Info Risk Today Podcast

Balancing the customer experience with risk mitigation is tricky, says Jon Karl of Iovation. But automating customer reputation profiles can help organizations take the guesswork out of fraud prevention, and improve the experience on both sides of the transaction.

Distributed-denial-of-service attacks are not new, but they are being taken more seriously as a threat to network security and data protection, especially by financial-services, says Ashley Stephenson of Corero Network Security.

Security leaders know their old perimeter-based security models are insufficient. But what new model is best? And how can it reduce reliance on passwords for authentication? Julian Lovelock of HID Global offers insight.

Companies developing their own mobile applications must take steps to ensure their security policies are followed no matter where or how the apps are used, says Kurt Stammberger of Mocana Corp.

Advanced persistent threats are evolving, and banks can help thwart them by using continuous monitoring for real-time detection, says J. Paul Haynes of eSentire.

Combining a network access control system with a mobile device management system is a good way to address security for BYOD, says Scott Gordon of ForeScout.

Cyberattacks used as modes of distraction for fraud are organizations' biggest concern, say Pam O'Neal and Scott Register of IXIA.

Automating governance, risk and compliance reduces vulnerabilities that can have an adverse impact on the bottom line, says Sergio Thompson-Flores, chief executive of Modulo, a provider of GRC offerings.

Hewlett-Packard's John Diamant points out most enterprises invest little in the area with the greatest vulnerabilities: application security.

Most organizations have more data than they know what to do with, much less understand how they can use that data in a meaningful way, say NopSec's Lisa Xu and Steven Leonard. Having the ability to aggregate that data is key.

Debate over cybersecurity bills last year coupled with recent, highly publicized attacks have raised the visibility of the threat, and that could push Congress to enact IT security legislation in 2013, White House Cybersecurity Coordinator Michael Daniel says.

Most organizations are challenged by having too much information in too many places. But Dieter Schuller of Radiant Logic says centralizing data can improve identity management.

Paige Leidig, chief marketing officer of CipherCloud, says information protection requirements continue to be the primary hurdle for enterprise adoption, despite explosive growth in the cloud content and collaboration market and its evident advantages to productivity and cost efficiencies.

Organizations in all industries can embrace the bring-your-own-device trend if they take adequate steps to authenticate mobile users, says Soumya Das of SecureAuth.

How is the six-hospital Barnabas Health delivery system tackling the challenge of complying with the new HIPAA Omnibus rule? Hussein Syed, director of IT security, explains.

Because managing identities is a global problem, it requires a global solution, says Paul Simmonds of the Jericho Forum. A new organization has been established to address global identity. Simmonds offers insight.

Call center fraud is increasing, and it's not just financial institutions feeling the pain, says Pindrop Security's Matt Anthony. Now, a database of phone numbers aims to help organizations mitigate risks.

We are no longer facing a global IT security staffing shortage - it's a full-blown crisis. This is the conclusion of new research conducted by (ISC)². Julie Peeler and Bruce Murphy offer insight.

More than merely a phishing incident, a targeted attack is part of an advanced persistent threat. How can organizations defend against these attacks? Kevin Epstein of Proofpoint offers insight.

The PATCO fraud case shows why banking institutions cannot rely on compliance to ensure security. In an RSA 2013 preview, attorney Joseph Burton discusses legal lessons from the PATCO settlement.