Careers Information Security Podcast

Dan Clements of IntelCrawler, the research firm that claims it traced malware apparently used in the Target breach and other retailer attacks to a 17-year-old hacker in Russia, offers an exclusive, in-depth explanation of his company's findings.

From new malware to the Target breach, cyber-attacks reached an all-time high in 2013, says Cisco's Annual Security Report. Cyberthreat expert Levi Gundert tells how organizations can regain the advantage in 2014.

From access controls to intrusion detection, mobility to privacy, many organizations face similar network security challenges. Isabelle Dumont of Palo Alto networks offers a new, unique approach for healthcare organizations, and the key concepts of this approach can be applied to any security environment.

2014 is going to be a critical year for data breach preparation and response, according to Michael Bruemmer of Experian. What are the key breach-related developments that security leaders must watch?

Five significant trends, including the mobile revolution and the use of big data, will influence the future of cybersecurity, says Allan Friedman, co-author of a new book on the subject.

Training that's designed to help workers avoid clicking on links from spear-phishing e-mails may be ineffective because employees often fail to read training materials, says Eric Johnson, a Vanderbilt University professor who's co-author of a new study on the subject.

The new year's top trends in background screening can be summed up in two words: legal and compliance. Les Rosen of Employment Screening Resources offers expert tips for more effective screening.

To help reduce reliance on passwords, the FIDO Alliance is developing standard technical specifications for advanced authentication. Michael Barrett and Daniel Almenara of FIDO describe the impact the effort could have in 2014.

As a result of high-profile breaches, such as the Target incident, security is increasingly a board issue. What are the key topics security leaders should prepare to discuss in 2014? Alan Brill of Kroll offers his forecast.

As bank employees rely more on mobile devices to get their work done, ensuring secure file-sharing is a top priority. James Gordon of Needham Bank in Massachusetts shares his security strategy.

2014 may well be the "Year of Security," and IT security pros must prepare now for new job demands. ISACA's Robert Stroud offers five New Year's resolutions to help prepare for 2014's security trends.

While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.

The breach at Target stores that may have affected as many as 40 million credit and debit card account holders is a watershed moment that could greatly raise awareness of cybersecurity risks, says privacy attorney David Navetta.

Cyberthreats increasingly target mobile devices, and simple security measures could help end-users slash these incidents by 50 percent. This is the key finding of ENISA's new Threat Landscape Report, says Louis Marinos, the prime author.

Most fraud on the Internet is linked to unsecured identities, which is why a new global identification framework is needed, says Paul Simmonds, who heads a coalition working on a framework model.

Managers at all levels must understand their responsibilities in providing role-based cybersecurity training, says Patricia Toth, a computer scientist at the National Institute of Standards and Technology.

The theft of 2 million credentials reminds security professionals that their organizations are at risk because many employees use the same passwords and devices for personal and business purposes, data security lawyer Ronald Raether says.

You can be outraged that the NSA collects Internet communications records of U.S. citizens. But don't be surprised, says sociologist William Staples. This is just one example of our "culture of surveillance."

Governments and others using cloud-based services should keep 10 security tips in mind, including making sure they can maintain control of their data if a service provider goes bankrupt, says Dimitra Liveri, co-author of a new report.

For risk managers, an often overlooked step for minimizing supply chain risks is to continually monitor outsourcers and other third parties to address critical security issues, says the Information Security Forum's Steve Durbin.