Info Risk Today Podcast

When Joseph Bognanno of Wolters Kluwer Financial Services examines 2012's financial fraud trends, all he sees is more - more of everything, from schemes to new guidance. How can banks stay ahead?

Lyndon Bird, technical director of the Business Continuity Institute, praises the ISO 22301 standard for business continuity, calling it "An end to uncertainty." Learn about the emerging standard.

Eighty-five percent of data breaches go undetected, but organizations have a new type of cop on the beat to ferret out these illicit activities - the data scientist, says Phil Neray, head of security intelligence strategy and marketing for Q1 Labs, an IBM company.

When it comes to the FFIEC Authentication Guidance, Aite analyst Shirley Inscoe fears too many banking institutions are investing only in achieving compliance - not ongoing security.

When it comes to fighting financial fraud, Peter Tapling of Authentify says banking institutions are chronically underestimating and under-utilizing one key resource: Their own customers.

Cloud computing for governments in the United States, especially services tailored for the federal government, may not be as efficient or as cheap as many would hope, says Richard Falkenrath, a principal with the security consultancy The Chertoff Group.

One of the biggest mistakes companies make after a major data breach is communicating with the news media, consumers and others before all the facts are clear, says attorney Ronald Raether.

Phishing - it's the classic scheme that never goes away. In fact, it evolves. Amy Blackshaw of RSA offers insights on how to respond to this and other trends identified in the 2012 Faces of Fraud survey.

What's the best strategy for communications after a data breach, like the one suffered by Global Payments Inc.? Bob Carr, CEO of Heartland Payment Systems, discusses what to say in the weeks following a breach.

Securing the massive amounts of data swamping organizations, a trend known as big data, can be addressed, in part, by organizations simply getting rid of data no longer needed, Grant Thornton's Danny Miller says.

To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

"Regulation drives spending," says George Tubin of GT Advisors. "You're in a situation where the regulators are telling you, 'You have to do something; you have to make improvements.' Therefore, the bank has to spend some money on technology."

Creating a "culture of compliance" that emphasizes the importance of privacy requires far more than "management by committee," says change management specialist Jan Hillier.

What might the Global Payments breach investigation entail? Dave Ostertag of Verizon's Investigative Response unit describes a forensics investigation - how long it can take and what it might reveal.

Healthcare organizations need to make mobile device security a top priority because so many recent data breaches can be tied to poor mobile device management, says consultant Jeff Brandt.

Where do time-strapped senior leaders go for education on cyber forensics and incident response? Carnegie Mellon University has a new option, and Dena Haritos Tsamitis explains its unique approach.

Current Analysis' Bernt Ostergaard describes using massive amounts of information, or big data, to help secure information systems.

Companies should hire a breach resolution vendor before they experience a data breach to help ensure rapid, appropriate response, says security consultant Robert Peterson.

Gartner Analyst Avivah Litan, one of the first fraud experts to report the Global Payments Inc. data breach, says the latest revelations raise more questions than answers about the incident's impact.

IPv6, known to some as the new Internet, is architected to be safer than IPv4, but that doesn't mean organizations shouldn't take steps to assure the security in Internet Protocol version 6, American Registry for Internet Numbers' John Curran says.