Info Risk Today Podcast

NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.

Kaspersky Lab has identified a new spear-phishing attack involving a Trojan designed to target Android devices. Researcher Kurt Baumgartner says organizations need to be prepared for more mobile malware attacks.

E-mail authentication foils phishing, but authentication is only effective if every partner in the chain adopts it. John Carlson and Andrew Kennedy of BITS explain how institutions can improve e-mail practices.

Intel has added privacy to the portfolio of its top information security executive, Malcolm Harkins, who says too many information security professionals are "color blind or tone deaf" to privacy, wrongly thinking strong data protection provides privacy safeguards.

Getting inspectors general and agencies' IT security heads to agree on how best to evaluate information security should strengthen U.S. federal government agencies' risk management frameworks, say former OMB leaders Karen Evans and Franklin Reeder.

Computer networks in nations where the government has ratified international cyber-agreements have lower incidents of malware infection, says Paul Nicholas, Microsoft senior director of global security strategy and diplomacy.

The bad guys who attack information systems are getting better at what they do, making old threats even more dangerous, says Steve Durbin of the Information Security Forum.

Understanding big data is not the problem, say Michael Fowkes and Aaron Caldiero of Zions Bank. Figuring out how to use the information contained within big data in a meaningful way - that's the trick.

Want to know how predictive analysis could work to defend your IT systems? Take a look at how American Navy SEALS found Osama bin Laden, says Booz Allen Hamilton's Christopher Ling.

What can organizations do to improve security after a network attack? Post-breach investigations help security leaders trace steps and strengthen weak points, says investigator Erin Nealy Cox.

What's the cost to an organization when it suffers a seurity breach and breaks trust with its own customers? Jeff Hudson, CEO of Venafi, presents results of a new survey on the cost of failed trust. Venafi has just partnered with Ponemon Group to release a new survey, "The Cost of Failed Trust". Among the key findings: $398M is the average loss facing every Global 2000 organization from attacks on trust assets. And so many of these incidents result from serious exploits of what could be described as common, easy-to-fix vulnerabilities.

The motive behind the cyber-attack on South Korean banks and broadcasters was atypical, as compared to most digital assaults that involve implanting malware on IT systems, says McAfee's Vincent Weafer.

It's a boom time for information security start-ups. But what unique qualities separate winners from losers? Alberto Yépez of Trident Capital describes the role of venture capital in today's market.

Prolexic's CEO Scott Hammack says battling distributed-denial-of-service attacks has become part of everyday business. And during this in-depth interview, he explains why.

DDoS attacks on banks have returned, and the attackers are changing their tactics and expanding their attack toolsets. How must organizations change the way they defend against DDoS? Carlos Morales of Arbor Networks shares strategies.

Companies wanting to share cyber-threat information with the government and other businesses should adopt the U.S. Defense Department's doctrine of information superiority, says Lares Institute Chief Executive Andrew Serwin.

Phishing attacks are up, and the methods are changing. Paul Ferguson of the Anti-Phishing Working Group explains how phishers are fine-tuning their schemes and exploiting cross-platform technologies.

We now have seen three waves of DDoS attacks on U.S. banks, and Dan Holden of Arbor Networks says we have seen three distinct shifts in these incidents. What can we expect going forward?

Business line managers are in better positions to control and monitor network and system access privileges than IT departments, since they know their employees and the privileges they should be provided, says Bill Evans of Dell Software.

Authenticating appropriate network administrators and employees has become increasingly challenging, especially for healthcare organizations and regional banking institutions, says Tim Ager of Celestix.