Info Risk Today Podcast

Gartner's Tom Scholtz doesn't see a shortage of technically skilled IT security practitioners. But he perceives a dearth of infosec pros who truly understand how security links to an enterprise's business goals.

Gartner's Peter Firstbrook, to illustrate the vulnerability of IT systems, cites research that pegs at about 400 days the average time a targeted virus remains undetected on a computer. And, he says, that doesn't speak highly of the current offerings from security vendors.

Relating risk to information security initiatives can help IT security managers persuade their bosses to fund these projects, sponsors of a new survey contend.

Federal action to set aside broadband spectrum for wireless patient monitoring systems has the potential to improve treatment without increasing risks, says medical device expert Dale Nordenberg, M.D.

What are the top challenges with the bring-your-own-device trend? Stephen Midgley, vice president of global marketing at Absolute Software, says the top issue is organizations not knowing where their data is located.

As BYOD continues to become more commonplace, mobile application risk management aids in identifying the risks on those devices and implementing policy to protect enterprise data, says Domingo Guerra, president and founder of Appthority.

What are the top concerns around identity and access management within organizations? Avatier Chief Innovation Officer Ryan Ward says compliance, governance and audit issues are top-of-mind.

What is business-driven identity and access management and how can it help organizations improve their security? Jason Garbis of Aveksa explains.

What's top of mind for the federal government when it comes to cloud security? David Berman of Centrify explains.

What are the top bring-your-own-device concerns enterprises are facing today? Russell Rice of Cisco explains.

Cyber-attacks are becoming increasingly difficult for organizations to defend against, says Ashar Aziz of FireEye.

The bring-your-own-device trend is a huge issue for organizations today, says Rob Ayoub of Fortinet, who offers recommendations to address the security challenges involved.

What are the top GRC concerns within organizations? John Ambra of Modulo explains.

Organizations looking to leverage multi-factor authentication should consider mobile devices for their unique capabilities, says Sarah Fender of PhoneFactor.

The attack space is changing, with more enterprise users accessing data from their mobile device, leading to a new focus on data-centric security, says Jeremy Stieglitz of Voltage Security.

A dramatic reduction in processing requirements for encryption may mean increased utilization of the technology, says Todd Thiemann of Vormetric.

Big data isn't about size, says Gartner's Neil MacDonald. It's much bigger: Big data is about volume, velocity, variety and complexity, and requires new approaches on how information is used to secure digital assets.

In the wake of the LinkedIn breach, what steps should organizations take to enhance online password protection? Araxid's Brent Williams offers advice.

Georgia Tech Research Institute is beta testing a malware intelligence system that research scientist Chris Smoak contends will help corporate and government security officials share information about the attacks they confront.

Mobile security threats can be managed through testing and strategic risk-mitigation strategies, says Keith Gordon, who oversees authentication and security strategies for Bank of America's consumer online and mobile banking units.