Info Risk Today Podcast

The massive initiative to deploy continuous monitoring at U.S. federal government agencies will be done in phases, with the initial rollout occurring over three years, the Department of Homeland Security's John Streufert says.

As the federal government ramps up deployment of continuous monitoring, agencies should significantly reduce the time to certify and accredit IT systems and detect vulnerabilities, says the Defense Department's Robert Carey.

Many banking institutions have done a poor job of addressing call-center fraud, says IDC analyst Jerry Silva, who offers tips on addressing the challenge of balancing customer service with security.

Gartner analyst Avivah Litan says fraudsters are using DDoS attacks as a distraction for a new, extremely effective account takeover scheme. How should institutions respond to this emerging threat?

Because big data brings significant benefits - and risks - CEOs and boards of directors must take charge of developing privacy protection policies, ISACA International Vice President Jeff Spivey says.

Today's advanced threats are no secret. Focusing the correct resources on them is the true challenge, says Will Irace of General Dynamics Fidelis Cybersecurity Solutions. He offers tips for harnessing the right skills and technology.

Version 3.0 of the PCI Data Security Standard is coming, and draft guidelines reflect the impact of recent retail breaches. PCI GM Bob Russo explains big changes to ensuring payment card security.

As new state health insurance exchanges gear up for open enrollment Oct. 1, privacy expert Chris Rasmussen asks whether regulators will miss the deadline for a risk analysis of a key data services hub.

Bruce McConnell, who just stepped down as one of the federal government's top cybersecurity policymakers, says he understands why some lawmakers don't trust DHS with significant authority to safeguard government IT.

The old saw of a blind squirrel fortuitously finding an acorn reminds the Atlantic Council's Jason Healey of cyber-assailants from third-rate cyber-power Iran, believed to be behind DDoS attacks on U.S. banks.

It's time to start thinking about the next wave of DDoS attacks, says Neustar's Rodney Joffe. And it's time for other critical infrastructure industries - not just banks - to assess their risks.

Organizations won't effectively share cyberthreat intelligence until they have more efficient ways of gathering and prioritizing data, says EMC's Kathleen Moriarty, author of a new report about information sharing weaknesses.

Though others deemed Bruce McConnell as one of the government's most innovative security thought-leaders, he says his vision of how best to secure IT evolved during his just-ended 4-year tenure at DHS as a senior cybersecurity policymaker.

Because mobile payments are so new, banking institutions worldwide are still trying to understand which threats to address first, says payments fraud expert Neira Jones.

It's an increasingly common question from CEOs. "How is our security program protecting the business?" Pamela Gupta of OutSecure shares insight on what CISOs should demonstrate when they answer that question.

The best ideas to secure the Internet do not come from the top-down government approach imposed by some foreign governments, but from the openness derived by a multi-stakeholder process, says Christopher Painter, America's top cyber diplomat.

The hotline, the communications link established between Washington and Moscow during the Cold War to avert a nuclear war, is being used to warn of potential cyber and environmental crises, the State Department's Christopher Painter says.

Kim Peretti, the ex-prosecutor who helped nab Heartland hacker Albert Gonzalez, says recent indictments offer insights into the actors behind global fraud schemes that affected 160 million cardholders.

Organizations increasingly engage with customers via social media, but managers often fail to incorporate or enforce key policies. Attorney David Adler offers tips to improve social media management.

Because state HIEs vary in connectivity and interoperability levels, secure e-mail based on the Direct Project offers a dependable way of sharing patient data during a disaster, says Tia Tinney of the Southeast Region Collaborative for HIT.