Government Information Security Podcast

Malware, Consumer Technology, Social Networks Head the List of Vulnerabilities Know what scares security expert John Pescatore the most? The image of a remote employee sitting at a home office or public setting, plugging into an unsecured network, accessing critical business data via a personal laptop or PDA. Organizations have never had so many security risks in so many remote locations, says Pescatore, VP and Distinguished Analyst with Gartner, Inc. Mitigating these risks will be among the primary challenges for information security leaders in 2010. In a discussion of security trends, Pescatore offers insight on: Emerging threats; Emerging solutions; The role of education and training to help meet security needs. Pescatore has 31 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 year

Interview with Pete Fahrenthold of Continental Airlines, RIMS Enterprise Risk Management (ERM) is a topic of interest throughout an organization - and increasingly at the board of director level. But how does a security leader engage the board on ERM - and keep it engaged? Pete Fahrenthold of Continental Airlines and RIMS discusses: The top current ERM issues; How to engage the board - what works, what doesn't? How to measure the ongoing engagement of the board. Fahrenthold is the Managing Director of Risk Management and the ERM Team Leader for Continental Airlines. He has over 20 years of risk management experience. Prior to entering the risk management field, he worked in public accounting and in various corporate functions including financial reporting, treasury operations, and employee benefits management. He is currently the Vice Chair of the RIMS ERM Development Committee, and he is the Chair of the AFP Risk Newsletter Editorial Advisory Board.

We all can see the technological and market forces converging to necessitate and enable electronic healthcare records. But how does this transition impact privacy and compliance within an organization? What are the ramifications for IT and security departments? Kim Singletary, Solutions Marketing for McAfee, discusses: The electronic healthcare records revolution; Impact on privacy and compliance; How IT departments must respond. Singletary was Director of Compliance Solutions for Solidcore prior to the McAfee acquisition. She has 15 years of Product Management and Marketing roles with companies specializing in outsourced IT services for critical infrastructure both traditional datacenter services, MSSP and SAAS. Her expertise has been in developing and growing security, compliance and managed services for the Fortune 500 which included roles at SAVVIS Communications, Frontier Communications and Global Crossing.

Interview with Rep. Yvette Clarke, Chair, House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology To quell the rising tide of information breaches and to protect government and key civilian IT systems, the idea of regulating IT and data is gaining ground among those who shape federal law and policies. If such regulation comes about, Rep. Yvette Clarke, D-N.Y., will be involved in shaping authorizing legislation, by virtue of her chairmanship of the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. Clarke, in an interview with GovInfoSecurity.com, said any such law or regulation must not hamper innovation. In the interview, Clarke discusses: Key elements of what she terms the National Data Breach Law. The deliberate approach the House is taking to implementing cybersecurity legislation. President Obama's need to appoint a cybersecurity coordinator now. Clarke represents one of the country's most ethnically diverse Congressional

Interview with Martin Libicki of the RAND Corp. Martin Libicki spends a lot of time studying and thinking about the intersection of national security and information technology as a senior management scientist at the think tank RAND Corp. And in a just-released report he authored, Cyberdeterrence and Cyberwar, Libicki argues that strategic cyber warfare shouldn't be a priority for America's armed services. The key word here is strategic. Cyber warfare, as a strategy, would unlikely cause the enemy to disarm as does conventional warfare. Zap an adversary's PC, and it can be replaced for $300. Cyber assault the enemy, and the opponent more likely than not will figure out how to defend itself against similar, future attacks. Besides, who knows how well cyber works as a weapon? "One of the differences between cyber and other forms of warfare is that cyber is largely untested. Sometimes it works, sometimes it doesn't," Libicki said in an interview with GovInfoSecurity.com. Yet, he said, cyber should be consid

Social networking. Cyberbullying. Identity theft. There are myriad threats to children as they explore their online universe. And to counter these threats is Safe and Secure Online, a new interactive presentation that brings information security professionals into classrooms to give sound advice to 11-14-year-old children. Delivered by (ISC)2, Safe and Secure Online relies on material developed by former school teachers, but delivered by certified information security professionals. David Melnick of Deloitte and (ISC)2 discusses: The need for Safe and Secure Online; How the program will be delivered and measured; Ways businesses, government agencies and information security professionals can help. Melnick is a principal in security and privacy services within the audit and enterprise risk services practice in the Los Angeles office of Deloitte and brings more than 17 years of experience designing, developing, managing and auditing large scale secure technology infrastructure. Melnick has authored sever

As people increasingly turn to information assurance to start - or re-start - a career, the nation's community colleges play a greater role in job training. Erich Spengler, professor at Moraine Valley Community College near Chicago, discusses: The role of community colleges in information assurance education; Challenges and opportunities for two-year programs; Where to begin when considering your next career move. Spengler has over 20 years experience in Information Systems and holds an MBA from Loyola University of Chicago and an MS in Computer Science from the University of Illinois - Springfield. In addition to serving as a tenured professor of Computer Integrated Technologies at Moraine Valley Community College, Erich also serves as a Guest Lecturer at Northwestern University and as the Director and Principle Investigator for the National Science Foundation (NSF) Regional Center for Systems Security and Information Assurance (CSSIA @ www.cssia.org). Erich holds several industry certifications includ

Interview with Myra Gray, Director, U.S. Army Biometrics Task Force Though fingerprint and iris scans have advantages over passwords and magnetic identity cards as a means to grant access to IT systems, in many instances, the biometric technologies aren't ready to be employed alone, says Myra Gray, director of the U.S. Army's Biometrics Task Force. "Actually, it's an outstanding method for good, strong identity assurance," Gray said in an interview with GovInfoSecurity.com. "But before we go throwing out passwords and usernames, I'd like to articulate that biometrics is one tool of many. It should be part of the portfolio that's used to protect against identity theft." Gray explained that three things exist to prove ones identity: What you know, such as a password; what you have, a magnetic card or token; and what you are - "something that's uniquely you" - an iris, a fingerprint "The power, it not just picking one over other, but setting up a construct that utilizes all of those as appropriate" Gray s

Interview with Cita Furlani, NIST Information Technology Laboratory Director Think of the National Institute of Standards and Technology, and most people charged with safeguarding government IT assets think of NIST's information security guidance. But NIST's core strength lies in its long history of measurement and testing, and that should prove valuable as the federal government changes the way it evaluates IT security, from a process that focuses on agency and departmental compliance with regulations to one of measuring IT systems in real time to verify they're truly secure. "People think of us as only the standards, but you can't really have effective standards unless you can measure that you're meeting those standards, and measurement at NIST means testing," says Cita Furlani, director of NIST's Information Technology Laboratory in an interview with GovInfoSecurity.com. Furlani discusses not only how NIST is gearing up for changes in the way government will measure cybersecurity but the proposed reorg

It's one of the newest and most popular stops on the Washington, D.C. tour, and its artifacts of history leave clues for how information security professionals should approach their future. The International Spy Museum has just celebrated its 7th year and its 5 millionth visitor, says Executive Director Peter Earnest, a former CIA officer who's run the museum since its inception. In an exclusive interview, Earnest discusses: the museum's goals and growth plans; who visits the museum and what they get from the experience; lessons to be learned by today's information security professionals. Earnest is a 35-year veteran of the Central Intelligence Agency (CIA). He served 25 years as a case officer in its Clandestine Service, primarily in Europe and the Middle East. He ran intelligence collection and covert action operations against a range of targets including Soviet Bloc representatives and Communist front organizations. As Museum director, he has played a leading role in its extraordinary success as

Interview with Lisa SwanDeputy DirectorBiometrics Task Force, U.S. Army American combat forces deployed in Afghanistan and Iraq employ biometrics to tell our friends from insurgents and terrorists. Back home, the Defense Department uses similar fingerprint, iris and facial recognition tools to manage access to military bases and IT systems. Coordinating Defense Department efforts to find new uses of biometrics on the battlefield and back home is the Army's Biometrics Task Force, which leads Defense Department efforts to program, integrate and synchronize biometric technologies and capabilities. The task force also operates DoD's biometrics database that supports the nation's security strategy. In an interview with GovInfoSecurity.com's Eric Chabrow, Deputy Director Lisa Swan discusses the: Synergy between the use of biometrics in combat and in the office; Best situations to employ biometrics as a tool to authentic user access to IT systems; and Evolution of biometrics as an authentication tool and where

Interview with Lt. Col. Gregory Conti of West Point Army Lt. Col. Gregory Conti is a man on a mission, not only to educate the next generation of Army officers on cybersecurity, but to change the culture of the military to put cybersecurity on the same footing as an Air Force pilot, a Navy ship officer or an Army combat leader in career advancement. In an interview with GovInfoSecurity.com, Conti, an academy professor of computer science at West Point who coordinates the United States Military Academy's cyber warfare curiccula, discusses the: Importance of cybersecurity training at the academy, not just to computer science majors, but to all cadets; Differences between cybersecurity and cyber warfare; and Idea of creating a fourth military branch dedicated to defending the nation's IT assets. Conti earned a bachelor degree in computer science at West Point in 1989, a year before laptops became standard issue to all cadets. Since then, Conti has earned a master and doctorate in computer science from Joh

Interview with Charles Croom Determining how best to secure the nation's critical IT infrastructure must be a collaborative effort by the federal government and the private sector, says Charles Croom, vice president of cybersecurity solutions at defense contractor and IT integrator Lockheed Martin. A retired Air Force lieutenant general, Croom is an astute observer of government-private sector cooperation, having served as director of the Defense Information Systems Agency and commander of the Joint Task Force for Global Network operations. In an interview, Croom discussed the: Teamwork needed for government agencies to help develop federal cybersecurity policy regardless of the role the Department of Homeland Security plays; Research and development efforts at Lockheed Martin that emphasize proactive cybersecurity solutions; and Incentives government should provide businesses to comply with cyber regulations. Croom spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

We've emerged from a global financial crisis, and now regulatory reform is coming to financial services. What do these events mean for the financial regulatory agencies - especially in terms of securing access to sensitive data? John Bordwine, Public Sector CTO at Symantec, tackles this question, discussing: The critical need to secure access to sensitive data; The business benefits of enhancing security; Key takeaways for non-financial organizations. As the Symantec Public Sector CTO, Bordwine currently serves as a trusted advisor, providing guidance on the development of products and solutions that meet government requirements and certifications specifically focused on the Public Sector markets. His responsibilities also include all technical activities related to Public Sector customers, which includes federal, state, and local government agencies, and education industries. In addition to these responsibilities, he also provides guidance to other Symantec business units around specific requireme

Organizations are doing a good job protecting their operating systems, but they're leaving their critical applications vulnerable to dangerous cyber threats. This is the key takeaway - and to some extent the surprise - of the new Top Cybersecurity Risks report released on Sept. 15 by TippingPoint, Qualys, the Internet Storm Center and SANS Institute. In an exclusive interview about the report, Alan Paller, Director of Research at SANS, discusses: The key messages to organizations about cyber risks; Trends to watch in the coming months; What organizations can do now to minimize their vulnerability. Paller founded SANS in 1989 to provide graduate-level education to cybersecurity professionals. In the intervening years, more than 80,000 people have learned their technical security skills - from forensics to penetration testing to intrusion detection, in SANS courses. Today he focuses on identifying the tipping points that can turn the tide against the growing wave of cyber crime and cyber espionage. He h

Legal Insights on Data Privacy Trends and Breach Response Your organization has been breached - how should you immediately respond? How should you not respond? Alysa Hutnik, attorney with Kelley Drye in Washington, D.C., specializes in information security and privacy, counseling clients on what to do after a security breach. In an exclusive interview, Hutnik discusses: Do's and don'ts following a data breach; Privacy legislation trends for 2010; What organizations can do today to prevent privacy/security challenges tomorrow. Hutnik is an Associate with Kelley Drye whose practice includes representing clients in all forms of consumer protection matters. In particular, she specializes in advertising, privacy, and data security law. She frequently conducts workshops and gives speeches on advertising, privacy, and data security compliance. She is often quoted on these issues in major business and law journals and newsletters, and has authored numerous advertising, privacy, and data security articles. Ms. H

Schools are back in session in the U.S., the weather is cooling, and the fall flu season is close at hand. So, how should businesses and government agencies prepare for the expected widespread return of the H1N1 virus? Regina Phelps, a noted expert in pandemic preparedness, updates us on H1N1, discussing: What we have learned so far about the pandemic; Good - and bad - examples of pandemic preparedness; How individuals and organizations can take steps today to ensure effective response to H1N1. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

Interview with David Matthews, Deputy CISO, City of Seattle David Matthews, like other government information security officials, knows the security problems social networks present. And like his cohorts in municipal, state and federal governments across the nation, Matthews - deputy chief information security officer of the city of Seattle -has little choice but to support social networks, especially considering the city's top elected officials use them. "The first thing we had to admit was that the horse is long gone out of the barn and there's really nothing we can do about it at this point," Matthews says in an interview with GovInfoSecurity.com. "Users including council members, the mayor, everybody else are using social network, either personally or for city business. There are a few of them that have bothered to ask about what we thought about it on the security side of things, but the vast majority has just gone ahead and done it." Social networks is one of the challenges Matthews discussed in this

Information security requirements and challenges change on a daily basis - and with them come growing opportunities for individuals with skills in digital forensics. Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses: the growing need for digital forensics skills; today's top challenges and how organizations are tackling them; career prospects for individuals in digital forensics. Lee has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he dir

Interview with SRA International CEO Stanton Sloane Stanton Sloane read Gartner's projection that the information technology industry will fall under government regulation in another half-dozen years or so, a forecast he hopes will not occur. It's not surprising the chief executive of SRA International, one of the largest providers of IT and cybersecurity services to the federal government, has a distaste for regulation. Government shouldn't shower industry with rules but with ideas to battle cyber threats, Sloane said in an interview with GovInfoSecurity.com. "Government doesn't have to be very punitive in its approach to commercial industry," he said. "It's more about providing information and access to resources and assistance to help understand the nature of the problem and effective ways to deal with it. I don't think that requires a lot of legislation and kind of process rules; it can be done more collaborative fashion with industry associations, advisory groups ... those can be very effective." In