Data Breach Today Podcast

It's a new wave of cybercriminal behind the latest major data breaches, says breach expert Lucy Thomson. And these incidents are resulting in a new generation of breach notification laws globally.

Jacob Olcott says Congress' failure to enact comprehensive cybersecurity legislation over the past half decade doesn't mean lawmakers haven't influenced IT security policy.

ACH fraud victim Mark Patterson says small businesses like his welcome improved online security measures from banking institutions. But is the new FFIEC Authentication Guidance sufficient? Patterson says no.

A lack of ongoing HIPAA compliance training increases the risk of internal breaches, says Terrell Herzig, information security officer at UAB Medicine.

Winning senior executive support for information security spending requires "a solid business case of justifications," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center.

Ramped up HIPAA enforcement is a big reason behind the No. 1 information security priority for the coming year: improving regulatory compliance, says attorney Adam Greene.

Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.

One reason why so many healthcare organizations are not well-prepared to counter security threats is that "key leadership has not bought into the whole process," says Bob Krenek of Experian® Data Breach Resolution.

Penetration tests that demonstrate how an unauthorized user could gain access to patient information can be effective in winning support for a bigger information security budget, says David Kennedy of Diebold, Incorporated.

ID theft expert Joanna Crane wonders whether banks, government agencies and healthcare providers do enough to assist consumers with ID theft recovery, saying consumer expectations are often loftier than what's being done to meet the demand.

Roger Baker, CIO at the Department of Veterans Affairs, outlines the department's mobile device security strategy, providing details on the rollout of iPhones and iPads.

Winn Schwartau says the BlackBerry disruption this past week (see BlackBerry Disruptions: Where to Start?) hit at the heart of one of the fundamentals of IT security: availability.

When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.

Leon Rodriguez, the new director of the Department of Health and Human Services' Office for Civil Rights, describes his HIPAA enforcement agenda.

Elayne Starkey recently gave up her BlackBerry for an iPhone, and uses the Apple mobile device for personal and work doings, securely connecting to the computer system of her employer, the state of Delaware.

Discussing Verizon's new report on the state of PCI compliance, PCI expert Jen Mack says payment card security today is "disappointing," and global merchants are at serious risk of new data breaches.

Frequent face-to-face training on social media policies is a vital component of any risk management effort, says consultant Erika Del Giudice.

Facial recognition technology could prove to be an effective way to authenticate individuals seeking entry to secured buildings or databases storing sensitive information. But the biometric technology already is being abused, and IT security managers employing facial recognition should be careful to encrypt the biometric data, cautions a privacy rights leader.

Give a man a fish, you feed him for today, the proverb says. Teach a man to fish; and you feed him for a lifetime. That adage can be applied to information security, as well.

Yahoo's Justin Somaini believes his fellow CISOs in business and government do a good job keeping their bosses informed of proper information security practices, but could do better in educating the rank and file about them.