Government Information Security Podcast

Gartner: IT Regs Will Be Enacted in 5 Years Like the airlines, automotive, financial services, pharmaceutical and telecommunications industries, the government will soon - probably within the next half decade - begin to regulation the IT industry, IT adviser Gartner predicts. "There's a trajectory that industries tend to follow; when an industry is extremely successful - that is to say that when an industry succeeds in moving its products and services right into the heart of daily life, regulation tends to follow. in the 20th century," Richard Hunter, a Gartner fellow and vice president, says in an interview with GovInfoSecurity.com. "We saw the Food and Drug Administration, we saw regulation of telecom, we saw regulation of the airlines industry, we saw regulation of the automobile industry," he says. "I think the information technology industry has been extraordinarily successful in the last 40 to 50 years in increasing the importance of its products and services to almost every aspect of modern life. And, what usually happens in any industry when you reach that level of importance in society is that regulation takes place." In the interview, Hunter discusses how: Mounting pressure to regulate the IT industry has gained favor as the number of breaches have exponentially rocketed over the past decade. Innovation could be stifled, especially for startups and the open source community that don't have the financial wherewithal of a Microsoft or Oracle to conduct the testing regulation likely would require. IT vendors will produce off-the-shelf tiered products, including those for information security, that would assure a certain level of quality, for a price. Eric Chabrow, GovInfoSecurity.com managing editor, interviewed Hunter.

Gartner: IT Regs Will Be Enacted in 5 Years Like the airlines, automotive, financial services, pharmaceutical and telecommunications industries, the government will soon - probably within the next half decade - begin to regulation the IT industry, IT adviser Gartner predicts. "There's a trajectory that industries tend to follow; when an industry is extremely successful - that is to say that when an industry succeeds in moving its products and services right into the heart of daily life, regulation tends to follow. in the 20th century," Richard Hunter, a Gartner fellow and vice president, says in an interview with GovInfoSecurity.com. "We saw the Food and Drug Administration, we saw regulation of telecom, we saw regulation of the airlines industry, we saw regulation of the automobile industry," he says. "I think the information technology industry has been extraordinarily successful in the last 40 to 50 years in increasing the importance of its products and services to almost every aspect of modern life. And, what usually happens in any industry when you reach that level of importance in society is that regulation takes place." In the interview, Hunter discusses how: Mounting pressure to regulate the IT industry has gained favor as the number of breaches have exponentially rocketed over the past decade. Innovation could be stifled, especially for startups and the open source community that don't have the financial wherewithal of a Microsoft or Oracle to conduct the testing regulation likely would require. IT vendors will produce off-the-shelf tiered products, including those for information security, that would assure a certain level of quality, for a price. Eric Chabrow, GovInfoSecurity.com managing editor, interviewed Hunter.

One challenge federal and state chief information security officers face when trying to recruit information security professionals is the lack of governmental occupation classification for IT security specialists. They just don't exist. Most IT security professionals are classified under various information systems occupation categories, which means they don't identify security skills, explains Mark Weatherford, director and chief information security officer of California's Office of Information Security. But Weatherford, in an interview with GovInfoSecurity.com, explains that he's working with other state CISOs and the Department of Homeland Security to develop IT security occupation categories as well as career paths that should help recruit and retain information security pros in government. In the interview, Weatherford also discussed the impact of California's budget crisis on safeguarding the state's IT assets as well as his role as head of an office that like the federal Office of Management and Budget doesn't have direct control but much influence over 152 state agencies. Weatherford was interviewed by Eric Chabrow, managing editor of GovInfoSecurity.com

One challenge federal and state chief information security officers face when trying to recruit information security professionals is the lack of governmental occupation classification for IT security specialists. They just don't exist. Most IT security professionals are classified under various information systems occupation categories, which means they don't identify security skills, explains Mark Weatherford, director and chief information security officer of California's Office of Information Security. But Weatherford, in an interview with GovInfoSecurity.com, explains that he's working with other state CISOs and the Department of Homeland Security to develop IT security occupation categories as well as career paths that should help recruit and retain information security pros in government. In the interview, Weatherford also discussed the impact of California's budget crisis on safeguarding the state's IT assets as well as his role as head of an office that like the federal Office of Management and Budget doesn't have direct control but much influence over 152 state agencies. Weatherford was interviewed by Eric Chabrow, managing editor of GovInfoSecurity.com

Little wonder that Howard Schmidt's name is on every list of prospective White House cybersecurity czar. In the field of IT security, Schmidt has done it all. He spent more than 30 years in public service, including a stint as a White House special adviser on cyberspace security and as chief strategist for the US-CERT Partners Program at Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House. In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University. Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed harnessing the brainpower of public and private-sector experts in IT security and risk management. In an interview with GovInfoSecurity.com's Eric Chabrow, Schmidt discusses the: Crucial role Obama's cybersecurity coordinator will play in managing federal IT security policy. Challenges the federal government faces in developing a cybersecurity culture. Challenge Providing IT security with limited funds due to the recession. Need for international cooperation in battling cyber threats.

Little wonder that Howard Schmidt's name is on every list of prospective White House cybersecurity czar. In the field of IT security, Schmidt has done it all. He spent more than 30 years in public service, including a stint as a White House special adviser on cyberspace security and as chief strategist for the US-CERT Partners Program at Homeland Security. He serves on an IT privacy board that advises the National Institute of Standards and Technology, the Commerce Department and White House. In the private sector, Schmidt has held top IT security posts at Microsoft and eBay. An author of two IT security books, Schmidt has academic affiliations with Georgia Institute of Technology, Carnegie Mellon and Idaho State University. Schmidt is the first and current president of the Information Security Forum, an independent, not-for-profit association aimed harnessing the brainpower of public and private-sector experts in IT security and risk management. In an interview with GovInfoSecurity.com's Eric Chabrow, Schmidt discusses the: Crucial role Obama's cybersecurity coordinator will play in managing federal IT security policy. Challenges the federal government faces in developing a cybersecurity culture. Challenge Providing IT security with limited funds due to the recession. Need for international cooperation in battling cyber threats.

With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors. Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses: Myths and realities about forensics; How businesses and government agencies are employing forensics today; Tips on where your organization can acquire forensics skills. Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data analytics and investigative services in support of civil litigation and provides advisory services regarding technology related matters. He also provides expert witness testimony when appropriate in connection with these services.

With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors. Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses: Myths and realities about forensics; How businesses and government agencies are employing forensics today; Tips on where your organization can acquire forensics skills. Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data analytics and investigative services in support of civil litigation and provides advisory services regarding technology related matters. He also provides expert witness testimony when appropriate in connection with these services.

The Heartland data breach and July's denial of service (DDoS) attacks against government agencies are among the biggest information security incidents of the year. And they've pushed incident response into the spotlight. Peter Allor is on the Steering Committee of the Forum for Incident Response and Security Teams (FIRST.org), and in this interview he discusses: Key incident response issues facing organizations today; What we've learned from the Heartland and government DDoS incidents; How to prepare for a successful career in incident response. Allor is a member of the Forum for Incident Response and Security Teams (FIRST) Steering Committee, a forum for security and incident information exchange between teams international. He also is the program manager for cyber incident & vulnerability Handling for IBM, where he is responsible for guiding the company's overall security initiatives and participation in enterprise and government implementation strategies. In addition, Allor is a member of: The Information Technology - Information Sharing and Analysis Center (IT-ISAC) which shares on information for protecting Critical Infrastructures. Information Technology - Sector Coordinating Council (IT-SCC) Executive Committee, which works within the private sector on policy and strategy input to the U.S. Government. CSIS Cyber Security Commission for the 44th Presidency, representing IBM, developing strategy for improving cyber security of federal systems and critical infrastructure.

The Heartland data breach and July's denial of service (DDoS) attacks against government agencies are among the biggest information security incidents of the year. And they've pushed incident response into the spotlight. Peter Allor is on the Steering Committee of the Forum for Incident Response and Security Teams (FIRST.org), and in this interview he discusses: Key incident response issues facing organizations today; What we've learned from the Heartland and government DDoS incidents; How to prepare for a successful career in incident response. Allor is a member of the Forum for Incident Response and Security Teams (FIRST) Steering Committee, a forum for security and incident information exchange between teams international. He also is the program manager for cyber incident & vulnerability Handling for IBM, where he is responsible for guiding the company's overall security initiatives and participation in enterprise and government implementation strategies. In addition, Allor is a member of: The Information Technology - Information Sharing and Analysis Center (IT-ISAC) which shares on information for protecting Critical Infrastructures. Information Technology - Sector Coordinating Council (IT-SCC) Executive Committee, which works within the private sector on policy and strategy input to the U.S. Government. CSIS Cyber Security Commission for the 44th Presidency, representing IBM, developing strategy for improving cyber security of federal systems and critical infrastructure.

Interview with Alan Berman of DRI International and AnneMarie Staley of NYSE The H1N1 threat has put business continuity and disaster recovery (BC/DR) in the headlines. But behind the scenes, the discipline has long been active in helping global organizations respond to myriad natural and man-made disasters. In a discussion about H1N1 and other BC/DR issues, Alan Berman of DRI International and AnneMarie Staley of NYSE touch upon: The biggest threats and regulatory challenges facing global organizations; How to apply "Think Global, Act Local" to BC/DR; What organizations must do now to respond to the H1N1 threat. Berman, the Executive Director of DRI International, is a CBCP, a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53). Over a career that has spanned 25 years, he has served as a President and CIO for a major financial institution, National Practice Leader for Operational Resiliency for PricewaterhouseCoopers and Global Business Continuity practice leader for Marsh. Staley is the Senior Manager of Business Continuity Planning and Disaster Recovery for North America for NYSE Euronext, which includes the New York Stock Exchange in New York. She is responsible for managing all aspects of the US-based business continuity and disaster recovery efforts. These efforts include risk assessment, business impact analysis, disaster recovery scenario development and response strategies, contingency plans, exercises, and training & awareness campaigns.

Interview with Alan Berman of DRI International and AnneMarie Staley of NYSE The H1N1 threat has put business continuity and disaster recovery (BC/DR) in the headlines. But behind the scenes, the discipline has long been active in helping global organizations respond to myriad natural and man-made disasters. In a discussion about H1N1 and other BC/DR issues, Alan Berman of DRI International and AnneMarie Staley of NYSE touch upon: The biggest threats and regulatory challenges facing global organizations; How to apply "Think Global, Act Local" to BC/DR; What organizations must do now to respond to the H1N1 threat. Berman, the Executive Director of DRI International, is a CBCP, a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53). Over a career that has spanned 25 years, he has served as a President and CIO for a major financial institution, National Practice Leader for Operational Resiliency for PricewaterhouseCoopers and Global Business Continuity practice leader for Marsh. Staley is the Senior Manager of Business Continuity Planning and Disaster Recovery for North America for NYSE Euronext, which includes the New York Stock Exchange in New York. She is responsible for managing all aspects of the US-based business continuity and disaster recovery efforts. These efforts include risk assessment, business impact analysis, disaster recovery scenario development and response strategies, contingency plans, exercises, and training & awareness campaigns.

Not only is Capella University one of the NSA's accredited Centers of Academic Excellence (CAE), the school also offers undergraduate, graduate and post-graduate programs in information assurance - and 100% online. In discussing Capella's unique programs, Dr. Steven Brown touches upon: How Capella's information assurance programs have developed; Where students live, work, and what they bring to the programs; The future of information security education. Dr. Brown is an experienced professional with more than 25 years of technical and business experience. His work both domestically and internationally has been in telecommunications, data networks, strategic communications, electronic commerce, business management, and security. He has authored several publications and presented at conferences around the world. Dr. Brown is currently serving as a Capella core faculty member teaching graduate courses in information assurance and security. He is responsible for ensuring that the information security and networking curricula meet the demands of today's marketplace and adhere to rigorous academic standards. Capella University is an accredited, fully online university that has built its reputation by providing quality education for working adults. More than 80 percent of Capella students are currently enrolled in master's or doctoral degree programs in business, information technology, education, human services, psychology, public administration, public health, and public safety. Capella also offers bachelor's degree programs in business, information technology, public administration, and public safety.

Not only is Capella University one of the NSA's accredited Centers of Academic Excellence (CAE), the school also offers undergraduate, graduate and post-graduate programs in information assurance - and 100% online. In discussing Capella's unique programs, Dr. Steven Brown touches upon: How Capella's information assurance programs have developed; Where students live, work, and what they bring to the programs; The future of information security education. Dr. Brown is an experienced professional with more than 25 years of technical and business experience. His work both domestically and internationally has been in telecommunications, data networks, strategic communications, electronic commerce, business management, and security. He has authored several publications and presented at conferences around the world. Dr. Brown is currently serving as a Capella core faculty member teaching graduate courses in information assurance and security. He is responsible for ensuring that the information security and networking curricula meet the demands of today's marketplace and adhere to rigorous academic standards. Capella University is an accredited, fully online university that has built its reputation by providing quality education for working adults. More than 80 percent of Capella students are currently enrolled in master's or doctoral degree programs in business, information technology, education, human services, psychology, public administration, public health, and public safety. Capella also offers bachelor's degree programs in business, information technology, public administration, and public safety.

FISMA has been somewhat maligned this year as a paper-pushing law that prompts chief information security officers to file the right documents rather than truly secure the IT their charged to safeguard. But Gil Vega sees a lot of good in the seven-year-old Federal Information Security Management Act. The CISO at the Department of Homeland Security agency known as ICE - Immigration and Customs Enforcement - credits FISMA with getting secretaries and agency heads to recognize the importance of regularly monitoring IT security. Still, Vega says the time is right for a new law that requires the continuous monitoring of IT systems for potential threats. Vega, in an interview with GovInfoSecurity, shares his thoughts on how FISMA should be reformed as well as the actions ICE is taking in anticipation of FISMA reform to implement continuous monitoring of the agency's information assets. He also discusses the steps ICE takes in recruiting IT securing personnel and the need to find more technically skilled staffers. Vega spoke with Eric Chabrow, GovInfoSecurity.com managing editor.