Government Information Security Podcast

If the choice were between an intriguing job or higher a higher salary, what would you choose? Minnesota Chief Information Security Officer Chris Buse thinks many information security pros would choose the challenge over money. The ranks of state IT security employees has a number of people who were attracted to government service by the challenges of creating and maintaining secure IT in an environment that most businesses cannot replicate, says Buse, in the second of a two-part interview with Information Security Media Group's GovInfoSecurity.com. Buse describes government work as "a feel-good job," especially for those who have spent years "grinding out money for the stockholders. ...We have a lot of people who have done some pretty remarkable things in their career, but come in here and took pay cuts to be part of our organization." In the interview, Buse explains how he's looking to find bright, talented computer science graduates from regional universities to join the state's IT security team. He also discusses the role of state CISOs in helping shape national cybersecurity polichy. Eric Chabrow, GovInfoSecurity.com managing editor, interviewed Buse. Click here to listen to the first part of the interview, in which Buse addresses Minnesota's efforts to shift to a hybrid IT security management approach, as well as how the state secures its information assets in a recession. To follow GovInfoSecurity.com on Twitter, click here

If the choice were between an intriguing job or higher a higher salary, what would you choose? Minnesota Chief Information Security Officer Chris Buse thinks many information security pros would choose the challenge over money. The ranks of state IT security employees has a number of people who were attracted to government service by the challenges of creating and maintaining secure IT in an environment that most businesses cannot replicate, says Buse, in the second of a two-part interview with Information Security Media Group's GovInfoSecurity.com. Buse describes government work as "a feel-good job," especially for those who have spent years "grinding out money for the stockholders. ...We have a lot of people who have done some pretty remarkable things in their career, but come in here and took pay cuts to be part of our organization." In the interview, Buse explains how he's looking to find bright, talented computer science graduates from regional universities to join the state's IT security team. He also discusses the role of state CISOs in helping shape national cybersecurity polichy. Eric Chabrow, GovInfoSecurity.com managing editor, interviewed Buse. Click here to listen to the first part of the interview, in which Buse addresses Minnesota's efforts to shift to a hybrid IT security management approach, as well as how the state secures its information assets in a recession. To follow GovInfoSecurity.com on Twitter, click here

Interview with Chris Buse, Minnesota Chief Information Security Officer Minnesota, like nearly all other states, can't count on overflowing coffers to fund fully crucial programs, such as IT security. But Chris Buse, Minnesota's chief information security officer, says limited funds is no excuse for not properly safeguarding the state's information assets. "Absolutely not," Buse responded to a question about whether sufficient funds exist to fully secure IT. But it's incumbent on government leaders like Buse to figure out how to work with one another to stretch those dollars to provide the security the state needs. "It's difficult, especially if you're a taxpayer to hear somebody in government say, 'Oh, that's not enough money to provide adequate security,'" Buse said in an interview with Information Security Media Group's GovInfSecurity.com. In the interview, the first of two parts, Buse also addresses efforts to shift to a hybrid IT security management approach from a decentralized one while allowing agency information security managers to continue to make key decisions. Buse spoke with Eric Chabrow, GovInfoSecurity.com managing editor.

Interview with Chris Buse, Minnesota Chief Information Security Officer Minnesota, like nearly all other states, can't count on overflowing coffers to fund fully crucial programs, such as IT security. But Chris Buse, Minnesota's chief information security officer, says limited funds is no excuse for not properly safeguarding the state's information assets. "Absolutely not," Buse responded to a question about whether sufficient funds exist to fully secure IT. But it's incumbent on government leaders like Buse to figure out how to work with one another to stretch those dollars to provide the security the state needs. "It's difficult, especially if you're a taxpayer to hear somebody in government say, 'Oh, that's not enough money to provide adequate security,'" Buse said in an interview with Information Security Media Group's GovInfSecurity.com. In the interview, the first of two parts, Buse also addresses efforts to shift to a hybrid IT security management approach from a decentralized one while allowing agency information security managers to continue to make key decisions. Buse spoke with Eric Chabrow, GovInfoSecurity.com managing editor.

Interview with National Science Foundation CIO George Strawn It's not too often you find an IT leader praising FISMA, but National Science Foundation CIO George Strawn says his agency has made great strides in securing IT by following Office of Management and Budget guidance on the Federal Information Security and Management Act. "We've had A's and A-pluses for the last two or three years from the congressional grading of the results from FISMA," Strawn says, in an interview with Information Security Media Group's GovInfoSecurity.com "Does it work? If you think that FISMA means certify and accredit of all of your information systems, you can make it a paper process that is nothing but bureaucratic, and really doesn't improve the security for much. "I suppose we spent little more on C&A process than they were worth. but since we take security seriously and have a multi-dimensional security process, overall we're pretty satisfied with the requirements that have come down form OMB-land to us. Some of them my be a little bit onerous, then others we think may not be quite worth the cost, but if you integrate over the whole process, they've done a pretty good job of telling us what to do and we've done a pretty good job of doing it, and I think we're much more secure because of that partnership." In the interview, Strawn also points out that because of its relatively small size - its annual budget is about $6 billion - NSF assigns many of its operational IT staffers cybersecurity responsibilities. Strawn was interviewed by Eric Chabrow, managing editor of GovInfoSecurity.com.

Interview with National Science Foundation CIO George Strawn It's not too often you find an IT leader praising FISMA, but National Science Foundation CIO George Strawn says his agency has made great strides in securing IT by following Office of Management and Budget guidance on the Federal Information Security and Management Act. "We've had A's and A-pluses for the last two or three years from the congressional grading of the results from FISMA," Strawn says, in an interview with Information Security Media Group's GovInfoSecurity.com "Does it work? If you think that FISMA means certify and accredit of all of your information systems, you can make it a paper process that is nothing but bureaucratic, and really doesn't improve the security for much. "I suppose we spent little more on C&A process than they were worth. but since we take security seriously and have a multi-dimensional security process, overall we're pretty satisfied with the requirements that have come down form OMB-land to us. Some of them my be a little bit onerous, then others we think may not be quite worth the cost, but if you integrate over the whole process, they've done a pretty good job of telling us what to do and we've done a pretty good job of doing it, and I think we're much more secure because of that partnership." In the interview, Strawn also points out that because of its relatively small size - its annual budget is about $6 billion - NSF assigns many of its operational IT staffers cybersecurity responsibilities. Strawn was interviewed by Eric Chabrow, managing editor of GovInfoSecurity.com.

A veteran cybersecurity pro, Shane Sims shares his insights on trends he's seeing as cybercrime continues to hit all companies, including financial institutions. Sims is currently a Director in the Forensic Services practice at PricewaterhouseCoopers, where he provides investigative, forensic technology, security incident response and cyber security services to commercial and government clients. He is a former FBI Supervisory Special Agent who specialized in cybercrime, digital evidence, computer exploitation, and network surveillance. Listen to this podcast and hear Sims insights on: Who's hitting financial institutions with cybercrime activities; Why just having an incident response plan isn't enough; What needs to happen and (what shouldn't be done) when a breach occurs.

A veteran cybersecurity pro, Shane Sims shares his insights on trends he's seeing as cybercrime continues to hit all companies, including financial institutions. Sims is currently a Director in the Forensic Services practice at PricewaterhouseCoopers, where he provides investigative, forensic technology, security incident response and cyber security services to commercial and government clients. He is a former FBI Supervisory Special Agent who specialized in cybercrime, digital evidence, computer exploitation, and network surveillance. Listen to this podcast and hear Sims insights on: Who's hitting financial institutions with cybercrime activities; Why just having an incident response plan isn't enough; What needs to happen and (what shouldn't be done) when a breach occurs.

Jim Harper contends cyber terrorism does not exists, believing it's a creation of politicians, government contractors and pundits who try to make the problem of securing government IT bigger than it really is. Simply, it's a scare tactic. "Cyber terrorism, in particular, cannot exist," says Harper, director of information policy studies at The Cato Institute, a libertarian think tank. "I think there's no such thing as cyber terrorism because cyberattacks can't cause terror. They don't scare us, and that's an essential element of terrorism as the name implies." In an interview with Information Security Media Group's GovInfoSecurity.com, Harper also: Analogizes the digital world with the real world, and as everything in the real world isn't secured, not all things in cyberspace must be safeguarded, too. Proposes IT vendors assume more responsibility - and liability - for the products they sell in event of cyberattacks, even if that should raise the price of wares the government, businesses and consumers pay. Explains the failure of the Federal Information Security Management Act to truly secure government IT, in part, on lawmakers and policymakers not fully understanding the challenges faced when the law was written in 2002, a matter they must consider when reforming FISMA. Harper spoke with Eric Chabrow, managing editor of GovInfoSecurity.com. Also see these other articles about Harper: Is Term Cybersecurity Meaningless? Is Cyber Threat Overstated? Free Market Seen as FISMA Alternative

Jim Harper contends cyber terrorism does not exists, believing it's a creation of politicians, government contractors and pundits who try to make the problem of securing government IT bigger than it really is. Simply, it's a scare tactic. "Cyber terrorism, in particular, cannot exist," says Harper, director of information policy studies at The Cato Institute, a libertarian think tank. "I think there's no such thing as cyber terrorism because cyberattacks can't cause terror. They don't scare us, and that's an essential element of terrorism as the name implies." In an interview with Information Security Media Group's GovInfoSecurity.com, Harper also: Analogizes the digital world with the real world, and as everything in the real world isn't secured, not all things in cyberspace must be safeguarded, too. Proposes IT vendors assume more responsibility - and liability - for the products they sell in event of cyberattacks, even if that should raise the price of wares the government, businesses and consumers pay. Explains the failure of the Federal Information Security Management Act to truly secure government IT, in part, on lawmakers and policymakers not fully understanding the challenges faced when the law was written in 2002, a matter they must consider when reforming FISMA. Harper spoke with Eric Chabrow, managing editor of GovInfoSecurity.com. Also see these other articles about Harper: Is Term Cybersecurity Meaningless? Is Cyber Threat Overstated? Free Market Seen as FISMA Alternative

Information assurance is what everyone is talking about these days, and the term is strongly associated with "excellence" at the University of Dallas. Listen to Dr. Brett J.L. Landry, Director of the school's Center for Academic Excellence, Information Assurance, discuss: What make's the school's program unique; How students maximize their education; The future of information assurance education. Landry is the Ellis Endowed Chair of Technology Management, Associate Professor and Director of the Center for Academic Excellence in Information Assurance at the University of Dallas. He joined the University of Dallas in the fall of 2006, following six years of teaching at the University of New Orleans. He has worked in network security and design in the private and public sector and earned his Ph.D. from Mississippi State University. Landry has published numerous journal articles on Information Technology in the ACM Journal of Educational Resources in Computing (JERIC), Communications of the ACM (CACM), Decision Sciences Journal of Innovative Education, International Journal of Services and Standards, Journal Business Ethics, Journal of Organizational Change Management and others.

Information assurance is what everyone is talking about these days, and the term is strongly associated with "excellence" at the University of Dallas. Listen to Dr. Brett J.L. Landry, Director of the school's Center for Academic Excellence, Information Assurance, discuss: What make's the school's program unique; How students maximize their education; The future of information assurance education. Landry is the Ellis Endowed Chair of Technology Management, Associate Professor and Director of the Center for Academic Excellence in Information Assurance at the University of Dallas. He joined the University of Dallas in the fall of 2006, following six years of teaching at the University of New Orleans. He has worked in network security and design in the private and public sector and earned his Ph.D. from Mississippi State University. Landry has published numerous journal articles on Information Technology in the ACM Journal of Educational Resources in Computing (JERIC), Communications of the ACM (CACM), Decision Sciences Journal of Innovative Education, International Journal of Services and Standards, Journal Business Ethics, Journal of Organizational Change Management and others.

It's a marriage made in heaven, if your the tropical island of Oahu as paradise. In 2005, newly elected Honolulu Mayor Mufi Hannemann assembled the city's public safety and IT officials together to develop an integrated security program, forming a public safety oversight committee, chaired by chief information officer Gordon Bruce. "Anything that has to deal with security; anytime the issue of security came up, we put it on the list," Bruce says, in an interview with Information Security Media Group's GovInfoSecurity.com. "We took an entire, enterprise approach." Bruce spoke with GovInfoSecurity.com's Eric Chabrow about the benefits of linking governmental physical and IT security.

It's a marriage made in heaven, if your the tropical island of Oahu as paradise. In 2005, newly elected Honolulu Mayor Mufi Hannemann assembled the city's public safety and IT officials together to develop an integrated security program, forming a public safety oversight committee, chaired by chief information officer Gordon Bruce. "Anything that has to deal with security; anytime the issue of security came up, we put it on the list," Bruce says, in an interview with Information Security Media Group's GovInfoSecurity.com. "We took an entire, enterprise approach." Bruce spoke with GovInfoSecurity.com's Eric Chabrow about the benefits of linking governmental physical and IT security.

Securing innovative technology is admirable, but if you don't get the basics right, then an organization cannot truly secure its information technology. That simple belief is at the foundation of IT security efforts at the National Aeronautics and Space Administration (NASA), as articulated by Jerry Davis, NASA's deputy chief information officer for IT security. As NASA consolidates its IT infrastructure - active directory, IP address management and e-mail, to name a few - its security team is actively involved. "Security doesn't function on its own in silos," Davis says in an interview with Information Security Media Group's GovInfoSecurity.com. "Managing better IT in that regard helps us better to manage security as well." Davis also discusses the need for NASA to attract more highly skilled IT security practitioners, especially those with forensic experience, and secure new technologies such as iPhones that employees like to use. Davis was interviewed by GovInfoSecurity.com's Eric Chabrow.