Info Risk Today Podcast

House Cybersecurity Caucus Co-Chair Jim Langevin sees the new International Telecommunication Regulations, approved in Dubai earlier this month over the objections of the U.S., as a veiled threat to suffocate Internet freedom around the world.

CISOs' top three priorities for 2013 are emerging threats, technology trends and filling security gaps, says RSA CISO Eddie Schwartz. But what new strategies should leaders employ to tackle these challenges?

As the recent PATCO case shows, fraud litigation is moving away from just establishing damages. The key legal question now is: What is reasonable security? Attorneys discuss the 2013 fraud legal landscape.

Threats have evolved, and so have our Internet needs. This is why organizations need to explore the security and productivity gains of the next-generation firewall, says Patrick Sweeney of Dell SonicWALL.

When it comes to mobile security, users say the right things, but still indulge in risky behavior. Javelin's Al Pascual tells how security leaders can create better partnerships and practices in 2013.

A breach that resulted in a $1 million HIPAA settlement led Partners Healthcare in Boston to take many significant steps, including merging its privacy and security efforts, says CISO Jennings Aske. More changes are planned for 2013.

HIPAA compliance audits will resume within about a year once results of a recently completed pilot program are reviewed, says Leon Rodriguez, director of the Department of Health and Human Services' Office for Civil Rights.

McAfee researchers have uncovered new information about a Gozi variant, which RSA in October named Prinimalka. The Trojan, part of a blitzkrieg-like attack, is expected to hit 30 institutions in spring 2013.

In parts of Europe and Asia, privacy legislation took solid steps forward in 2012. In the U.S., however, progress has stalled. Is the U.S. at risk of falling behind when it comes to privacy protection?

It's as much about people as it is technology for organizations to successfully implement a continuous monitoring program, says George Schu, senior vice president at Booz Allen Hamilton.

From point-of-sale hacks to malware and DDoS attacks, the top cyberthreats of 2012 have been aggressive and strong. Is it time for organizations to adopt a "hack back" strategy against perceived attackers?

Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.

Eurograbber is more than just another banking Trojan. It's an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Point's Darrell Burkey.

McAfee CPO Michelle Dennedy and Intel CISO Malcolm Harkins work for the same company, but in some ways they are worlds apart. How must privacy and security leaders bridge gaps to face challenges ahead?

Developing a bring-your-own-device policy that's well-integrated with an organization's overall information security strategy requires a multi-disciplinary, collaborative approach, says attorney Stephen Wu.

As missiles and bombs do real damage in Israel and Gaza, a veteran Israeli cybersecurity expert, Amichai Shulman, downplays the significance of the assaults waged against Israeli websites, contending any damage has been minimal.

An executive at a bank in New Jersey that was battered by Hurricane Sandy offers lessons learned, including the importance of having a well-tested, detailed business continuity plan.

Cloud-based botnets and mobile malware are two of 2013's top cyberthreats. What other threats make the list? Georgia Tech's Paul Royal tells how security pros and organizations can prepare.

The kind of detailed data analysis that helped statistician Nate Silver predict accurately the outcome of the U.S. presidential election could help enterprises using cloud-based SIEM to identify vulnerabilities, says Cloud Security Alliance's Jens Laundrup.

To know how best to respond to IT and communications failures, incident response pros first must collect information on such incidents, says Marnix Dekker, who co-authored a new report for ENISA.