Healthcare Information Security Podcast

Marcus Ranum has a unique take on the biggest information security threats to organizations and individuals. A renowned expert in secure systems and design, Ranum, currently the CSO of Tenable Network Security, offers a new look at topics such as the risks of cloud computing and what he calls the myth of cyber warfare. In an exclusive interview, Ranum discusses: The biggest security concerns of 2010; Which threats get the least attention; Why penetration testing is often a waste. Ranum, since the late 1980s, has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, h

Interview with Jay Foley of the Identity Theft Resource Financial scams and incidents of medical identity theft are on the rise - and they're among the main threats to business and consumers in 2010. This is the warning from Jay Foley, executive director of the Identity Theft Resource Center. In an exclusive interview, Foley discusses: The major ID theft threats and trends for 2010; The industries most at risk; What information security professionals can do to help prevent ID theft. Responding to an explosive rise in identity theft crimes, Jay and Linda Foley established the Identity Theft Resource Center (ITRC) in 1999 in order to provide education and victim assistance to consumers and businesses. As Executive Director of the ITRC, Jay is today recognized nationally as an expert on identity theft issues. Frequently addressing national, state and community organizations, Jay travels throughout the United States providing training for businesses, consumers and law enforcement. He has appeared befo

Interview with Wade Baker and Alex Hutton of Verizon Business Earlier this year, Verizon Business unveiled its much-heralded 2009 Data Breach Investigations Report. Now, the company has just released its 2009 Supplemental Data Breach Report, which reveals the 15 most common attacks against organizations. In an exclusive interview, Wade Baker and Alex Hutton of Verizon Business discuss: The trends uncovered in the supplemental report; How the threat landscape varies by industry; What organizations and individuals can do to better protect themselves. Baker, research and intelligence principal with Verizon Business, has more than 10 years of IT and security experience. His background spans the technical-managerial spectrum from system administration and web development to data analysis and risk management. He is one of the primary authors of the groundbreaking Verizon Business Data Breach Investigations Report. Hutton, research and intelligence principal with Verizon Business, has served as a consult

What's ahead for information security professionals in 2010? Barbara Massa, VP of Global Talent Acquisition at McAfee, Inc. speaks to the results of the new Information Security Today Career Trends Survey, discussing: How the results speak to the maturity of the information security profession; The survey's message to CISOs; The value of recruitment and retention in the year ahead. Massa joined McAfee in June, 2009. For the 10 years prior to joining McAfee, Barbara led the Talent Acquisition function at EMC and Documentum respectively (Documentum was acquired by EMC in December of 2003.) Barbara's prior work includes leadership positions in the recruiting organization at Cadence Design Systems and at an external recruiting firm.

Business risks have grown in size and complexity in 2009. How, then, must risk management evolve to meet the challenges of 2010? James Pajakowski, EVP of Global Risk Solutions with Protiviti, shares his insight on: The risk management trends for 2010; How information security professionals must meet the new challenges; What's most misunderstood about risk management today. Pajakowski oversees the delivery of Protiviti's services in the areas of finance and transactions, operations, technology, litigation, governance, risk, and compliance. He previously served as managing director and head of the Business Risk practice. He also was one of five founding members of the Protiviti Operating Committee, which was responsible for establishing Protiviti's vision and strategy and overseeing financial and administrative matters during the company's first five years. Prior to Protiviti, Pajakowski was a partner with Arthur Andersen, where he started his career in 1982. He has more than 25 years of professional serv

In terms of information security, what is the state of auditing as we end 2009 - and what are the trends foreseen for 2010? Warren Stippich Jr., Practice Leader of the Chicago Business Advisory Services Group of Grant Thornton LLP, discusses: Audit trends; Where organizations are most vulnerable; How audit practices can be improved. Stippich has over 18 years experience working with multi-national, entrepreneurial, and high-growth companies. He brings experience to the business risk consulting and internal audit services areas from both the public accounting firm and industry perspectives. He leads many Sarbanes- Oxley consulting and internal audit services projects for a wide-array of publicly traded businesses with international operations. He has worked extensively with international internal audit, Sarbanes-Oxley and business consulting assignments in Europe, China, Southeast Asia, Central and South America and Canada

No question, the information security professional's role has evolved in recent years. How, then, has the need for ongoing professional education also changed? And what role must risk management play in today's security organization? In an exclusive interview, Mark Lobel of PricewaterhouseCoopers and ISACA, discusses: The role of professional education in information security; The evolution of risk management; How organizations and professionals must respond to the challenges of 2010. Lobel, CISA, CISM, CISSP, is a member of ISACA's Security Management Committee. He has over 25 years business experience, with the first eight in the Entertainment and Media industry and then, after his MBA, with PricewaterhouseCoopers. He is an internationally recognized security and controls professional with experience designing, benchmarking and assessing organizational security strategies and technologies. He is experienced at designing, assessing, implementing and penetration testing enterprise security. Lobel

We've experienced two waves of the H1N1 pandemic. What lessons have we learned? Sue Kerr, President of Continuity First, a business continuity/disaster recovery consultancy, talks about how organizations have handled H1N1. She also discusses: the state of BC/DR; Challenges facing organizations today; 2010 trends and career opportunities. Kerr is also the president of the Old Dominion Association of Contingency Planners, Education Director for the National Association of Contingency Planners and a previous member of the Disaster Recovery Journal Editorial Advisory Board. She has been active in setting standards for the industry as well as training others. She has spoken at various conferences and has done training for corporations, governmental organizations as well as the community. She has been published in industry journals and has been interviewed multiple occasions as a subject matter expert. She is a Certified Business Continuity Professional through the Disaster Recovery Institute. In addition

Interview with Kent Anderson of Encurve LLC Cybersecurity, forensics, risk management -- what will be the core security skills needed in organizations in 2010? In an exclusive interview, Kent Anderson, founder and managing director of Encurve LLC, as well as a member of ISACA's Security Management Committee, discusses: The core security skills now needed by organizations; How these skills are acquired today; Ways security professionals can take charge of their own development. Anderson is considered a leading authority on security, with more than 22 years of experience in the field. He has held positions as SVP of IT Security and Investigations with an international business risk consultancy, as Director in the Dispute Analysis & Investigations group of PricewaterhouseCoopers, and as the European Information Security Manager for Digital Equipment Corp.

What have been the biggest privacy issues of 2009, and what emerging trends should you watch heading into 2010? We posed these questions to J. Trevor Hughes, Executive Director of the International Association of Privacy Professionals (IAPP). In an exclusive interview, Hughes discusses: The role of the IAPP; Key legislation in the U.S. and internationally; Where organizations need to improve privacy protection. Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as Executive Director of the IAPP, Hughes leads the world's largest association of privacy professionals. Hughes has provided testimony before the U.S. Congress Commerce Committee, the U.S. Senate Commerce Committee, the U.S. Federal Trade Commission, and the EU Parliament on issues of privacy and data protection, spam prevention and privacy-sensitive technologies. He is a member of the first class of Certified Information Privacy Professionals (CIPPs) and is co-author (with D. Reed Freeman, Jr.) of "Pri

It's time for information security professionals to give back to their communities - to reach out and educate businesses, schools and citizens about cybersecurity and other relevant issues. This is the message from John Rossi, professor of systems management/information assurance at National Defense University. In an exclusive interview, Rossi discusses: Why security professionals should practice outreach; Potential venues for public speaking How to get started. Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assessments Program and National Program Manager for Computer

Tough times require "softer" leaders. This is the perspective of careers coach Heidi Kraft, who says that today's senior leaders need to focus more on emotional intelligence and other "soft" qualities to be able to better recruit and retain quality employees. In an exclusive interview, Kraft discusses: Which "soft" skills are most important; How managers and employees alike can change a culture to embrace these skills; Where to start to develop and nurture "softer" leaders. Kraft is a Leadership and Career coach and founder of Kraft Your Success Coaching and Consulting. Prior to launching her business, she spent 17 years on the agency side of the advertising industry, including a stint as SVP Media Director at Boston-based Hill Holliday, developing and implementing media strategies for high-profile clients such as Microsoft, Intel, Intuit, Siebel Systems, 24 Hour Fitness and Harley-Davidson. She holds a CPCC (Certified Professional Coactive Coach) and is a graduate of the Coaches Training Institute

Allan Bachman has fought fraud since the early 1970s, and he's seen the crimes evolve in both sophistication and scale. In an exclusive interview, Bachman, Education Manager for the Association of Certified Fraud Examiners (ACFE), discusses: The evolution of fraud schemes; The most common types of fraud seen today; Types of training available to help detect and prevent fraud. Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on several IT implementations specializing in security. His largest fraud investigation for over $1.5 million was conducted during this time. Previously Bachman worked in or consulted for retail, real estate, manufacturing and has done extensive small business consulting where he has actively worked a number of fraud cases. His fraud investigation experience extends back to the mid- 70's and has continued th

Malware, Consumer Technology, Social Networks Head the List of Vulnerabilities Know what scares security expert John Pescatore the most? The image of a remote employee sitting at a home office or public setting, plugging into an unsecured network, accessing critical business data via a personal laptop or PDA. Organizations have never had so many security risks in so many remote locations, says Pescatore, VP and Distinguished Analyst with Gartner, Inc. Mitigating these risks will be among the primary challenges for information security leaders in 2010. In a discussion of security trends, Pescatore offers insight on: Emerging threats; Emerging solutions; The role of education and training to help meet security needs. Pescatore has 31 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 year

The fall flu season has begun in the U.S., and the news each day is filled with stories about H1N1 (swine flu) outbreaks at schools and businesses. But how bad is the outbreak? Is it on a par with a typical flu season? Far better or far worse? To help separate fact from fiction, noted pandemic expert Regina Phelps discusses: Current realities of H1N1; What organizations should be doing now - especially with Halloween approaching; Lessons learned and what to expect next. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

We all can see the technological and market forces converging to necessitate and enable electronic healthcare records. But how does this transition impact privacy and compliance within an organization? What are the ramifications for IT and security departments? Kim Singletary, Solutions Marketing for McAfee, discusses: The electronic healthcare records revolution; Impact on privacy and compliance; How IT departments must respond. Singletary was Director of Compliance Solutions for Solidcore prior to the McAfee acquisition. She has 15 years of Product Management and Marketing roles with companies specializing in outsourced IT services for critical infrastructure both traditional datacenter services, MSSP and SAAS. Her expertise has been in developing and growing security, compliance and managed services for the Fortune 500 which included roles at SAVVIS Communications, Frontier Communications and Global Crossing.

Interview with Cliff Baker of HITRUST Alliance For too many healthcare organizations, information security is about regulatory compliance - requirements and checklists. It's time for patients, privacy and true information security to be prioritized, says Cliff Baker, Chief Strategy Officer with the HITRUST Alliance. In an exclusive interview, Baker discusses: Key healthcare security issues and how HITRUST addresses them; Privacy and information security trends to track in 2010; How healthcare organizations can focus less on compliance, more on security. Baker specializes in information security, privacy and compliance for healthcare organizations. He has 15 years of experience with information security for healthcare organizations, including developing strategic plans for a number of global and national organizations, working on multi-year complex system implementations, and assisting organizations with board level risk management decisions. Baker has worked with leading providers, health plans, and p

Social networking. Cyberbullying. Identity theft. There are myriad threats to children as they explore their online universe. And to counter these threats is Safe and Secure Online, a new interactive presentation that brings information security professionals into classrooms to give sound advice to 11-14-year-old children. Delivered by (ISC)2, Safe and Secure Online relies on material developed by former school teachers, but delivered by certified information security professionals. David Melnick of Deloitte and (ISC)2 discusses: The need for Safe and Secure Online; How the program will be delivered and measured; Ways businesses, government agencies and information security professionals can help. Melnick is a principal in security and privacy services within the audit and enterprise risk services practice in the Los Angeles office of Deloitte and brings more than 17 years of experience designing, developing, managing and auditing large scale secure technology infrastructure. Melnick has authored sever

Interview with Myra Gray, Director, U.S. Army Biometrics Task Force Though fingerprint and iris scans have advantages over passwords and magnetic identity cards as a means to grant access to IT systems, in many instances, the biometric technologies aren't ready to be employed alone, says Myra Gray, director of the U.S. Army's Biometrics Task Force. "Actually, it's an outstanding method for good, strong identity assurance," Gray said in an interview with GovInfoSecurity.com. "But before we go throwing out passwords and usernames, I'd like to articulate that biometrics is one tool of many. It should be part of the portfolio that's used to protect against identity theft." Gray explained that three things exist to prove ones identity: What you know, such as a password; what you have, a magnetic card or token; and what you are - "something that's uniquely you" - an iris, a fingerprint "The power, it not just picking one over other, but setting up a construct that utilizes all of those as appropriate" Gray s

Many people are now considering healthcare for the first time. Dr. Robert Mandel has dedicated his entire career to the field. Now senior VP of health care services for BlueCross BlueShield of Tennessee, Mandel takes time to discuss: His organization's healthcare and privacy concerns; Healthcare trends he's tracking; The issues that matter most to him in the ongoing healthcare discussion. Mandel is responsible for overall clinical strategy, transformative medical management delivery, clinical network operations, strategic medical policy positioning, and clinical operational success of the company's commercial business and established markets unit. Prior to joining BlueCross in October 2008, Mandel served as vice president of health care services for BlueCross BlueShield of Massachusetts. He has more than 11 years of senior leadership experience in health systems and health plan management.