Info Risk Today Podcast

New York state's Department of Financial Services is enforcing minimum cybersecurity standards by which all banks and other financial services firms that it regulates must abide. Think of the new regulation "as a playbook or a guidepost," says cybersecurity attorney Paul Ferrillo.

An analysis on finding a replacement for Social Security numbers as an identifier for individuals leads the latest edition of the ISMG Security Report. Also, assessing Kaspersky Lab's responsibility for the hack of an NSA contractor's computer.

The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.

Leading the latest edition of the ISMG Security Report: A deep dive into how continuously monitoring user behavior could replace passwords as a means of authentication. Also, U.S. federal agencies continue to fall short on IT security.

Security programs fail because of too much emphasis on protection and not enough on detection and response, says Ira Winkler, president of Secure Mentem, who calls on CISOs to help change their organization's security priorities.

The key to simplifying the implementation of identity and access management, and streamlining integration with other systems, is to take advantage of industry standards, says Mark Perry of Ping Identity, an identity-defined security provider

The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.

The recent Equifax mega-breach demonstrates how essential it is to have a robust, well-tested incident response plan in place that includes a strong public relations component, says Heath Renfrow, CISO at U.S. Army Medicine

Leading the latest edition of the ISMG Security Report: an interview with NIST's Ron Ross about revised guidance on how to get C-suite executives to help shape information risk management. Also, DHS, FBI leaders outline goals for protecting the U.S. election system.

Artificial intelligence and machine learning are among the top industry buzzwords of the year. But how can AI truly make a significant impact on organizations' cybersecurity operations? Brian NeSmith of Arctic Wolf Networks offers insight.

Organizations are drowning in data, and they cannot even inventory it all - much less secure it. How, then, do they shift to focusing on their most sensitive data? Rob Douthitt of SolarWinds MSP offers new strategies.

Hospitals and physicians need to ramp up their security scrutiny of electronic health records systems as a result of recent changes in the Department of Health and Human Services' certification of EHRs, says privacy attorney David Holtzman.

It's the age of "open banking," and that means changes for banking institutions and their customers - as well as for the fraudsters. Shaked Vax of IBM Security Trusteer talks about new vulnerabilities and anti-fraud strategies.

Aetna will move from passwords to continuous behavioral authentication next year on its consumer mobile and web applications for better security and end-user experience, says Jim Routh, the health insurer's CISO.

Experts speaking out on how boards of directors and CISOs must do a better job in strengthening board involvement on cybersecurity matters leads the latest edition of the ISMG Security Report. Also, "Catch Me if You Can" impostor Frank Abagnale on the Equifax hack.

Network by network, device by device, today's security threats spread through an organization like wildfire. But Druce MacFarlane of Bricata says security leaders are making fundamental mistakes with their focus on perimeter and endpoint security.

Recent changes by the HHS to the certification program for electronic health record software could potentially weaken efforts to ensure EHRs meet federal requirements, including those that impact security, says attorney Maya Uppaluru, who formerly was on the HHS staff.

Analyzing the impact of a breach of computers at the U.S. Securities and Exchange Commission leads the latest edition of the ISMG Security Report. Also, exploring alternative plans to implement cybersecurity regulations on credit reporting bureaus in the wake of the Equifax breach.

In today's dynamic threat landscape, "real-time" is the operative phrase - and it needs to apply both to threat detection and incident response, says Tim Bandos of Digital Guardian. What are the required security controls and tools?

Are organizations making the same security mistake with APIs today that they made with their websites 10 and 20 years ago? Jeffrey Costa of Akamai Technologies says yes and offers insight on securing and caching APIs.