Info Risk Today Podcast

The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster.

Smart phones that give many IT security managers headaches in developing security policies are being used in increasing numbers to help safeguard systems and applications, thanks to more muscular biometric features, says Steve Vinsik of Unisys.

It isn't so much the changing threat landscape that causes security leaders to re-assess their approach to incident response. Mobility and the expanding perimeter are the real factors driving change.

With Congress facing $1.2 trillion in budget cuts, Federal Chief Information Officer Steven VanRoekel says funding for cybersecurity initiatives will likely be affected. But with smart planning, government information technology should not be placed at risk.

How will new guidance on criminal background checks change the way organizations approach employment screening? This is one of the key trends to watch in 2013, says screening expert Les Rosen.

ID theft is a growing global problem. Eva Velasquez, head of the ITRC, outlines how public and private organizations in 2013 can update approaches to ID theft prevention.

Which fraud trends need the most attention from U.S. banking institutions in 2013? Distributed-denial-of-service attacks and account takeover, says FS-ISAC's Bill Nelson, who offers fraud-fighting tips.

Does cyber defense competition help prepare college students for real-world jobs in information security and risk management? Dan Likarish and Rick Cisneros of Regis University say yes. Here's why.

The evolution of threats and rise of mobility are leading organizations to improve user authentication. What are the new strategies and solutions security leaders in all sectors will employ this year?

Tom Ridge, the first Homeland Security secretary, questions the wisdom of granting the Department of Homeland Security greater authority to influence IT security within the federal government and the nation's critical IT infrastructure.

Arlan McMillan, the chief security officer for Chicago's government, says the city employed processes established by the federal government to assure its new cloud computing initiative is secure.

With different nations establishing different privacy standards, organizations face adopting the most stringent regulations in order to be compliant everywhere they operate, says Marc Groman, a director of the International Association of Privacy Professionals.

Cloud computing and mobility are areas likely to see new regulatory attention in the year ahead. But what are the other hot topics that leading attorneys believe will be addressed in new legislation worldwide?

What are the top account takeover threats to banking institutions in 2013? Ken Baylor of NSS Labs discusses Zeus variants, mobile malware and how institutions can protect themselves from fraudsters.

When it comes to mobility, how do leaders balance security needs with employees' BYOD desires? The easy answer: Just say no. But that's also the wrong answer. What security tips do these leaders offer?

Members of the U.S. Congress may be more sensitive to cyberthreats than they were in the past, but that doesn't mean they truly all appreciate the risk key government and private-sector IT systems face, says House Cybersecurity Caucus Co-Chair Jim Langevin.

From Global Payments to LinkedIn and Zappos, 2012 was filled with notable data breaches. What were the most significant breaches, and how should they influence organizations' breach responses in 2013?

IBM's Dan Hauenstein, in analyzing Big Blue's 2012 Tech Trends Report, says security concerns often inhibit the adoption of four technologies: mobile, cloud, social business media and business analytics.

Heading into 2013, security leaders across industry feel confident about their processes and technology. People, though, continue to create the greatest risks. Can "awareness in depth" make a difference?

Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.