have not - and that is a huge problem, says SafeNet's Jason Hart.

Understanding the behavior patterns of individuals with access to an organization's most important credentials is one of the keys to privileged management, says CyberArk's Matt Middleton-Leal.