Info Risk Today Podcast

On the technical side, authentication is much the same as it was years ago. But the way consumers are using two-factor authentication products has dramatically changed, says Vasco's Jan Valcke.

When considering security products, companies need to run test scenarios to make certain the product can handle their type of traffic, says Ixia's Richard Favier.

A new study from Neustar shows DDoS attacks in the United Kingdom are often used as a smoke screen for malware attacks or theft, says security specialist Susan Warner.

New technology enables organizations to protect applications against reverse engineering and tampering by cybercriminals, says Arxan Technologies' Mark Noctor, who explains how the approach works.

The key to creating secure applications is choosing the right open source components and carefully monitoring them to ensure they remain free of defects, says Sonatype's Wai Man Yau.

"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.

Cloud-based "testing-as-a-service" and "security-as-a-service" platforms can make security more accessible to smaller organizations, says Spirent's Brian Buege.

As cyber-attacks become more common, organizations must devise new ways to shorten response times and lessen the impact, says Paul Nguyen of CSG Invotas.

The best way to detect whether hackers have penetrated an IT system is to examine outbound traffic, says Eric Cole, the latest inductee to the Infosecurity Europe Hall of Fame.

A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves.

Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.

Privacy and security are vital components of all major projects that the Office of the National Coordinator for Health IT has under way, says Karen DeSalvo, M.D., the new head of the office.

Ellen Richey of Visa, keynoter at the April 29 Fraud Summit San Francisco, outlines key card fraud-fighting trends for the year ahead, including the U.S.'s migration toward EMV, greater use of tokenization and heightened fraud detection.

Malcolm Harkins has a unique role. He oversees both security and privacy for global technology vendor Intel. What tips does he offer individuals who seek to build careers in either discipline - or both?

A notion emerging from the Heartbleed bug is that organizations can't determine if the vulnerability caused data to be exfiltrated. But CERT's Will Dormann says that may not always be the case.

The chief executive of the Finnish company that uncovered the Internet website vulnerability known as Heartbleed says security practitioners should rethink how they approach IT security by placing a greater emphasis on vetting software for vulnerabilities.

Symantec's 2014 Internet Security Threat Report calls 2013 the year of the mega breach. Why? Because it's getting far too easy for the bad guys to pull off these breaches, says Symantec's Kevin Haley.

Starting now, healthcare organizations using Microsoft Windows XP-based medical devices better have short- and long-term strategies to address cybersecurity, says medical device security researcher Kevin Fu.

The FFIEC just issued new guidelines on DDoS risks to U.S. banking institutions. What is the substance of these guidelines, and how must banks and credit unions respond? Rodney Joffe of Neustar offers advice.

To boost cybersecurity, senior leaders - whether a CEO, a board member or a government agency director - need to think of information as a critical asset worthy of protection, risk management experts Val Rahmani and Malcolm Harkins say.