Government Information Security Podcast

Too many of today's firewalls are out of date and exposing organizations to unacceptable business risks, says Chris King of Palo Alto Networks.

NICE's Ernest McDuffie says a proposed cybersecurity workforce framework represents a consensus of government thought on how best to define the jobs, skills and tasks needed to secure information technology.

Unfortunately, says Ken Vander Wal, most organizations have done little to address security in their policies and procedures regarding BYOD, which is changing the ways companies address user behavior and risk.

Giving back to the community. It's a civic responsibility, says Dan Waddell of Tantus Technologies. But it's also a necessity to help raise cyber awareness. Waddell explains how security pros can give back.

ISACA has just released a new study about the top vulnerabilities of Web applications. And, according to Sarb Sembhi, the results of this survey just might surprise you.

Harry Raduege sees the nascent field of cyber intelligence as a way for governments and businesses to be proactive, and not reactive, to today's sophisticated digital threats.

Honolulu CIO Gordon Bruce, bolstered by an international conference, is working energetically to expand digital and physical security.

ID theft expert Joanna Crane wonders whether banks, government agencies and healthcare providers do enough to assist consumers with ID theft recovery, saying consumer expectations are often loftier than what's being done to meet the demand.

The only way to improve card security is for banks and merchants to align their strategies, says Gray Taylor of NACS. "This is something that hurts both of our industries. Fraud hurts us all."

Roger Baker, CIO at the Department of Veterans Affairs, outlines the department's mobile device security strategy, providing details on the rollout of iPhones and iPads.

Mike Brown and Amry Junaideen see audits as great tools to promote heftier IT security budgets, substantiating where dollars should be spent to safeguard an organization's information systems and assets.

Winn Schwartau says the BlackBerry disruption this past week (see BlackBerry Disruptions: Where to Start?) hit at the heart of one of the fundamentals of IT security: availability.

When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.

Alastair MacWillson says the lack of harmonization among state, national and international security laws and regulations has proved challenging for global organizations that want to work in the cloud.

Too many organizations overlook regulatory compliance issues when working with cloud computing vendors, says security expert Alastair MacWillson.

Leon Rodriguez, the new director of the Department of Health and Human Services' Office for Civil Rights, describes his HIPAA enforcement agenda.

From the earthquake in Japan to Hurricane Irene in the U.S., organizations worldwide have found their business continuity and disaster plans tested. But what lessons must we draw from these incidents?

Elayne Starkey recently gave up her BlackBerry for an iPhone, and uses the Apple mobile device for personal and work doings, securely connecting to the computer system of her employer, the state of Delaware.

Discussing Verizon's new report on the state of PCI compliance, PCI expert Jen Mack says payment card security today is "disappointing," and global merchants are at serious risk of new data breaches.

Merging government agencies responsible for physical and information security into a single operation makes sense, says Michigan's new chief security officer, Dan Lohrmann. After all, he says, the same technologies used to allow entry to a building also can be deployed to permit access to a sensitive database.