Info Risk Today Podcast

The White House has yet to announce who will be the government's first CISO, a position President Obama announced six weeks ago. In this audio report, experts weigh in on whether there's enough time left for the new information security leader to be effective before the president's term ends.

Smaller hospitals and clinics must avoid the common mistake of thinking they won't fall victim to cyberattacks, warns risk management expert Tom Andre, vice president of information services at the Cooperative of American Physicians.

In the world of the extended enterprise, everybody seeks greater visibility into network activity. But Gidi Cohen was there in 2002, founding Skybox Security to provide analytics to improve cybersecurity. Cohen discusses the evolution of visibility.

Growing worries about the use of the U.S. financial system to launder funds for terrorists has spurred proposals for new state and federal regulations aimed at tightening money-laundering controls. Attorney Lauren Resnick explains steps banks are taking to help detect suspicious activity.

Although relatively few carriers offer cyber insurance, buyers can negotiate favorable terms when purchasing policies, say Experian's Michael Bruemmer and NetDiligence's Mark Greisiger, who explain why in this interview.

In a one-on-one discussion about today's top healthcare security challenges, Premise Health CISO Joey Johnson talks about the "paradigm shift" needed to move entities from a compliance mindset to one that embraces true cybersecurity.

Because of growing cybersecurity concerns, CISOs in the financial sector finally are getting more time with their boards of directors and more direct interaction with senior executives, says John Carlson, chief of staff at the Financial Services Information Sharing and Analysis Center.

Automated threat intelligence sharing can significantly reduce the amount of time it takes organizations to identify, assess and react to attacks, according to new research from Johns Hopkins. Mark Clancy, CEO of Soltra, says automated information sharing with government and other sectors is catching on.

Blockchain technology used by bitcoin and other cryptocurrencies offers opportunities for enhanced authentication and ID management, as well as cross-border money remittances, says Ben Knieff of the consultancy Aite. But he contends it's not clear that the technology could play a role in faster payments.

The big-name breaches have made us all sensitive to the loss of personal and competitive data. But are we overlooking the real risks? Shawn Henry of CrowdStrike offers insight on how we need to evolve our core defenses.

Webroot has just released its 2016 edition of its annual threat brief. In an exclusive interview, Michael Malloy, executive vice president of products and strategy, discusses the report and how its key findings will likely play out in the year ahead.

Threat response is a lot like physical fitness. Enterprises know what they need to do - they often just opt not to do it. RSA's Rashmi Knowles offers advice for how to move from threat prevention to response.

More cybercriminals are adapting their attack techniques, using compromised credentials linked to privileged accounts to invade networks and systems, according to researchers at Dell SecureWorks, who describe an open source solution that can help mitigate the threat.

Former intelligence operative Will Hurd brings his CIA values, including his belief in the benefits of sharing of threat information, to his job as chairman of a House subcommittee with information security oversight. Hurd addresses a number of cybersecurity matters in a wide-ranging interview.

Gavin O'Brien of NIST explains why the institute is reworking its guidance on the cybersecurity of wireless infusion pumps - and when the new advice will be available.

Unlike other security and breach reports, Verizon's Data Breach Digest is a collection of data breach investigation case studies from around the world. Verizon's Ashish Thapar elaborates on findings from this digest.

Apple's standoff with the U.S. government is creating a healthy debate about whether federal investigators, under certain circumstances, should have the right to circumvent the security functions of smartphones and other devices, says cybersecurity attorney Chris Pierson.

Virginia Gov. Terry McAuliffe has a message for state leaders across the nation: Cybersecurity has to be a top item on their policy platforms. And, by the way, he very much intends to make Virginia the cyber capital of the United States.

Healthcare organizations must take several important steps to protect their environments against ransomware attacks, says Mac McMillan, CEO of the security consulting firm CynergisTek. He outlines key measures in this interview.

Organizations can apply user behavioral analytics - the practice of reacting to how people behave in the information security realm - to better spot and block data breaches, says Fortscale's Kurt Stammberger.