Government Information Security Podcast

Rep. Michael McCaulCo-SponsorExecutive Cyberspace Authorities Act of 2010

'I Wanted to Prosecute Hackers' Kim Peretti, former senior counsel with the Department of Justice, led the successful prosecution to put TJX/Heartland conspirator Albert Gonzalez and his co-conspirators behind bars. In an exclusive interview she discusses: How she started her career; Keys to her success; Advice to young professionals just starting out "I hadn't thought of criminal law, but I was very interested in seeing what I could do in prosecuting hackers."

Richard Stiennon, Author and Chief Research Analyst, IT-Harvest

Here's a review of the top news stories you should pay attention to this week: Rep. Loretta Sanchez's Call for Meeting of the Minds Over Fed Cybersecurity FBI Taps 18-Year Agency Veteran to Head Cyber Division Bill to Restructure NIST Heads to the House Floor International Cyberspace: The Wild West Please listen to this overview, and check out all of the week's news and views on GovInfoSecurity.com.

Listen to a round up of GovInfoSecurity.com's most fascinating content created in April, including: Beyond Firewalls and Encryption: FAA Infosec Pilot Showcases Multi-Disciplinary Approach Peter Mell: Speeding Cloud Adoption Through New FedRAMP Initiative Bob Maley: Why I Spoke Publicly About Cyber Incident Should Feds Withhold Funds to Compel IT Security?

In an exclusive interview, Kim Peretti, former senior counsel with the Department of Justice, offers an inside look at these investigations.

Susie AdamsChief Technology OfficerBill BillingsChief Security OfficerMicrosoft Federal

Interview with Allan Bachman of the Association of Certified Fraud Examiners The magnitude of fraud schemes has grown - the scale and the losses. But the basics of fraud investigation remain sound. And if there's one thing people should know up front, says Allan Bachman of the Association of Certified Fraud Examiners (ACFE), it's this: "In their initial stages, fraud and stupidity look an awful lot alike." In other words, an investigator who stumbles upon what appears to be just a stupid mistake might want to dig further. Stupidity often ends up being cleverly disguised fraud, Bachman says. In an interview with Editorial Director Tom Field, Bachman discusses: Current fraud trends; When a breach becomes an actual investigation; What it takes to be a fraud examiner today. Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher Education as director of an audit unit and was project manager on severa

Vartan Sarkissian, director of the worldwide cybersecurity initiative at the EastWest Institute, isn't misusing the term when he calls the think tank's cybersecurity conclave a summit.

Cyber thieves shuttering ATMs and enemies disrupting battlefield IT systems are among the concerns of the California congresswoman whose influence on cybersecurity is growing as chair of the House Armed Services Subcommittee on Subcommittee on Terrorism, Unconventional Threats and Capabilities.

Here's a review of the top news stories you should pay attention to this week:

Peter Mell, Vice Chairman, Federal Cloud Computing Advisory Council, and Senior Computer Scientists, National Institute of Standards and Technology Add the term FedRAMP to the federal government lexicon; it's a program under development that could ease the adoption by agencies of new information technologies and services , including cloud computing, provided by vendors, service providers and other agencies. The governmentwide initiative - officially the Federal Risk and Authorization Management Program - would provide joint authorizations and continuous security monitoring of shared IT services for federal departments and agencies that enter contracts with outside providers, including those offering cloud computing solutions. Peter Mell, vice chairman of the federal Cloud Computing Advisory Council vice chairman and a force behind the creation of FedRAMP, explains in an interview with GovInfoSecurity.com how FedRAMP: Will work. Should speed adoption of cloud computing within the federal government. Shoul

Interview with Robert Richardson, Director of CSI How vulnerable are organizations to cyber attack? It depends on your definition of "vulnerable," says Robert Richardson, Director of the Computer Security Institute (CSI). "There's vulnerable," he says, "and then there's likely to be attacked." In an interview about current threats, Richardson discusses: Ramifications of the Google attacks; Security implications of Web 2.0 technologies; What organizations can do now to minimize their risks. Richardson has served on the CSI staff since 2003, having worked IT in various capacities for twenty years. He's given keynote presentations on three continents, often speaking about the CSI Computer Crime and Security Survey, an undertaking he directs each year. Prior to CSI, he was Senior Editor of CMP's Communications Convergence magazine for two years, where his beats included telecom security, wireless, Internet messaging, and next-generation phone systems. Before that, Robert was a frequent contributor to magazine

Interview with Prof. Sree Sreenivasan of the Columbia Graduate School of Journalism Social media aren't just coming - they're here. And senior leaders need to understand how to maximize Facebook, LinkedIn, Twitter and other popular sites, as well as how to protect their organizations from very real security risks. In an exclusive interview, Prof. Sree Sreenivasan, Dean of Student Affairs at the Columbia Graduate School of Journalism, discusses: What's most misunderstood about social media; How organizations can benefit most; Ways senior leaders can improve their own professional lives. Sreenivasan is a technology expert and dean of student affairs at the Journalism School, where he teaches in the digital journalism program. He specializes in explaining technology to consumers/readers/viewers/users. For more than eight years, he served as technology reporter for WABC-TV and WNBC-TV in NYC and now occasionally appears on various TV shows to talk tech. For more than six years, he wrote a Web Tips column fo

Interview with Gartner's Roberta Witty Organizations have made strides in business continuity/disaster recovery (BC/DR) planning. But BC/DR professionals need to sharpen their business skills to truly protect their organizations. This is the stance taken by Roberta Witty, research VP at Gartner. In an exclusive interview, Witty offers candid insight on: Today's top BC/DR challenges; Where organizations are most vulnerable; What BC/DR professionals need to do to be more effective. Witty is part of the Compliance, Risk and Leadership group within Gartner. Her primary area of focus is business continuity management and disaster recovery. She is the role specialty lead for the Gartner for IT Leaders (GITL) business continuity manager role. She is also a GITL Premier coach for Security and Risk. Prior to joining Gartner, Witty managed the global technology risk management function for the corporate trust business of The Chase Manhattan Bank. In this role, she was responsible for awareness, advisory and compli

Interview with H. Peet Rapp of ISACA's Cloud Work Group Everyone is talking about cloud computing these days - but are they having the right conversations? H. Peet Rapp is an information security auditor who sits on ISACA's Cloud Computing Work Group, and he's co-author of the white paper Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. In an exclusive interview, Rapp discusses: Cloud computing trends; What's most misunderstood about the cloud; How organizations should proceed with their own cloud deployments. Rapp entered the IT audit/compliance profession in 2003, after publishing the widely read paper "An IT Executive's Overview of the Sarbanes-Oxley Act of 2002." With his firm, Rapp Consulting, he has audited, provided risk assessments and developed IT control frameworks for more than 70 organizations and developed a reduced IT control set for non-accelerated filers.

Gregory Wilshusen, Director Information Security Issues, GAO

Interview with Tom Smedinghoff of Wildman Harrold The topic has been discussed for years, but now truly is the time for organizations to invest in federated identity management. So says Tom Smedinghoff, partner at Chicago-based law firm Wildman Harrold. In an exclusive interview, Smedinghoff discusses: What's new about federated ID management; Challenged to implementing a federated strategy; How to build a solid business case for deployment. Smedinghoff is a partner at Wildman Harrold, where his practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce, identity management and information security legal infrastructures for the federal g

Interview with Adrian Davis of the Information Security Forum In terms of payments, privacy and third-party relationships, U.S. security leaders have much to learn from - and share with - their peers in the U.K. and elsewhere in the world. This is the perspective of Adrian Davis, a senior research consultant with the UK-based Information Security Forum. In an exclusive interview, Davis discusses: Top threats to public and private organizations; Insights on payments, privacy and vendor management; Advice to organizations looking to improve information security globally. Davis heads the Leadership and Management group within the Research and Services Team of the Information Security Forum, responsible for delivering client-facing projects. His team covers topics such as the role and effectiveness of information security; the role and skills of information security professionals from junior analyst to the Chief Information Security Officer and Chief Security Officer; managing and assessing information secu

Interview with Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute Insider crimes are among the biggest threats to public and private sector organizations. And yet too many groups continue to struggle to prevent or even detect these crimes. In an exclusive interview, Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute, discusses: Insider threat trends; Biggest challenges for organizations looking to prevent crimes; Steps organizations can take to reduce risk. Cappelli is Technical Manager for the Threat and Incident Management Team of the CERT Technical Staff at Carnegie Mellon University's Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERT's insider threat research, a CyLab-funded project including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT. Before joinin