Government Information Security Podcast

With the heightened focus on cybersecurity - and increased incidents of insider crimes - the digital forensics practice has also gained a higher profile in both the private and public sectors. Keith Barger, a forensics veteran, currently serves as a director in KPMG's forensics practice in Houston, TX. In an exclusive interview, Barger discusses: Myths and realities about forensics; How businesses and government agencies are employing forensics today; Tips on where your organization can acquire forensics skills. Barger joined KPMG in 2006 after six years as a Special Agent and Digital Forensics and e-Discovery Western Regional Coordinator and Project Manager with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience with e-Discovery, the Amended Federal Rules of Civil Procedure, digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Barger specializes in electronic data discovery, data

The Heartland data breach and July's denial of service (DDoS) attacks against government agencies are among the biggest information security incidents of the year. And they've pushed incident response into the spotlight. Peter Allor is on the Steering Committee of the Forum for Incident Response and Security Teams (FIRST.org), and in this interview he discusses: Key incident response issues facing organizations today; What we've learned from the Heartland and government DDoS incidents; How to prepare for a successful career in incident response. Allor is a member of the Forum for Incident Response and Security Teams (FIRST) Steering Committee, a forum for security and incident information exchange between teams international. He also is the program manager for cyber incident & vulnerability Handling for IBM, where he is responsible for guiding the company's overall security initiatives and participation in enterprise and government implementation strategies. In addition, Allor is a member of: The Infor

Interview with Alan Berman of DRI International and AnneMarie Staley of NYSE The H1N1 threat has put business continuity and disaster recovery (BC/DR) in the headlines. But behind the scenes, the discipline has long been active in helping global organizations respond to myriad natural and man-made disasters. In a discussion about H1N1 and other BC/DR issues, Alan Berman of DRI International and AnneMarie Staley of NYSE touch upon: The biggest threats and regulatory challenges facing global organizations; How to apply "Think Global, Act Local" to BC/DR; What organizations must do now to respond to the H1N1 threat. Berman, the Executive Director of DRI International, is a CBCP, a member of the ASIS BS25999 technical committee, a member of the Committee of Experts for ANSI-ANAB, a former member of the NY City Partnership for Security and Risk Management and the co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the US Private Sector Preparedness Act (PL 110-53). Over a

Not only is Capella University one of the NSA's accredited Centers of Academic Excellence (CAE), the school also offers undergraduate, graduate and post-graduate programs in information assurance - and 100% online. In discussing Capella's unique programs, Dr. Steven Brown touches upon: How Capella's information assurance programs have developed; Where students live, work, and what they bring to the programs; The future of information security education. Dr. Brown is an experienced professional with more than 25 years of technical and business experience. His work both domestically and internationally has been in telecommunications, data networks, strategic communications, electronic commerce, business management, and security. He has authored several publications and presented at conferences around the world. Dr. Brown is currently serving as a Capella core faculty member teaching graduate courses in information assurance and security. He is responsible for ensuring that the information security and net

FISMA has been somewhat maligned this year as a paper-pushing law that prompts chief information security officers to file the right documents rather than truly secure the IT their charged to safeguard. But Gil Vega sees a lot of good in the seven-year-old Federal Information Security Management Act. The CISO at the Department of Homeland Security agency known as ICE - Immigration and Customs Enforcement - credits FISMA with getting secretaries and agency heads to recognize the importance of regularly monitoring IT security. Still, Vega says the time is right for a new law that requires the continuous monitoring of IT systems for potential threats. Vega, in an interview with GovInfoSecurity, shares his thoughts on how FISMA should be reformed as well as the actions ICE is taking in anticipation of FISMA reform to implement continuous monitoring of the agency's information assets. He also discusses the steps ICE takes in recruiting IT securing personnel and the need to find more technically skilled staffers.

Cybersecurity is the buzzword these days, and in terms of education ... Carnegie Mellon University is all over it, and has been for nearly a decade. In an exclusive interview, Pradeep Khosla, dean of the College of Engineering at Carnegie Mellon, discusses: The school's current cybersecurity programs; Hot career opportunities for graduates; Advice for those looking to start or jump-start a cybersecurity career. Khosla is currently Dean of the College of Engineering and the Philip and Marsha Dowd University Professor at Carnegie Mellon. His previous positions include: Founding Director, Carnegie Mellon CyLab; Head, Department of Electrical and Computer Engineering; Director, Information Networking Institute; Founding Director, Institute for Complex Engineered Systems (ICES); and Program Manager, Defense Advanced Research Projects Agency (DARPA), where he managed a $50M portfolio of programs in real-time systems, internet enabled software infrastructure, intelligent systems, and distributed systems.

Rhode Island's information security staff consists of two people - the chief information security officer and the deputy CISO - which shouldn't be surprising considering the state is the smallest one in the nation, at least geographically. But size can be deceiving. In reality, many of the IT specialists working in the various agencies also have been charged with securing the state's IT assets. In an interview with GovInfoSecurity.com, CIO Jack Landers and CISO Ernie Quaglieri discuss how cybersecurity is integrated into the state IT operation. They also discuss their working relationship as well as how a recent move to centralize IT functions in state government is proving beneficial. Landers and Quaglieri spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

Identity theft is a growing concern for governments, businesses and citizens alike. "We're in the middle of a national identity crisis," says Neville Pattinson, VP of Government Affairs & Standards, NA., Gemalto. In an exclusive interview, Pattinson discusses: The case for credentialing; Practical applications of credentialing in the government and healthcare industries - and how other industries can benefit; Good first steps toward secure, effective solutions. Pattinson is a leading expert on smart cards and using the microprocessor chip to keep identity credential data and biometrics secure and private. Pattinson has been heavily involved in planning and implementing a number of federal government security initiatives including the Department of Defense Common Access Card (CAC); the State Department's electronic passport; the Western Hemisphere Travel Initiative cards; the Department of Transportation's Transportation Worker Identity Credential (TWIC) and the Transportation Security Administration's Regis

Interview with Prof. N. Paul Schembari, East Stroudsburg University Information security - it's now a major national priority, and it's also the subject of a new Master's of Science program at East Stroudsburg University. This unique, online graduate program debuts on Aug. 31, and in an exclusive interview ESU professor N. Paul Schembari discusses: The program's unique characteristics; Educational and career opportunities for prospective students; How to quickly take steps toward enrollment.

Interview of Will Pelgrin, New York State Director of Cybersecurity and Critical Infrastructure Money's tight everywhere in this recession, and New York State - like other governments - need to be innovative in how to secure its information assets. For Will Pelgrin, the director of the state Office of Cybersecurity and Critical Infrastructure Coordination, that means keeping key executive branch officials - from the governor on down - and lawmakers informed about the threats to the state's information systems is key in getting the needed backing to support his efforts. Such briefings are crucial, Pelgrin says, because those who control state coffers don't perceive cyber threats as IT professionals do. Not only briefing them, but putting cybersecurity in a context they understand - i.e.: if you don't have a break-in, you don't remove your locks - is critical. In the second of a two-part interview with GovInfoSecurity.com, Pelgrin discusses the need to make new technologies such as social networks secure fo

Interview of Will Pelgrin, New York State Director of Cybersecurity and Critical Infrastructure Coordination Will Pelgrin is a CISOs CISO. Minnesota Chief Information Security Officer Chris Buse describes Pelgrin - director of New York State's Office of Cybersecurity and Critical Infrastructure Coordination - as "cool testament" to the type of leaders emanating out of state government. Pelgrin chairs the Multi-State Information Sharing and Analysis Center - MS ISAC - a 50-state consortium that collects information on cyber threats to government and critical infrastructure IT shares that information among the states and local governments. He also served as a member on the Commission on Cybersecurity for the 44th Presidency. In New York, he heads the New York State Public/Private Sector Cybersecurity Workgroup that consists of representatives from federal, state and local governments, academia and business and ensures cyber readiness in the state. In the first of a two-part interview with GovInfoSecurity.co

Larry Kettlewell is Kansas' chief information security officer, but has no direct authority over individual state agencies' implementation of IT security. But Kettlewell isn't without influence. He chairs the state IT Security Council and heads the Department of Information Services and Communication's Enterprise Security Office, which coordinates incident response and oversees the state's IT infrastructure as it relates to security. In an interview with GovInfoSecurity.com, Kettlewell discusses: Kansas' uncommon approach to IT security governance; Major obstacles the state faces in securing IT; How cybersecurity policy being developed in Washington will have an impact on states; and Challenges in recruiting an IT security workforce. Eric Chabrow, GovInfoSecurity managing editor, interview Kettlewell.

If the choice were between an intriguing job or higher a higher salary, what would you choose? Minnesota Chief Information Security Officer Chris Buse thinks many information security pros would choose the challenge over money. The ranks of state IT security employees has a number of people who were attracted to government service by the challenges of creating and maintaining secure IT in an environment that most businesses cannot replicate, says Buse, in the second of a two-part interview with Information Security Media Group's GovInfoSecurity.com. Buse describes government work as "a feel-good job," especially for those who have spent years "grinding out money for the stockholders. ...We have a lot of people who have done some pretty remarkable things in their career, but come in here and took pay cuts to be part of our organization." In the interview, Buse explains how he's looking to find bright, talented computer science graduates from regional universities to join the state's IT security team. He a

Interview with Chris Buse, Minnesota Chief Information Security Officer Minnesota, like nearly all other states, can't count on overflowing coffers to fund fully crucial programs, such as IT security. But Chris Buse, Minnesota's chief information security officer, says limited funds is no excuse for not properly safeguarding the state's information assets. "Absolutely not," Buse responded to a question about whether sufficient funds exist to fully secure IT. But it's incumbent on government leaders like Buse to figure out how to work with one another to stretch those dollars to provide the security the state needs. "It's difficult, especially if you're a taxpayer to hear somebody in government say, 'Oh, that's not enough money to provide adequate security,'" Buse said in an interview with Information Security Media Group's GovInfSecurity.com. In the interview, the first of two parts, Buse also addresses efforts to shift to a hybrid IT security management approach from a decentralized one while allowing ag

Interview with National Science Foundation CIO George Strawn It's not too often you find an IT leader praising FISMA, but National Science Foundation CIO George Strawn says his agency has made great strides in securing IT by following Office of Management and Budget guidance on the Federal Information Security and Management Act. "We've had A's and A-pluses for the last two or three years from the congressional grading of the results from FISMA," Strawn says, in an interview with Information Security Media Group's GovInfoSecurity.com "Does it work? If you think that FISMA means certify and accredit of all of your information systems, you can make it a paper process that is nothing but bureaucratic, and really doesn't improve the security for much. "I suppose we spent little more on C&A process than they were worth. but since we take security seriously and have a multi-dimensional security process, overall we're pretty satisfied with the requirements that have come down form OMB-land to us. Some of them m

A veteran cybersecurity pro, Shane Sims shares his insights on trends he's seeing as cybercrime continues to hit all companies, including financial institutions. Sims is currently a Director in the Forensic Services practice at PricewaterhouseCoopers, where he provides investigative, forensic technology, security incident response and cyber security services to commercial and government clients. He is a former FBI Supervisory Special Agent who specialized in cybercrime, digital evidence, computer exploitation, and network surveillance. Listen to this podcast and hear Sims insights on: Who's hitting financial institutions with cybercrime activities; Why just having an incident response plan isn't enough; What needs to happen and (what shouldn't be done) when a breach occurs.

Jim Harper contends cyber terrorism does not exists, believing it's a creation of politicians, government contractors and pundits who try to make the problem of securing government IT bigger than it really is. Simply, it's a scare tactic. "Cyber terrorism, in particular, cannot exist," says Harper, director of information policy studies at The Cato Institute, a libertarian think tank. "I think there's no such thing as cyber terrorism because cyberattacks can't cause terror. They don't scare us, and that's an essential element of terrorism as the name implies." In an interview with Information Security Media Group's GovInfoSecurity.com, Harper also: Analogizes the digital world with the real world, and as everything in the real world isn't secured, not all things in cyberspace must be safeguarded, too. Proposes IT vendors assume more responsibility - and liability - for the products they sell in event of cyberattacks, even if that should raise the price of wares the government, businesses and consumers pay

Information assurance is what everyone is talking about these days, and the term is strongly associated with "excellence" at the University of Dallas. Listen to Dr. Brett J.L. Landry, Director of the school's Center for Academic Excellence, Information Assurance, discuss: What make's the school's program unique; How students maximize their education; The future of information assurance education. Landry is the Ellis Endowed Chair of Technology Management, Associate Professor and Director of the Center for Academic Excellence in Information Assurance at the University of Dallas. He joined the University of Dallas in the fall of 2006, following six years of teaching at the University of New Orleans. He has worked in network security and design in the private and public sector and earned his Ph.D. from Mississippi State University. Landry has published numerous journal articles on Information Technology in the ACM Journal of Educational Resources in Computing (JERIC), Communications of the ACM (CACM), Dec

It's a marriage made in heaven, if your the tropical island of Oahu as paradise. In 2005, newly elected Honolulu Mayor Mufi Hannemann assembled the city's public safety and IT officials together to develop an integrated security program, forming a public safety oversight committee, chaired by chief information officer Gordon Bruce. "Anything that has to deal with security; anytime the issue of security came up, we put it on the list," Bruce says, in an interview with Information Security Media Group's GovInfoSecurity.com. "We took an entire, enterprise approach." Bruce spoke with GovInfoSecurity.com's Eric Chabrow about the benefits of linking governmental physical and IT security.

Securing innovative technology is admirable, but if you don't get the basics right, then an organization cannot truly secure its information technology. That simple belief is at the foundation of IT security efforts at the National Aeronautics and Space Administration (NASA), as articulated by Jerry Davis, NASA's deputy chief information officer for IT security. As NASA consolidates its IT infrastructure - active directory, IP address management and e-mail, to name a few - its security team is actively involved. "Security doesn't function on its own in silos," Davis says in an interview with Information Security Media Group's GovInfoSecurity.com. "Managing better IT in that regard helps us better to manage security as well." Davis also discusses the need for NASA to attract more highly skilled IT security practitioners, especially those with forensic experience, and secure new technologies such as iPhones that employees like to use. Davis was interviewed by GovInfoSecurity.com's Eric Chabrow.