Careers Information Security Podcast

Creating a "culture of compliance" that emphasizes the importance of privacy requires far more than "management by committee," says change management specialist Jan Hillier.

Big data, as Bernt Ostergaard notes, is hot, and using tools to analyze massive amounts of data in a variety of forms is being employed to identify trends that can help leaders accomplish their goals.

Where do time-strapped senior leaders go for education on cyber forensics and incident response? Carnegie Mellon University has a new option, and Dena Haritos Tsamitis explains its unique approach.

Information security leaders should hire a breach resolution vendor before their company experiences a data breach to help ensure rapid, appropriate response, says security consultant Robert Peterson.

As enterprises spend frugally on IT security, cybercriminals aren't, and that presents big problems for organizations working feverishly to secure their digital assets, says Steve Durbin, global vice president of the Information Security Forum.

Organizations and leaders seeking to assure the privacy of their customers should implement privacy by design in the development process, privacy lawyer Alan Friel says.

The average per capita cost of a data breach has declined from $214 to $194, according to the new Cost of a Data Breach study. But there are still plenty of causes for concern, says Dr. Larry Ponemon.

Protecting the availability, confidentiality and integrity of information are the core tenets of IT security. But an FBI cybersecurity leader, Steve Chabinsky, suggests the central theme of IT security needs to be broadened to include assurance and attribution.

BITS, the technology division of the Financial Services Roundtable, has tapped Diane Ness to lead its fraud-reduction program. What void does this new leader fill, and how will she help banks fight fraud?

Imperva would neither confirm nor deny it helped defend the Vatican website from a hacktivist assault last year, but the IT security provider's director of security, Rob Rachwald, explains how such an attack was constructed and defended.

Commerce Undersecretary for Standards and Technology Patrick Gallagher sees the private sector, not government, taking the lead to develop tools, processes and standards to help safeguard IT systems and data in and out of government.

What are the top global breach trends and threats that organizations should be watching? Wade Baker of Verizon offers insights gleaned from a new study of his group's latest investigations.

White House Cybersecurity Coordinator Howard Schmidt, in an exclusive interview, expresses optimism that Congress could enact significant cybersecurity legislation this year even if President Obama doesn't get all that he wants in an IT security bill.

A consortium of eight major information technology companies is continuing development of a free framework designed to make it easier to exchange information about security vulnerabilities.

No one - not even a security vendor - is immune to cyber attacks. "It's not a question of if or when companies will face an attack, but how they're going to defend against it," says Symantec's Francis deSouza.

The need for qualified security pros is growing - but so is the Scholarship for Service Program, which helps students train for roles in government. Victor Piotrowski of the National Science Foundation discusses the opportunities.

This is the first RSA Conference since 2011's high-profile security breaches. How did those incidents influence this year's agenda? Hugh Thompson explains in an exclusive event preview.

Winning CEOs' support for information security investments requires clearly explaining the business impact of inadequate security, says consultant Eric Mueller.

Mobile security is a new discussion track at RSA Conference, but it's long been a hot topic for CISOs. Entrust's Dave Rockvam discusses BYOD and how organizations are securing personally-owned devices.

The book provides information security leaders tips to identify insiders who can cause damage to information systems and data and guidelines on protecting their organizations from such individuals.