Careers Information Security Podcast

Executive recruiter Bill Liguori helps many organizations find CISOs. What skills are these companies looking for today? Find out in this in-depth interview.

Don't blame a lack of information security standards, security products or cybersecurity competence for the failure of breach defenses. In many cases, the culprit is design and implementation flaws in IT products, Robert Bigman, former CIO at the CIA, contends.

ISMG editors, in a special report, examine the status of data breach notification laws in a number of regions, including the European Union, which this past week implemented the General Data Protection Regulation, although enforcement won't take place for two years.

Start preparing immediately for the EU's new General Data Protection Regulation - even though it doesn't go into force for two more years - because it mandates a number of new privacy and security requirements, warns cybersecurity expert Brian Honan.

The U.S. Congress delves into the issue of whether CISOs should report to CIOs, a topic that leads the Friday, May 27, 2016, edition of the ISMG Security Report, an on-demand audio report offered every Tuesday and Friday.

Stu Sjouwerman, CEO of KnowBe4, has seen first-hand the devastating impact of ransomware on healthcare entities. And he knows traditional defenses aren't enough to ward off attackers. What's needed is a whole new approach to user education.

The College of Healthcare Information Management Executives is calling on Congress to create financial incentives for healthcare providers to boost their cybersecurity. Leslie Krigstein of CHIME offers examples of potential incentives in this in-depth audio report.

Identity and access management should empower businesses, satisfying customers and other stakeholders who need secure access to an enterprise's data and systems, says security expert Jeremy Grant, former leader at the federal government's National Strategy for Trusted Identities in Cyberspace.

Information Security Media Group is premiering the twice-weekly ISMG Security Report, a concise, on-demand audio report in which ISMG editors and other experts analyze the latest IT security news.

Data today is money - especially in financial services, where account data is every hacker's target. How, then, can institutions mask that data and protect it when it's in non-production environments? Mike Logan of Delphix offers new insights.

Walmart's lawsuit against Visa, which claims the card brand is unfairly preventing retailers from requiring that customers enter PINs when they conduct EMV debit transactions, poses important questions about fair business practices, says Liz Garner of the Merchant Advisory Group.

The manufacturers of wearable health devices should incorporate key privacy and security best practices into the R&D of their products, says privacy advocate Michelle De Mooy of the Center for Democracy & Technology, who describes recommendations in a new study.

In today's rapidly changing cyber threat environment, the federal government needs to take a lead role in making sure mobile device security is adequate, says security researcher Stephen Cobb, who analyzes ongoing investigations by the FTC and FCC in this audio interview.

Organizations chosen for remote "desk audits" of their HIPAA compliance, which will begin this summer, need to be prepared to quickly provide supporting documentation, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains this in-depth audio interview.

With hack attacks continuing against banks, SWIFT must follow in the footsteps of other vendors - notably Microsoft - and begin offering detailed, prescriptive security guidance to its users, says Doug Gourlay of Skyport Systems.

There are two elements of a ransomware attack - the infection and then the action that takes place on infected devices. And both elements are evolving, says Ben Johnson of Carbon Black. He shares insight on how to improve ransomware defenses.

It's one thing to talk or even plan about "What happens if we are breached?" It's quite another to undertake a true breach exercise. What are the critical elements of such a drill? Author Regina Phelps shares advice from her new book.

The emerging threats posed by cybercrime and evolving banking services, including mobile banking, will be among the focal points of a keynote address by the Information Security Forum's Steve Durbin at ISMG's Fraud & Breach Prevention Summit in Washington May 17-18.

With today's multi-layered attack surface, traditional vulnerability management no longer suffices. Security leaders must embrace a new strategy to help identify and secure true assets at risk. Gautam Aggarwal of Bay Dynamics explains how.

Establishing new laws and regulations to address privacy and cybersecurity concerns related to the Internet of Things would likely be ineffective, attorney Steven Teppler, who co-chairs an American Bar Association IoT committee, says in an audio interview.