Careers Information Security Podcast

Despite growing awareness of cyberthreats, Americans are not overly concerned about their own cybersecurity, Unisys' Steve Vinsik says in his analysis of his company's latest security index.

Privacy attorney Ron Raether challenges a commission's recent recommendation that the government should support companies that use the hack-back approach to mitigating the theft of intellectual property.

Attacks aimed at mobile devices are progressing much more rapidly than any attacks ever waged against PCs. Organizations are in danger if they don't pay attention, says anti-phishing expert Dave Jevans.

If everyone supports the idea of sharing cyberthreat information, then why is information sharing so difficult? Shawn Henry, a former investigator with the FBI, tells how organizations can clear their biggest hurdles.

Facing advanced cyber-attacks, organizations must shift their focus to detection and mitigation, says ISACA's Jeff Spivey, who outlines four capabilities necessary for effective response.

As the Payment Card Industry Security Standards Council prepares to update the PCI Data Security Standard, malware attacks aimed at payments networks are garnering attention from fraud professionals, says the council's Jeremy King.

Former federal prosecutor Kim Peretti understands international crime investigations. And she calls the arrests in the $45 million global bank heist "a victory for us." What lessons can investigators draw from the case?

Insider threat case study: Dawn Cappelli tells how three individuals quit their jobs at a law firm, then used a free cloud service to sabotage files containing proprietary client information from their ex-employer.

New focus for anti-fraud pros: Cloud computing providers whose employees may steal or harm customer data they host. Experts from Carnegie Mellon University's CERT Insider Threat Center offer prevention tips.

NIST's Ron Ross, a big NASCAR fan, likens new security controls guidance to the tools race-car builders use to prevent drivers from breaking their necks when crashing into a brick wall at 200 miles an hour.

Security firm Mandiant recently released a widely publicized report detailing cyber-espionage activity originating in China. Mandiant Director Charles Carmakal discusses the latest nation-state threats.

When Richard Nealon first sat for his CISSP exam, he was struck by how U.S.-centric the questions were. Since then, he has strived to promote greater awareness of global information security concerns.

NIST's Donna Dodson is leading a federal government effort to take hundreds of suggestions from the private sector to create an IT security best practices framework that critical infrastructure operators could voluntarily adopt.

In light of evolving fraud threats, financial institutions increasingly are turning to two-factor authentication solutions. Alex Doll, CEO of OneID, offers advice to help institutions make the right choices. In an interview about the myths and realities of two-factor authentication, Doll discusses: The current threat landscape; How organizations are successfully deploying two-factor solutions; How to keep customer experience top-of-mind in a two-factor rollout.

It isn't just the quantity of cyber-attacks that's staggering; it's the quality. The average hacker now has access to nation-state-level attack capabilities, says James Lyne of Sophos. How can organizations defend?

It isn't a staffing shortage that we face, but rather a skills crisis, says Allan Boardman, international vice president of ISACA. How can organizations build the security skills they need to mitigate evolving risks?

Organizations face new cyber-risks from their third-party service providers. But standard contracts fail to cover these risks. Trend Micro's Tom Kellermann discusses the risk management essentials.

As data protection regulations continue to be refined, organizations throughout Europe are more sensitive to privacy restrictions in individual countries, says Dwayne Melancon, CTO of Tripwire.

Distributed-denial-of-service attacks are increasing against European banking institutions. But UK consultant Mark Child says if banks are worried about DDoS, then they have bigger security problems.

Should IT security practitioners be deemed professionals like those in medicine and law? That's not an easy question to answer, says Ronald Sanders, former human capital officer at the U.S. Office of the Director of National Intelligence.