Careers Information Security Podcast

Distributed-denial-of-service attacks jumped significantly in 2012. And it's not just banking institutions that are victims, Verizon finds in its just-released Data Breach Investigations Report.

The European parliament recently voted to extend and strengthen the European Network and Information Security Agency. What does this news mean for Europe's top cybersecurity agency and for the state of emerging threats across Europe?

The hunt for a Boston Marathon bombing suspect that locked down the city caused massive disruption to business operations, but enterprises that had business continuity plans in place hardly missed a beat.

The rush to find qualified IT security professionals to meet current cyberthreats could jeopardize IT systems' security in the not-too-distant future, say two leading IT security experts, Eugene Spafford and Ron Ross.

Improving regulatory compliance and security training, as well as detecting and preventing breaches, are top priorities for 2013, the Healthcare Information Security Today survey shows. Sharp HealthCare CIO Bill Spooner tells why those issues are critical.

Lisa Xu, CEO of NopSec, says pursuing leadership roles in information security - a male-dominated field - can be challenging for women. What advice does she offer for women to grow in their careers?

NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.

E-mail authentication foils phishing, but authentication is only effective if every partner in the chain adopts it. John Carlson and Andrew Kennedy of BITS explain how institutions can improve e-mail practices.

Intel has added privacy to the portfolio of its top information security executive, Malcolm Harkins, who says too many information security professionals are "color blind or tone deaf" to privacy, wrongly thinking strong data protection provides privacy safeguards.

The bad guys who attack information systems are getting better at what they do, making old threats even more dangerous, says Steve Durbin of the Information Security Forum.

Understanding big data is not the problem, say Michael Fowkes and Aaron Caldiero of Zions Bank. Figuring out how to use the information contained within big data in a meaningful way - that's the trick.

What can organizations do to improve security after a network attack? Post-breach investigations help security leaders trace steps and strengthen weak points, says investigator Erin Nealy Cox.

What's the cost to an organization when it suffers a seurity breach and breaks trust with its own customers? Jeff Hudson, CEO of Venafi, presents results of a new survey on the cost of failed trust. Venafi has just partnered with Ponemon Group to release a new survey, "The Cost of Failed Trust". Among the key findings: $398M is the average loss facing every Global 2000 organization from attacks on trust assets. And so many of these incidents result from serious exploits of what could be described as common, easy-to-fix vulnerabilities.

It's a boom time for information security start-ups. But what unique qualities separate winners from losers? Alberto Yépez of Trident Capital describes the role of venture capital in today's market.

Solutionary is out with its 2013 Global Threat Intelligence Report. What are the top four threats to organizations, and how can they be mitigated? Security strategist Don Gray offers insights and tips.

DDoS attacks on banks have returned, and the attackers are changing their tactics and expanding their attack toolsets. How must organizations change the way they defend against DDoS? Carlos Morales of Arbor Networks shares strategies.

We now have seen three waves of DDoS attacks on U.S. banks, and Dan Holden of Arbor Networks says we have seen three distinct shifts in these incidents. What can we expect going forward?

Business line managers are in better positions to control and monitor network and system access privileges than IT departments, since they know their employees and the privileges they should be provided, says Bill Evans of Dell Software.

Authenticating appropriate network administrators and employees has become increasingly challenging, especially for healthcare organizations and regional banking institutions, says Tim Ager of Celestix.

New research says more than 25 percent of consumers hit by a data breach later become victims of identity fraud - especially when payment card information is exposed. Javelin's Al Pascual shares analysis.