Info Risk Today Podcast

Dollars lost of fraud are one measure of an incident's impact. But the "soft" costs - loss of reputation and productivity - are the ones that most get the attention of Terry Austin of Guardian Analytics.

The information security profession is a 'war for talent' today, says recruiter Kathy Lavinder. But to win the war requires specialized skill sets. Here are today's top requirements.

Which Internet security threats pose the greatest risks to organizations in 2012 and beyond? Symantec has just released its Internet Security Threat Report, which reveals some surprising trends.

When it comes to curbing ACH fraud, banking regulators and law enforcement agencies have joined forces to keep institutions abreast of emerging best-practices. What are their top recommendations?

When Joseph Bognanno of Wolters Kluwer Financial Services examines 2012's financial fraud trends, all he sees is more - more of everything, from schemes to new guidance. How can banks stay ahead?

Lyndon Bird, technical director of the Business Continuity Institute, praises the ISO 22301 standard for business continuity, calling it "An end to uncertainty." Learn about the emerging standard.

Eighty-five percent of data breaches go undetected, but organizations have a new type of cop on the beat to ferret out these illicit activities - the data scientist, says Phil Neray, head of security intelligence strategy and marketing for Q1 Labs, an IBM company.

When it comes to the FFIEC Authentication Guidance, Aite analyst Shirley Inscoe fears too many banking institutions are investing only in achieving compliance - not ongoing security.

When it comes to fighting financial fraud, Peter Tapling of Authentify says banking institutions are chronically underestimating and under-utilizing one key resource: Their own customers.

Cloud computing for governments in the United States, especially services tailored for the federal government, may not be as efficient or as cheap as many would hope, says Richard Falkenrath, a principal with the security consultancy The Chertoff Group.

One of the biggest mistakes companies make after a major data breach is communicating with the news media, consumers and others before all the facts are clear, says attorney Ronald Raether.

Phishing - it's the classic scheme that never goes away. In fact, it evolves. Amy Blackshaw of RSA offers insights on how to respond to this and other trends identified in the 2012 Faces of Fraud survey.

What's the best strategy for communications after a data breach, like the one suffered by Global Payments Inc.? Bob Carr, CEO of Heartland Payment Systems, discusses what to say in the weeks following a breach.

Securing the massive amounts of data swamping organizations, a trend known as big data, can be addressed, in part, by organizations simply getting rid of data no longer needed, Grant Thornton's Danny Miller says.

To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

"Regulation drives spending," says George Tubin of GT Advisors. "You're in a situation where the regulators are telling you, 'You have to do something; you have to make improvements.' Therefore, the bank has to spend some money on technology."

Creating a "culture of compliance" that emphasizes the importance of privacy requires far more than "management by committee," says change management specialist Jan Hillier.

What might the Global Payments breach investigation entail? Dave Ostertag of Verizon's Investigative Response unit describes a forensics investigation - how long it can take and what it might reveal.

Healthcare organizations need to make mobile device security a top priority because so many recent data breaches can be tied to poor mobile device management, says consultant Jeff Brandt.

Where do time-strapped senior leaders go for education on cyber forensics and incident response? Carnegie Mellon University has a new option, and Dena Haritos Tsamitis explains its unique approach.