Healthcare Information Security Podcast

Interview with Lisa SwanDeputy DirectorBiometrics Task Force, U.S. Army American combat forces deployed in Afghanistan and Iraq employ biometrics to tell our friends from insurgents and terrorists. Back home, the Defense Department uses similar fingerprint, iris and facial recognition tools to manage access to military bases and IT systems. Coordinating Defense Department efforts to find new uses of biometrics on the battlefield and back home is the Army's Biometrics Task Force, which leads Defense Department efforts to program, integrate and synchronize biometric technologies and capabilities. The task force also operates DoD's biometrics database that supports the nation's security strategy. In an interview with GovInfoSecurity.com's Eric Chabrow, Deputy Director Lisa Swan discusses the: Synergy between the use of biometrics in combat and in the office; Best situations to employ biometrics as a tool to authentic user access to IT systems; and Evolution of biometrics as an authentication tool and where

Healthcare and privacy - they have emerged as two huge topics in 2009, and Nick Mankovich of Philips Healthcare blends both of them into his career. Director of Product Security & Privacy, Mankovich discusses: His customers' main privacy and medical device security concerns - and how they are being addressed; Trends he's tracking in privacy and security; Regulations, threats and topics such as medical ID theft that need more attention in the national healthcare dialogue. Mankovich leads the worldwide Philips Healthcare programs both Product Security and Privacy. Each program organizes a team of subject matter experts that (1) address policies, requirements, and issues around security-designed-in products and services and (2) directs all elements of privacy compliance in the Philips Healthcare business. Prior to his seven years in Philips Healthcare, he spent seven years as a research department head with Philips Research, where he led groups working on advanced projects in medical informatics, security/c

Legal Insights on Data Privacy Trends and Breach Response Your organization has been breached - how should you immediately respond? How should you not respond? Alysa Hutnik, attorney with Kelley Drye in Washington, D.C., specializes in information security and privacy, counseling clients on what to do after a security breach. In an exclusive interview, Hutnik discusses: Do's and don'ts following a data breach; Privacy legislation trends for 2010; What organizations can do today to prevent privacy/security challenges tomorrow. Hutnik is an Associate with Kelley Drye whose practice includes representing clients in all forms of consumer protection matters. In particular, she specializes in advertising, privacy, and data security law. She frequently conducts workshops and gives speeches on advertising, privacy, and data security compliance. She is often quoted on these issues in major business and law journals and newsletters, and has authored numerous advertising, privacy, and data security articles. Ms. H

Schools are back in session in the U.S., the weather is cooling, and the fall flu season is close at hand. So, how should businesses and government agencies prepare for the expected widespread return of the H1N1 virus? Regina Phelps, a noted expert in pandemic preparedness, updates us on H1N1, discussing: What we have learned so far about the pandemic; Good - and bad - examples of pandemic preparedness; How individuals and organizations can take steps today to ensure effective response to H1N1. Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety.

Information security requirements and challenges change on a daily basis - and with them come growing opportunities for individuals with skills in digital forensics. Rob Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, discusses: the growing need for digital forensics skills; today's top challenges and how organizations are tackling them; career prospects for individuals in digital forensics. Lee has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he dir

Interview with David Taylor, Founder of PCI Knowledge Base The Heartland Payment Systems and Network Solutions data breaches have thrust the Payment Card Industry Data Security Standard (PCI DSS) into the spotlight, raising the question: Does PCI compliance help in the fight against fraud? David Taylor, founder of PCI Knowledge Base, recently administered new research on PCI compliance, and in an exclusive interview he discusses: Goods news - and not-so-good-news - about PCI compliance; Unique PCI challenges for merchants and banking institutions alike; What needs to be done to raise awareness around PCI compliance. Taylor founded the PCI Knowledge Base and before that the PCI Alliance. He has worked with many leading edge companies as an analyst for Gartner for 14 years. The PCI Knowledge Base is a Research Community which shares information and knowledge to help merchants, banks and other organizations achieve PCI compliance.

Ten years ago, the National Security Agency (NSA) started up the Centers of Academic Excellence program to encourage stronger information assurance programs at colleges and universities. Initially, there were 7 designated CAE schools. Today, the ranks have swollen to over 100 CAE-designated schools, and information assurance professionals are much better prepared to tackle the cybersecurity challenges we face. Dickie George, Information Assurance Technical Director within the NSA, discusses: The CAE program's core mission; Benefits of the program for participating schools and students; What to expect from CAE in its second decade. George began at the National Security Agency in August 1970 after graduating from Dartmouth College. He started in the Crypto-Math Intern Program, having tours in Research, the SIGINT Directorate, and the Information Assurance Directorate's (IAD) predecessor organization. Except for a tour in the Signals Intelligence Directorate (SID) and one at the Center for Communications

With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors. Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses: Myths and realities about forensics; How businesses and government agencies are employing forensics today; Tips on where your organization can acquire forensics skills. Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data

The Heartland Payment Systems (HPY) data breach came as an unpleasant surprise to many financial institutions and their customers in early 2009. What are the threats we should eye as we look ahead to 2010? In an exclusive interview, Bryan Sartin of Verizon Business, discusses the company's exhaustive research of data breaches, offering insight on: Breach trends that financial institutions should watch; Where institutions are most vulnerable; Security strategies and technologies that are most effective. Sartin heads up the investigative response team at Verizon Business. As a senior forensics examiner, he has taken the lead in many high-profile data compromise investigations in the Americas, Europe, and Asia-Pacific. In addition, Sartin is well-versed in both criminal and civil computer forensic procedures, is a certified expert witness, and is a frequent course instructor and speaker on the topics of incident response planning, computer forensics and regulatory compliance.

Data and privacy protection - there's much that government, industry and consumers alike can do to improve information security. And the Federal Trade Commission (FTC) is at the heart of education and enforcement efforts. In an exclusive interview, the FTC's Joel Winston discusses: Top privacy risks facing consumers and businesses; How the agency is battling privacy risks; The latest on Identity Theft Red Flags Rule compliance. Winston is Associate Director of the Division of Privacy and Identity Protection of the Federal Trade Commission's Bureau of Consumer Protection. That Division has responsibility over consumer privacy and data security issues, identity theft and credit reporting matters, among other things. Mr. Winston serves on the federal government's Identity Theft Task Force, which was created by President Bush in March 2006. He also is a member of the Advisory Board for the BNA Privacy & Security Law Reporter, and served on the Editorial Board and as an author for a treatise published in 200

Verizon Business investigated 90 major data breaches in 2008, including 285 million compromised records. Nearly ¾ of those breaches were external hacks, and 99.9 percent of the records were compromised via servers and applications. These are among the findings of Verizon's new 2009 Data Breach Investigations Report. In an exclusive interview, Dr. Peter Tippett, VP of Technology and Innovation at Verizon Business, discusses: The survey results; What these results mean to financial institutions and government entities; Which threats to watch out for most in the coming months. Tippett is the chief scientist of the security product testing and certification organization, ICSA Labs, an independent division of Verizon Business. An information security pioneer, Tippett has led the computer security industry for more than 20 years, initially as a vendor of security products, and over the past 16 years, as a key strategist. He is widely credited with creating the first commercial anti-virus product

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated iden

Interview with Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk At a time when risks are high and consumer confidence is low, corporate boards of directors aren't paying nearly enough attention to information security and cyber threats. This is the key takeaway from a new Carnegie Mellon University CyLab survey, which shows that there is a "gaping hole as wide as the Grand Canyon" in board and senior executive oversight of these critical business issues. Read more about this survey in an article by Linda McGlasson. To understand this study, we spoke with its author, Jody Westby, Adjunct Distinguished Fellow at CyLab and CEO at Global Cyber Risk. In an exclusive interview, she discusses: Key findings; Greatest concerns from the study; Recommendations for what financial institutions should do now to address these concerns. Jody Westby received her B.A., summa cum laude, University of Tulsa; J.D., magna cum laude, Georgetown University Law Center; Order of the Coif. Drawing

Interview with David Richards, President of the Institute of Internal Auditors Internal auditing has always been a key function within financial systems, and it becomes even more so when it comes to IT and information security. In this exclusive interview, David Richards, President of the Institute of Internal Auditors (IIA), discusses: The key differences between internal and IT auditors; The role of the audit committee and board of directors - what they need to know about IT governance; Frameworks to consider when establishing IT governance in your institution.

Interview with Jennifer Bayuk, Former CISO at Bear Stearns & Co. Governance is a term increasingly used in financial institutions, as banking/security leaders try to introduce new processes and disciplines to their organizations. In this exclusive interview, Jennifer Bayuk, an information security specialist and former CISO at Bear Stearns & Co., discusses: What governance means to a security organization; Elements of good governance; Speedbumps en route to success; Potential short- and long-terms rewards of good governance.

Interview with Kim Matlon, Business Continuity/Crisis Management Expert Workplace violence - it's one of the most common but least understood risks to all businesses. From robberies gone awry to bullies in the workplace to domestic anger spilling over from home, the workplace is rife for violent situations. In this interview, Kim Matlon, COO of R&A Crisis Management Services, an Ill.-based business continuity, crisis management and project management consulting firm, offers insight on: The four types of workplace violence; Red flags to look for in employees and communications; How to help ensure employees' safety.

Every organization is concerned about malware - how it evolves, slips past multilayered defenses and infects networks. John Nielsen, Product Manager for IBM Mobile Security, discusses the latest malware trends and steps organizations may take to fight back.

If you look at recent breaches, you see a common thread: If privileged identities were better managed, breach impacts would greatly lessen. Bill Mann of Centrify discusses the essentials of privileged ID management.

Brent discusses deploying multi-factor authentication to mega-enterprises with millions of end-users, knowledge-based authentication user enrollment, and how educational institutions are utilizing multi-factor authentication solutions.