Info Risk Today Podcast

King says new guidance tackles data collected via call centers and other telephone communications.

The announcement by RSA that it had been a victim of an advanced persistent threat shook the global information security industry. Stephen Northcutt of SANS Institute and David Navetta of the Information Law Group offer insight on what happened, what it means and how to respond.

Hackers target RSA's SecurID products, leading federal IT policymakers question America's preparedness for cyberattacks, new House bill would reform federal IT security governance and why Ohio state government decided to standardize on NIST IT security framework.

It's serious news that RSA's SecurID solution has been the target of an advanced persistent threat. But "It's not a game-changer," says Stephen Northcutt, CEO of SANS Institute. "Anybody who says it is [a game-changer] is an alarmist."

ChicagoFIRST's Brian Tishuk says local lessons can be learned from Japan, especially within the financial, government and healthcare sectors.

Global banking institutions can learn from Japan's disaster planning and response. And a sophisticated cyberattack is launched against RSA, targeting the security unit of EMC's SecurID two-factor authentication products.

"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.

Global banking institutions can learn from Japan's disaster planning and response. And a sophisticated cyberattack is launched against RSA, targeting the security unit of EMC's SecurID two-factor authentication products.

This week's top news and views: Health Net Breach Investigated; Insights From HIPAA Summit; OCR's McAndrew on Enforcing HIPAA.

A roundup of this week's top news: Hackers target RSA's SecurID products. Also, Japan's nuclear crisis: What do you need to know? Plus: New Health Net breach may be biggest ever.

Smartphones are ubiquitous in organizations today. But how secure are these devices -- and what are the security and liability vulnerabilities associated with their use?

Application security - it's one of the top inside threats for banking institutions globally, according to Peter Gutmann.

When it comes to security, international leaders must think globally and act globally, says Christos Dimitriadis, head of information security at Greece-based INTRALOT S.A.

When the business demands the latest tools and technologies, saying "no" is not a viable option. "Clearly, these are disruptive things, but they also are extremely valuable," says Simon Godfrey, Director, Security Solutions at CA Technologies UK.

Disaster recovery expert Regina Phelps says Japan's nuclear emergency puts local citizens at risk, but organizations globally can learn from the crisis. "I hope that all of us look at this and ask, 'What can I do to be better prepared?'"

Cobit, ITIL, ISO, NIST, an alphabet soup of standards governments often rely on to assure the safety of their IT systems. Ohio government IT leaders saw standardizing on one framework to be a more efficient way to help safeguard IT.

Adequate funding for privacy and security measures is essential to the success of sharing electronic health records to improve the quality of care, says William Braithwaite, M.D., Ph.D.

Current solutions are good at authenticating users, but not the integrity of the transactions, says Rik Ferguson of Trend Micro. "We're not authenticating the right things."

Australia's government agencies can learn a lot from the nation's banks, when it comes to risk management and protecting privacy, says Graham Ingram, General Manager of the Australian Computer Emergency Response Team. "There are too many people in government organisations who are in denial [of risks]," he says.

Zayd Sukhun says global political unrest has upped regulators' expectations for banks to streamline fraud-detection tools and techniques.