Careers Information Security Podcast

Breached businesses in Europe: Brace for more class action lawsuits seeking material and non-material damages filed by victims following mandatory data breach notifications under GDPR, says attorney Jonathan Armstrong. He predicts more breach-related suits will succeed in Europe than in the United States.

Many of the computer devices to be used for electronic voting in November's midterm elections have unpatched older operating systems that make them vulnerable, says Darien Kindlund, a data scientist at the cybersecurity firm Insight Engines, which advises governments and others.

Not only are we now seeing the most powerful DDoS attacks ever recorded, but they also are leveraging the ever-growing army of IoT devices. Gary Sockrider of NETSCOUT Arbor offers advice for detection and defense.

The latest edition of the ISMG Security Report takes a look at the EU's General Data Protection Regulation, including the outlook for enforcement and common misconceptions about its provisions.

Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk.

The biggest security budget in the business cannot save you from also suffering one of the biggest breaches. The key is: Do you have the right skills and technology deployed to defend your critical assets? Michael Malone and Ben Johnson of Datashield, an ADT company, make the case for outsourcing.

Attorney Elizabeth Harding clears up confusion about certain provisions of the EU's General Data Protection Regulation, including the issue of when organizations need to obtain a European consumer's consent to process their data.

A key amendment to Canada's Personal Information Protection and Electronic Documents Act goes into effect on Nov. 1. What are the baseline standards for compliance, and how does this change impact risk transfer and mitigation? Charlie Groves of CrowdStrike shares his views.

Making bigger advances in implementing nationwide health information exchange will require a multipronged effort, including getting patients more involved and using a variety of technical approaches, says Scott Stuewe, the new president and CEO of DirectTrust.

The latest edition of the ISMG Security Report features an analysis of a new Government Accountability Office report on the causes of last year's massive Equifax breach. Also: An update on the role of tokenization in protecting payments.

Effective "SecOps" involves revamping security processes that are inconsistent and ad hoc to make them targeted and consistent, says Rapid7 CEO Corey Thomas, who describes the roles of automation and orchestration.

Why did CISOs at a half-dozen leading healthcare organizations launch a new council aimed at standardizing vendor security risk management? One of those CISOs, John Houston of UPMC, explains why the group was launched, how it will work and why managing cloud vendor risks is a top priority.

Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.

Canada, which has a head start on the adoption of digital payments, has learned some valuable security lessons that could be beneficial to the U.S., says Gord Jamieson of Visa. He'll be a featured speaker at ISMG's Fraud & Breach Prevention Summit: Toronto, to be held Sept. 11-12.

Increasingly, threat hunting is a practice that enterprises want to understand and implement. But it is not always feasible to do so in-house, given the demand for resources and skills. That's where managed threat hunting enters, says CrowdStrike's Jennifer Ayers.

The latest edition of the ISMG Security Report features Barbara Simons, co-author of the book "Broken Ballots," discussing why she believes it's a "national disgrace" that some states are relying on computer voting with no provision for recounts. Also: Update on breach lawsuit against Premera Blue Cross.

DevOps and the addition of the "Sec" or security element to it has led to significant progress in moving security up in the application development chain, says Gartner's Dale Gardner

With the midterm elections just around the corner, Barbara Simons, author of the election security book "Broken Ballots," explains why some voting computers remain inherently flawed.

Most enterprises are at least discussing security analytics. But how are they actually deploying these tools? And with what levels of automation and orchestration? Drew Gidwani of ThreatConnect shares insight on how to maximize analytics.

Nearly one-third of U.S. banking consumers use online and mobile fintech apps to help manage their money. But those users are concerned about data privacy and want more control over the financial data their apps can access, says David Fortney of The Clearing House, who reviews the results of a survey.