Info Risk Today Podcast

Intrusion detection is challenging for most organizations, and hackers' ever-increasing skill to evade monitoring tools only compounds the problem. But Zions Bank's Michael Fowkes says big data can help.

Mobile security, advanced persistent threat and DDoS attacks on banks have been among the hottest security stories. How have they influenced RSA Conference 2013? Program Chair Hugh Thompson previews the event.

From sophisticated malware to socially-engineered schemes, banking institutions of all sizes are under constant, multi-channel attack. How can they respond? Daniel Ingevaldson of Easy Solutions shares ideas.

Mobile malware, jailbroken devices and unpatched systems are three of the top security threats to mobile workers. How can organizations mitigate the risks? Dave Jevans of Marble Security offers tips.

Malware, DDoS and mobile security aside, one of the biggest risks is organizations' lack of visibility into specific threats. Don Gray of Solutionary explains the need for actionable threat intelligence.

Highly publicized breaches at Facebook, Twitter, the New York Times and other organizations in recent weeks suggest there's a new normal in the cyberthreat arena. But the onetime head of U.S. CERT, Mischel Kwon, doesn't think so.

Organizations typically secure data where it resides and is transmitted. Data-centric security strategies focus on securing the data itself. Mark Bower of Voltage Security explains.

A proposed directive requiring the reporting of serious cyber-attacks to national authorities could add complexity to organizations operating online in the European Union, says IT security lawyer François Gilbert.

Federal regulators have issued draft guidance for the use of social media. What are the specific security risks? The FDIC's Elizabeth Khalil discusses how banking institutions can address emerging threats.

Some of the largest banks in the U.S. were unable to ward off sophisticated DDoS attacks, so what can smaller organizations do? Plenty, says Marty Meyer, President of Corero Network Security.

We've seen user-driven trends such as BYOD before, says Kevin Flynn of Fortinet. And if organizations remember past security lessons, they will avoid falling prey to mistakes that could lead to breaches.

Security threats to healthcare organizations are on the rise - and so are regulatory requirements. Kim Singletary of McAfee discusses the top breach prevention and response challenges for healthcare organizations in 2013.

It isn't just a staffing shortage that stops organizations from building cyberteams. It's a skills crisis, says SANS Institute founder Alan Paller, who tells why now is the ideal time to fill top roles with qualified professionals.

Outsourcing to the cloud poses new risks, especially for card data. The PCI Council addresses those risks in its just-released cloud security guidance, and Bob Russo offers exclusive insights.

How can security pros help organizations prevent breaches and data loss? The Online Trust Alliance has released its latest guide to data protection and breach readiness, and OTA founder Craig Spiezle offers tips.

Although hacktivists announced suspension of DDoS attacks against banks, other industries are now getting hit, and banks can't afford to get complacent because of the fraud risk, says security specialist Bill Stewart.

The new, much more objective guidance for reporting breaches that's included in the HIPAA omnibus rule will result in an increase in notifications, predicts privacy law expert Marcy Wilder.

Containerization - it's the latest strategy for securing the critical data accessed by remote workers and mobile devices. How is the concept deployed? David Lingenfelter of Fiberlink offers insight.

As the National Institutes of Health ramps up research projects involving human genomes, electronic health records and other sensitive data, it's exploring the best ways to protect that data, says research director Eric Green, M.D., PhD.

As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.