Government Information Security Podcast

It's not a question of if employees will bring their own mobile devices to work and connect to your systems. It's a matter of when. But the benefits of BYOD outweigh the risks, says Malcolm Harkins, CISO of Intel.

Complexity is among the most significant information risk management challenges organizations face at the dawn of the new year.

Regulators push tougher cybersecurity measures. But the challenge for smaller organizations isn't compliance - it's budgets. Wendy Nather of 451 Research defines the 'Security Poverty Line' and what to do about it.

Fraud threats have changed little in the past decade. But their global scale has, and James Ratley, president of the ACFE, details how fraud examiners must change their approach to fighting these crimes in 2012.

Information risk management, at its core, is about tradeoffs, says NIST Senior Scientist Ron Ross.

A federal appeals court has ruled in favor of victims of the 2007 Hannaford data breach. Attorney Ronald Raether explains the ruling and what it potentially means to future breached entities and their customers.

If management awareness of information security issues increases, will an organization's commitment to securing practices and policies also increase? This is the question answered by an eye-opening new study.

Every organization likes its business continuity/disaster recovery plan before a disaster, says Al Berman of DRI International. But in the aftermath? Different story - and one that must be addressed in 2012.

The lack of uniformity in federal and state privacy and security requirements is creating major challenges for health information managers attempting to comply, says Lynne Thomas Gordon, the new CEO of the American Health Information Management Association.

Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.

Vulnerabilities in applications developed for the Commonwealth of Pennsylvania contributed to a major security breach a few years back, one that state CISO Erik Avakian does not want repeated.

New York's Pace University has just announced its new Seidenberg Cyber Security Institute. What is the school's mission, and why is now the ideal time to open its doors to career-minded students?

It's one thing to have a data breach response team. It's quite another to ensure that team is made up of savvy personnel, says Brian Dean, a former privacy executive for KeyBank.

A new, free HIPAA Security Rule Toolkit is designed to help healthcare organizations conduct a thorough risk assessment, says Kevin Stine, who helped guide the project for the National Institute of Standards and Technology.

Data breaches are all about reputational risk, says attorney Lisa Sotto. And as legal requirements grow, attorneys must play increasingly integral roles in helping clients respond to incidents.

Information security threats - especially to critical infrastructures and from nation-states - are evolving. But security education curricula are struggling to keep pace, according to Eugene Spafford, renowned information security professor at Purdue University.

It's a new wave of cybercriminal behind the latest major data breaches, says breach expert Lucy Thomson. And these incidents are resulting in a new generation of breach notification laws globally.

The Brooking Institute's Allan Friedman says bills before Congress aimed at protecting intellectual property threaten cybersecurity.

BITS president Paul Smocer says banks can expect an uptick in cybersecurity-focused legislation in 2012. What impact will changes from Capitol Hill have on requirements for data breach notification, information sharing and critical infrastructure?

Jacob Olcott says Congress' failure to enact comprehensive cybersecurity legislation over the past half decade doesn't mean lawmakers haven't influenced IT security policy.