Careers Information Security Podcast

Computer scientists at the Georgia Institute of Technology are developing new ways to apply encryption when storing or searching data in the cloud, says Paul Royal, associate director of the university's information security center.

U.S. Attorney Steve Wiggington says identity theft, especially linked to card skimming, is still the No. 1 fraud threat facing financial services institutions as well as consumers. He stresses information sharing is critical for fighting fraud.

Organizations need to know how other enterprises handle cyber-attacks to truly understand whether their IT security investments will pay off, the EastWest Institute's Karl Rauscher says.

Every second, 80 "things" are being connected to the Internet, and ISACA's Rob Stroud says that requires information security professionals to identify and mitigate threats, protect individuals' privacy and manage access.

New requirements to mitigate payment card risks posed by third parties, such as cloud providers and payment processors, are a focal point of the PCI Security Standards Council's updated data security standard.

As Michigan deploys its Cyber Civilian Corps, the state will need to address some of the same challenges the federal government faces in sharing cyberthreat information between the government and the private sector, state CIO David Behen says.

The number of reported breaches is up considerably this year, but so is the overall quality of organizations' breach preparedness, says Michael Bruemmer of Experian Data Breach Resolution.

Inadequate authentication is among the greatest security challenges for online payments, says Scott Dueweke of Booz Allen Hamilton, who suggests biometrics needs to play a bigger role.

Mobile security is no longer about managing devices, says Ian McWilton of Moka5. The real trick is to secure corporate assets through containerization solutions that reduce costs and improve user experience.

Pennsylvania Chief Information Security Officer Erik Avakian explains how the commonwealth is using a $1.1 million federal grant to pilot a program to furnish single identities to residents who transact state business over the Internet.

For years, researchers have studied malicious insider threats. But how can organizations protect themselves from insiders who make a mistake or are taken advantage of in a way that puts the organization at risk?

The good news is: U.S. banks have learned valuable security lessons from defending against recent distributed-denial-of-service attacks. The bad news? DDoS has evolved into new and improved assaults.

Using "synthetic identities" to commit fraud is becoming easier, but it's increasingly difficult for organizations to detect this type of deception, says Claudel Chery of the U.S. Postal Inspection Service.

Rather than waiting until they're a breach victim, organizations should reach out to law enforcement officials to develop a good working relationship in battling cybercrimes, federal prosecutor Erez Liebermann says.

Organizations must develop a "defensible response" to data breaches and fraud incidents because of the likelihood of a regulatory investigation or legal action, says attorney Kim Peretti, a former Department of Justice cybercrime prosecutor.

IT security leaders need to develop a strong, holistic security and risk management strategy as they implement advanced, strategic technical capabilities, IBM's David Jarvis says in analyzing new survey results.

What is hostile profile takeover, and why does this emerging threat pose such a risk to smart phone users? Dave Jevans, CTO of Marble Security, describes this and other new mobile threats.

The average insider scheme lasts 32 months before it's detected, says threat researcher Jason Clark, who suggests using a combination of the right technologies and the right processes is the key to improving detection.

Attorney Maureen Ruane, who has prosecuted dozens of healthcare fraud cases, explains how the rollout of electronic health record systems at hospitals and clinics is creating new potential opportunities for fraud.

Mary Galligan, the just-retired head of the FBI's New York cyber unit, says the federal government can do more to help businesses take all the right steps to protect sensitive information and prevent breaches.