Info Risk Today Podcast

Working with business associates to prevent health information breaches requires far more than writing detailed contract terms on privacy and security, says regulatory expert Christopher Hourihan.

FDIC examiner Donald Saxinger says cloud computing can pose challenges when it comes to business continuity during disasters. Proactive vendor management, he says, is the best way to address potential hiccups before they become big problems.

The PCI Security Standards Council's new guidance on virtualization in the payments space aims to provide best practices for securing the payments chain's virtual platforms and appliances.

Today's advanced threats require an advanced cyber defense. That's why Bob Lamb of Booz Allen Hamilton recommends a new Cyber Operations blueprint that helps organizations assess and meet their cyber needs.

The executive director of a Southern California health information exchange describes a pilot project that's testing whether patient identifiers make it easier to match patients to their records from multiple organizations.

IT security expert Marcus Ranum says RSA's offer to replace its SecurID tokens is a deal worth taking.

Authentication expert Steve Dispensa says banking institutions need to realign their authentication infrastructures to include a mix of in-band and out-of-band measures.

For nearly two years, banks and businesses across the U.S. have been plagued by a wave of corporate account takeover. And while there's no one answer, Texas bank examiner Phillip Hinkle sees ways that institutions can better detect and prevent these crimes.

What's the top threat on the minds of global IT leaders? Employee-owned mobile devices - or BYOD (bring your own device), as the trend is known. The struggle: Do mobile device benefits outweigh the organizational risks?

Quantifying the safety or danger of cyberspace is tough. But a highly respected IT security practitioner and an experienced risk management consultant have teamed to develop an index they contend reflects the relative security of cyberspace by aggregating the views of information security industry professionals.

Payment card fraud. ACH and wire transfers. ATM skimming. And especially insider crimes. These are among today's top information security threats to institutions, says banking regulator Gigi Hyland in an exclusive interview.

New authentication guidance, when it is passed down, needs more attention on mobile, says Fraud Red Team's David Shroyer,a former Bank of America security executive.

The FDIC's Donald Saxinger says vendor management programs are getting more scrutiny from regulators, especially in areas of emerging technology such as cloud computing and mobile banking.

Adam Greene, the primary author of the proposed accounting of disclosures rule mandated under the HITECH Act, describes its major provisions and offers advice on how to prepare.

As the financial industry anxiously awaits the release of new online authentication guidance from the FFIEC, experts speculate about what steps banks and credit unions should be taking now to prepare.

After one commercial customer fell victim to corporate account takeover, this institution suffered significant losses and learned that legal disputes rarely favor the bank.

The same approach governments and businesses employ to protect individuals from the dangers of secondhand smoke could be applied to safeguard cyberspace, says Scott Charney, Microsoft's vice president of trustworthy computing, engineering excellence and environmental sustainability.

With the 2011 National Defense Authorization Act (NDAA), the DOD is taking a leadership position by defining policy that emphasizes the need to protect and defend the software layer.

"Ethical hacking" - is the term an oxymoron, or is it one of today's necessities in the fight against cybercrime? Jay Bavisi, president and co-founder of the EC Council, feels strongly about why we need ethical hackers more today than ever before.

From Epsilon to Sony, recent data breaches and legislative trends tell a dramatic story about the turbulent state of privacy worldwide, according to J. Trevor Hughes, head of the International Association of Privacy Professionals.