Careers Information Security Podcast

Terrell Herzig, CISO at UAB Medicine, speaks out on steps steps he's taking in the wake of the RSA SecurID attack.

King says new guidance tackles data collected via call centers and other telephone communications.

The announcement by RSA that it had been a victim of an advanced persistent threat shook the global information security industry. Stephen Northcutt of SANS Institute and David Navetta of the Information Law Group offer insight on what happened, what it means and how to respond.

ChicagoFIRST's Brian Tishuk says local lessons can be learned from Japan, especially within the financial, government and healthcare sectors.

Smartphones are ubiquitous in organizations today. But how secure are these devices -- and what are the security and liability vulnerabilities associated with their use?

Disaster recovery expert Regina Phelps says Japan's nuclear emergency puts local citizens at risk, but organizations globally can learn from the crisis. "I hope that all of us look at this and ask, 'What can I do to be better prepared?'"

Australia's government agencies can learn a lot from the nation's banks, when it comes to risk management and protecting privacy, says Graham Ingram, General Manager of the Australian Computer Emergency Response Team. "There are too many people in government organisations who are in denial [of risks]," he says.

In the initial wake of Japan's devastating earthquake and subsequent tsunami, business continuity plans have been tested, and organizations now are dealing with severe aftershocks and a growing national crisis, says Alan Berman, executive director of DRI International.

The Internet is inherently insecure, and the only way to ensure today's evolving information systems is to build them upon three pillars of trust.

Today's technology is not adequately used, says attorney Lucy Thomson.

Patrick discusses how to consolidate network traffic monitoring into a single appliance and management console, along with web application security and PCI compliance.

The 451 Group's Joshua Corman says merely complying with stagnant standards won't ensure security.

Dennis Devlin of Brandeis University knows the difference between training and education.

Wells Fargo's Alexander says breach disclosure laws are getting tougher.

Tripwire's Shenoy says security compliance improves the bottom-line.

Employment Screen Resources' Lester Rosen says there's no hotter trend in background screening than social media. But just as social networks can be used to screen applicants, they also can be abused.

Cyber terrorism can happen to you, and probably will, says G.F. Bryant Jr. of the World Institute for Security Enhancement.

Ralph Spencer Poore: There's no better way to secure critical data than through cryptography, especially when that data is stored in the cloud.

Executives deal with risk all of the time, except that is, information technology risk. For many non-IT leaders in government and business, IT risk is outside their comfort zone. Oregon CISO Theresa Masse wants to change that.

When it comes to sizing up the privacy agenda for 2011, the tone at the top of organizations is all about improving data security, says privacy expert and lawyer Lisa Sotto.