Data Breach Today Podcast

Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.

One reason why so many healthcare organizations are not well-prepared to counter security threats is that "key leadership has not bought into the whole process," says Bob Krenek of Experian® Data Breach Resolution.

Penetration tests that demonstrate how an unauthorized user could gain access to patient information can be effective in winning support for a bigger information security budget, says David Kennedy of Diebold, Incorporated.

ID theft expert Joanna Crane wonders whether banks, government agencies and healthcare providers do enough to assist consumers with ID theft recovery, saying consumer expectations are often loftier than what's being done to meet the demand.

Roger Baker, CIO at the Department of Veterans Affairs, outlines the department's mobile device security strategy, providing details on the rollout of iPhones and iPads.

Winn Schwartau says the BlackBerry disruption this past week (see BlackBerry Disruptions: Where to Start?) hit at the heart of one of the fundamentals of IT security: availability.

When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.

Leon Rodriguez, the new director of the Department of Health and Human Services' Office for Civil Rights, describes his HIPAA enforcement agenda.

Elayne Starkey recently gave up her BlackBerry for an iPhone, and uses the Apple mobile device for personal and work doings, securely connecting to the computer system of her employer, the state of Delaware.

Discussing Verizon's new report on the state of PCI compliance, PCI expert Jen Mack says payment card security today is "disappointing," and global merchants are at serious risk of new data breaches.

Frequent face-to-face training on social media policies is a vital component of any risk management effort, says consultant Erika Del Giudice.

Facial recognition technology could prove to be an effective way to authenticate individuals seeking entry to secured buildings or databases storing sensitive information. But the biometric technology already is being abused, and IT security managers employing facial recognition should be careful to encrypt the biometric data, cautions a privacy rights leader.

Give a man a fish, you feed him for today, the proverb says. Teach a man to fish; and you feed him for a lifetime. That adage can be applied to information security, as well.

Yahoo's Justin Somaini believes his fellow CISOs in business and government do a good job keeping their bosses informed of proper information security practices, but could do better in educating the rank and file about them.

Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.

It is no longer enough for information security professionals to secure critical information. They also need to be asking about the legitimacy of where this information comes from, says John Colley, managing director of (ISC)2 in EMEA.

Eddie Schwartz didn't shy away from the offer to become RSA's first chief security officer after the security firm experienced a sophisticated advanced-persistent-threat breach. Instead, Schwartz embraced the hack as the reason to take the job. (See RSA to Get Its First Chief Security Officer.)

Recent high-profile data breaches and heightened threats add up to one thing: a bright future for information security professionals who want to start or re-start a career in risk management.

RSA customers who feel victimized by last March's breach of the security vendor's computers have viable options that include continued use of the SecurID authentication tokens, those offered by competitors, or something entirely different: biometrics.

The Fed's ruling on interchange cuts mandated by the Durbin Amendment will aid fraud prevention and could accelerate a move to chip-based payments, says Randy Vanderhoof, director of the Smart Card Alliance.