Careers Information Security Podcast

IT security practitioners realize much value from the monthly cybersecurity index created a year ago by Mukul Pareek and Dan Geer. Why? They benefit from knowing how others see the evolving threat environment.

Many organizations aren't devoting enough resources to ensure that applications for mobile devices are secure, says security expert Jeff Williams. He offers five tips for adequately addressing mobile application security.

For years, David Matthews, Deputy CISO of the City of Seattle, has been immersed in securing electronically stored information. Now he's written the book on the topic. What are the key themes addressed?

IT risk management, cyber insurance, privacy - these are hot topics for security leaders, but not for their boards of directors. Why do senior executives still fail to see IT risks as business risks?

Hacktivist attacks will increase, and researcher Gregory Nowak says organizations can take proactive steps to reduce exposure and protect brand reputation. Why, then, are many organizations failing?

Do you have the right personality type to flourish in an IT security role? Laurence Shatkin, author of "50 Best Jobs for Your Personality," offers tips for finding the job that truly fits your type.

How common are padded resumes like the one that led to the departure of Yahoo CEO Scott Thompson? Far too common, says attorney Les Rosen, who offers tips to help organizations manage such risks.

When breaches occur, most organizations struggle to collect the right data and get investigations off the ground. How can breach response improve? Verizon's Chris Novak offers expert advice.

Many organizations realize they are at risk of insider attacks. But do they have evidence and capabilities to respond to these risks? That's the real challenge, says researcher Larry Ponemon.

Who is more likely to commit fraud in your organization - the newly-hired youngster or the long-tenured veteran? The ACFE's new 2012 Global Fraud Study profiles the top fraudsters and their schemes.

A new IBM study identifies three distinct types of information security leaders: Influencers, Protectors and Responders. Which type are you? IBM's Marc van Zadelhoff offers tips for more effective leadership.

The information security profession is a 'war for talent' today, says recruiter Kathy Lavinder. But to win the war requires specialized skill sets. Here are today's top requirements.

Which Internet security threats pose the greatest risks to organizations in 2012 and beyond? Symantec has just released its Internet Security Threat Report, which reveals some surprising trends.

When Joseph Bognanno of Wolters Kluwer Financial Services examines 2012's financial fraud trends, all he sees is more - more of everything, from schemes to new guidance. How can banks stay ahead?

Lyndon Bird, technical director of the Business Continuity Institute, praises the ISO 22301 standard for business continuity, calling it "An end to uncertainty." Learn about the emerging standard.

Eighty-five percent of data breaches go undetected, but organizations have a new type of cop on the beat to ferret out these illicit activities - the data scientist, says Phil Neray, head of security intelligence strategy and marketing for Q1 Labs, an IBM company.

When it comes to fighting financial fraud, Peter Tapling of Authentify says banking institutions are chronically underestimating and under-utilizing one key resource: Their own customers.

Phishing - it's the classic scheme that never goes away. In fact, it evolves. Amy Blackshaw of RSA offers insights on how to respond to this and other trends identified in the 2012 Faces of Fraud survey.

To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

What's the best strategy for communications after a data breach, like the one suffered by Global Payments Inc.? Bob Carr, CEO of Heartland Payment Systems, discusses what to say in the weeks following a breach.