Government Information Security Podcast

The law rarely keeps pace with advancements in information technology, and the 35-year-old federal Privacy Act has failed to provide the proper framework needed to protect the privacy of citizens. Dan Chenok chaired the federal Information Security and Privacy Advisory Board that issued a report entitled Toward a 21st Century Framework for Federal Government Privacy Policy that calls for the creation of a federal chief privacy officer as well as chief privacy officers in major federal agencies and a federal Chief Privacy Officers' Council. The panel also recommended steps Congress and the Obama administration should take to change federal laws and regulations to allow the government to more efficiently use specific technologies, such as cookies, while maintaining citizens' privacy. Chenok, the one-time highest ranking non-political IT official in the Office of Management and Budget and now a senior vice president at IT services provider Pragmatics, spoke with Information Security Media Group's Eric Chabrow and explains how changing the way privacy is governed will enhance protection for American citizens.

Charlotte, N.C., Chief Information Security Office Randy Moulton, unlike his counterparts in the federal government, is responsible for writing the regulations that guides the city government secure its IT security. As Moulton explains in this interview with Information Security Media Group's Eric Chabrow, Charlotte and North Carolina don't have the luxury of the Federal Information Security Management Act, the Office of Management and Budget and the National Institute of Standards and Technology to regulate and guide IT security compliance, though NIST guidance is often employed. Still, cities like Charlotte - population topping 600,000 - look to Washington for ideas, and Moulton says he's closely following developments from the White House as President Obama implements new federal government cybersecurity and wonders what impact that could have on his operation.

Charlotte, N.C., Chief Information Security Office Randy Moulton, unlike his counterparts in the federal government, is responsible for writing the regulations that guides the city government secure its IT security. As Moulton explains in this interview with Information Security Media Group's Eric Chabrow, Charlotte and North Carolina don't have the luxury of the Federal Information Security Management Act, the Office of Management and Budget and the National Institute of Standards and Technology to regulate and guide IT security compliance, though NIST guidance is often employed. Still, cities like Charlotte - population topping 600,000 - look to Washington for ideas, and Moulton says he's closely following developments from the White House as President Obama implements new federal government cybersecurity and wonders what impact that could have on his operation.

Rep. James Langevin, D.-R.I., holds out hope that the new White House cybersecurity coordinator will have more influence with the president than Obama suggested in his speech last week outlining the administration's approach to information security. As co-chair of the House Cybersecurity Caucus and the influential public-private Commission on Cybersecurity for the 44th President, Langevin wanted the cybersecurity adviser to be a special assistant, but would understand that individual a step lower on the White House organizational chart - deputy special assistant - should have enough sway to get the president's ear. In an interview with GovInfoSecurity.com's Eric Chabrow, Langevin discusses the the responsibilities the White House and Congress have in securing government IT, including the need to provide proper funding, and the role government leaders must play to work with the private sector to safeguard the critical national IT infrastructure.

Rep. James Langevin, D.-R.I., holds out hope that the new White House cybersecurity coordinator will have more influence with the president than Obama suggested in his speech last week outlining the administration's approach to information security. As co-chair of the House Cybersecurity Caucus and the influential public-private Commission on Cybersecurity for the 44th President, Langevin wanted the cybersecurity adviser to be a special assistant, but would understand that individual a step lower on the White House organizational chart - deputy special assistant - should have enough sway to get the president's ear. In an interview with GovInfoSecurity.com's Eric Chabrow, Langevin discusses the the responsibilities the White House and Congress have in securing government IT, including the need to provide proper funding, and the role government leaders must play to work with the private sector to safeguard the critical national IT infrastructure.

From the president on down, the nation has a renewed focus on cybersecurity. Nadia Short of General Dynamics, a major government/defense contractor, discusses: The types of cybersecurity positions GD is filling; Requirements for qualified personnel; Potential career paths in cybersecurity. Nadia D. Short is vice president of strategy & business development at General Dynamics Advanced Information Systems. In this role, she is responsible for strategic planning, business development, international business, marketing and public relations, and customer and corporate relations.

From the president on down, the nation has a renewed focus on cybersecurity. Nadia Short of General Dynamics, a major government/defense contractor, discusses: The types of cybersecurity positions GD is filling; Requirements for qualified personnel; Potential career paths in cybersecurity. Nadia D. Short is vice president of strategy & business development at General Dynamics Advanced Information Systems. In this role, she is responsible for strategic planning, business development, international business, marketing and public relations, and customer and corporate relations.

NSA 'Hacker' Speaks Out Legislation before Congress would require agencies to implement new ways to measure information security, including detailed blue-team analysis and red-team assaults on IT systems. Most civilian agencies have not conducted blue/red team analysis, but it's been a common practice for years within Defense and intelligence agencies. Among the leading organizations conducting blue/red team analysis for the Department of Defense, intelligence agencies and some units at the Department of Homeland Security is the three-year-old Vulnerability Analysis and Operations Groups at the National Security Agency. Tony Sager serves as the group's chief, and he says such testing requires far more planning between his organization and client agencies than most people would expect. "It's not freeform, turn a bunch of people loose," Sager says. "There's a lot of consideration given to what is it that the customer would like to learn." GovInfoSecurity.com Managing Editor Eric Chabrow interviewed Sager on how blue teams and red teams function.

NSA 'Hacker' Speaks Out Legislation before Congress would require agencies to implement new ways to measure information security, including detailed blue-team analysis and red-team assaults on IT systems. Most civilian agencies have not conducted blue/red team analysis, but it's been a common practice for years within Defense and intelligence agencies. Among the leading organizations conducting blue/red team analysis for the Department of Defense, intelligence agencies and some units at the Department of Homeland Security is the three-year-old Vulnerability Analysis and Operations Groups at the National Security Agency. Tony Sager serves as the group's chief, and he says such testing requires far more planning between his organization and client agencies than most people would expect. "It's not freeform, turn a bunch of people loose," Sager says. "There's a lot of consideration given to what is it that the customer would like to learn." GovInfoSecurity.com Managing Editor Eric Chabrow interviewed Sager on how blue teams and red teams function.

Steve Katz was the world's first CISO, and he has unique insight on the information security profession - how it's developed and where it's headed. In an exclusive interview, Katz discusses: How the information security role has evolved; Which trends are changing the role; The skillsets necessary for today's security professionals to succeed tomorrow. Katz is a prominent figure in the network security discipline. Since 1985, he has served as the senior security executive for Citibank/Citigroup, JP Morgan, and most recently Merrill Lynch - and has been a force in raising the visibility and shaping the direction of the security industry at industry and government levels. Deeply respected within both the financial services and security industries, Katz has testified to Congress on information security issues and was appointed as the Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. Other credentials include: Founder and Chairman of the Financial Services Information Sharing and Analysis Center; Chairman of the American Bankers Association Information Systems Security Committee; Vice Chair, Financial Services Roundtable-BITS Security and Risk Assessment Committee; member of the New York Clearinghouse Banks Data Security Officers Committee; and member of the Securities Industry Association Information Security Committee.

Steve Katz was the world's first CISO, and he has unique insight on the information security profession - how it's developed and where it's headed. In an exclusive interview, Katz discusses: How the information security role has evolved; Which trends are changing the role; The skillsets necessary for today's security professionals to succeed tomorrow. Katz is a prominent figure in the network security discipline. Since 1985, he has served as the senior security executive for Citibank/Citigroup, JP Morgan, and most recently Merrill Lynch - and has been a force in raising the visibility and shaping the direction of the security industry at industry and government levels. Deeply respected within both the financial services and security industries, Katz has testified to Congress on information security issues and was appointed as the Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. Other credentials include: Founder and Chairman of the Financial Services Information Sharing and Analysis Center; Chairman of the American Bankers Association Information Systems Security Committee; Vice Chair, Financial Services Roundtable-BITS Security and Risk Assessment Committee; member of the New York Clearinghouse Banks Data Security Officers Committee; and member of the Securities Industry Association Information Security Committee.

It's been nearly four years since John Gilligan retired as Air Force chief information office, but he remains a force in influencing the future direction of government information security. Earlier this year, Gilligan - president of the consultancy Gilligan Group - led a consortium of federal agencies and private organizations in developing the Consensus Audit Guidelines that define the most critical security controls to protect federal IT systems and coauthored the influential Commission on Cybersecurity for the 44th Presidency report from the Center for Strategic and International Studies, a Washington think tank, that's helping shape federal government IT security policy. In this second of a two-part interview with GovInfoSecurity.com Managing Editor Eric Chabrow, Gilligan explains the importance of the Consensus Audit Guidelines and how so-called red teams are critical in identifying vulnerabilities in government IT systems. In the first part of the interview, Gilligan explains the importance of core configuration, and the challenges the government faces in expanding the program to other types of information and communication technologies. Gilligan spent a quarter century in the government workforce, and also served as CIO of the Energy Department.

It's been nearly four years since John Gilligan retired as Air Force chief information office, but he remains a force in influencing the future direction of government information security. Earlier this year, Gilligan - president of the consultancy Gilligan Group - led a consortium of federal agencies and private organizations in developing the Consensus Audit Guidelines that define the most critical security controls to protect federal IT systems and coauthored the influential Commission on Cybersecurity for the 44th Presidency report from the Center for Strategic and International Studies, a Washington think tank, that's helping shape federal government IT security policy. In this second of a two-part interview with GovInfoSecurity.com Managing Editor Eric Chabrow, Gilligan explains the importance of the Consensus Audit Guidelines and how so-called red teams are critical in identifying vulnerabilities in government IT systems. In the first part of the interview, Gilligan explains the importance of core configuration, and the challenges the government faces in expanding the program to other types of information and communication technologies. Gilligan spent a quarter century in the government workforce, and also served as CIO of the Energy Department.

Interview with Longtime Criminal Investigator Dana Turner Embezzlement has become the nation's favorite financial crime -- and losses attributed to embezzlement are greater than those from all other financial crimes combined. Understanding the crime of embezzlement is critical to every investigator. In this exclusive interview in advance of his new webinar series, Dana Turner discusses: Why embezzlement is a growing crime; How the Internet aids embezzlers - and investigators; Key distinctions between male and female embezzlers - and how to spot them. Turner is a security practitioner with Security Education Systems -- a research, consulting and training firm located near San Antonio, Texas. He has served as a law enforcement officer in several capacities -- including the investigation of business and banking crimes; as a community college instructor and administrator in both the law enforcement and business management fields; and as a program development specialist and trainer for private businesses, governmental agencies and professional associations. He is the author of the Financial Institution Security Library and he also has served as an instructor in both the FFIEC's White Collar Crime Conference and Web Banking - Payment Systems Risk Conference.

Interview with Longtime Criminal Investigator Dana Turner Embezzlement has become the nation's favorite financial crime -- and losses attributed to embezzlement are greater than those from all other financial crimes combined. Understanding the crime of embezzlement is critical to every investigator. In this exclusive interview in advance of his new webinar series, Dana Turner discusses: Why embezzlement is a growing crime; How the Internet aids embezzlers - and investigators; Key distinctions between male and female embezzlers - and how to spot them. Turner is a security practitioner with Security Education Systems -- a research, consulting and training firm located near San Antonio, Texas. He has served as a law enforcement officer in several capacities -- including the investigation of business and banking crimes; as a community college instructor and administrator in both the law enforcement and business management fields; and as a program development specialist and trainer for private businesses, governmental agencies and professional associations. He is the author of the Financial Institution Security Library and he also has served as an instructor in both the FFIEC's White Collar Crime Conference and Web Banking - Payment Systems Risk Conference.