Info Risk Today Podcast

Mike Mitchell, new chair of the Payment Card Industry Security Standards Council, says mobility is among his top priorities for action in 2012. How will emerging technologies influence the standard?

To build an effective information security program, organizations and leaders need to take seven essential steps, including updating a risk assessment, says consultant Tom Walsh.

When Google amended its policy, suddenly everyone was talking about privacy. How do privacy officers turn these discussions to their advantage? Kirk Herath of Nationwide Insurance has some ideas.

What does a U.S. patent protect, and why should security leaders care? Attorney James Denaro details the risks and the questions you need to ask about the cybersecurity technologies you use.

Healthcare breach statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.

Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.

Risk assessments are over. Now it's time for institutions to prove they conform to the FFIEC's Authentication Guidance. Fraud expert George Tubin offers tips to prepare for the first regulatory exam.

What are the critical steps that IT security professionals should take in the aftermath of a breach? CEO Micky Tripathi of The Massachusetts eHealth Collaborative offers eight practical lessons based on his breach resolution experience.

The privacy risks involved in using social media in healthcare can be minimized through innovative staff education, says risk management expert Paul Anderson.

Losses linked to debit fraud now exceed losses connected to check fraud, according to a new survey by the American Bankers Association. How are banks responding to the threat?

One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in improving security, says attorney Amy Leopard.

Online security starts with e-mail monitoring. BITS and FS-ISAC have partnered to launch a new registry service that aims to thwart phishing attacks.

Five years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.

You know your company's social media policy is a good one when it starts sounding less like a checklist and more like common sense, says Sherrie Madia, social media expert and author.

Does the U.S. government's shuttering of the file-sharing website Megaupload.com show that new laws are not needed to battle intellectual property piracy? Brookings's Allan Friedman believes it does.

The Europay, MasterCard, Visa standard, commonly used in most global markets, is coming to the U.S. The sooner issuers, acquirers and merchants initiate migrations, the better, says Stephanie Ericksen, head of authentication product integration at Visa.

The Europay, MasterCard, Visa standard, commonly used in most global markets, is coming to the U.S. The sooner issuers, acquirers and merchants initiate migrations, the better, says Stephanie Ericksen, head of authentication product integration at Visa.

The recent breach that affected 24 million customers of Internet retailer Zappos.com should lead others to consider how much client information to store, says cybersecurity expert Fred H. Cate.

The Massachusetts eHealth Collaborative, a non-profit consultancy that experienced a health information breach, learned eight important lessons from the experience, says CEO Micky Tripathi.

Zappos was quick to communicate after discovering a data breach impacting 24 million customers. But did the online retailer respond appropriately, or make some missteps in its haste to notify? Francoise Gilbert of the IT Law Group gives a mixed review.