Info Risk Today Podcast

In the wake of the Global Payments Inc. card breach, ID theft expert Neal O'Farrell says banks and credit unions must be proactive with outreach to customers. What should institutions' messages include?

As enterprises spend frugally on IT security, cybercriminals aren't, and that presents big problems for organizations working feverishly to secure their digital assets, says Steve Durbin, global vice president of the Information Security Forum.

From 2010: When he first learned of the full magnitude of the Heartland Payment Systems data breach, Heartland CEO Bob Carr had one overriding thought: "Can we survive this?"

Mobile device management systems are relatively immature, so shoppers need to ask probing questions about the systems' functionality, advises security consultant J. David Kirby.

Organizations and leaders seeking to assure the privacy of their customers should implement privacy by design in the development process, privacy lawyer Alan Friel says.

"Many financial institutions have watched for years as cybercrime has escalated, and now we are shutting it down," says Greg Garcia, describing Operation B71 and how it's helping combat ACH/wire and other forms of fraud.

The average per capita cost of a data breach has declined from $214 to $194, according to the new Cost of a Data Breach study. But there are still plenty of causes for concern, says Dr. Larry Ponemon.

Verizon's 2012 Data Breach Investigations Report shows dramatic increases in attacks linked to hacktivist groups like Anonymous and LulzSec. How should organizations respond to this evolving threat?

Protecting the availability, confidentiality and integrity of information are the core tenets of IT security. But an FBI cybersecurity leader, Steve Chabinsky, suggests the central theme of IT security needs to be broadened to include assurance and attribution.

Cloud-computing service provider contracts, for most businesses and government customers, are take-it-or-leave it propositions, so organizations must approach a services agreement cautiously, IT security lawyer Françoise Gilbert says.

One important way to prepare for Stage 2 of the HITECH Act electronic health record incentive program is to take steps toward eliminating storage of patient records on mobile devices, says privacy expert Deborah Gascard Wolf.

Apple's introduction of its third iteration of the iPad e-tablet, coupled with the growing popularity of cloud computing, could lead to new methods of enterprise computing and IT security, Delaware Chief Security Officer Elayne Starkey says.

What emerging security challenges will new mobile devices and platforms pose for banks and credit unions? Brian Pearce and Amy Johnson shed light on Wells Fargo's approach to unique retail and commercial risks.

Apple's release of the new iPad will affect business. How should organizations incorporate new mobile concerns into their BYOD policies? Joe Rogalski of New York's First Niagara Bank weighs in.

Consumer advocate Deven McGraw describes what she likes and doesn't like about the privacy and security provisions in the proposed rules for Stage 2 of the HITECH Act electronic health record incentive program.

Imperva would neither confirm nor deny it helped defend the Vatican website from a hacktivist assault last year, but the IT security provider's director of security, Rob Rachwald, explains how such an attack was constructed and defended.

Commerce Undersecretary for Standards and Technology Patrick Gallagher sees the private sector, not government, taking the lead to develop tools, processes and standards to help safeguard IT systems and data in and out of government.

What are the top global breach trends and threats that organizations should be watching? Wade Baker of Verizon offers insights gleaned from a new study of his group's latest investigations.

White House Cybersecurity Coordinator Howard Schmidt, in an exclusive interview, expresses optimism that Congress could enact significant cybersecurity legislation this year even if President Obama doesn't get all that he wants in an IT security bill.

A consortium of eight major information technology companies is continuing development of a free framework designed to make it easier to exchange information about security vulnerabilities.