Government Information Security Podcast

Interview with Longtime Criminal Investigator Dana Turner Embezzlement has become the nation's favorite financial crime -- and losses attributed to embezzlement are greater than those from all other financial crimes combined. Understanding the crime of embezzlement is critical to every investigator. In this exclusive interview in advance of his new webinar series, Dana Turner discusses: Why embezzlement is a growing crime; How the Internet aids embezzlers - and investigators; Key distinctions between male and female embezzlers - and how to spot them. Turner is a security practitioner with Security Education Systems -- a research, consulting and training firm located near San Antonio, Texas. He has served as a law enforcement officer in several capacities -- including the investigation of business and banking crimes; as a community college instructor and administrator in both the law enforcement and business management fields; and as a program development specialist and trainer for private businesses

Interview with former Air Force and Energy CIO John Gilligan on core configuration. While Air Force chief information officer, John Gilligan initiated the process that led to the highly praised Federal Desktop Core Configuration, in which personal computers purchased by the government must be preconfigured to included specified security controls. In the first of a two-part interview with GovInfoSecurity.com managing editor Eric Chabrow, Gilligan explains the importance of core configuration, and the challenges the government faces in expanding the program to other types of information and communication technologies. A primary barrier, Gilligan says, is overcoming the culture of each agency deciding how it deems best to procure and secure its IT. "The term personal computer is just more than a description of a particular brand of machine, but it is really how people think of it. It is my computer, it's my organization, and no one outside will tell me how to operate," Gilligan says. Gilligan also served a

As the first chief information security officer of Vermont, Kris Rowley's primary mission isn't to build an information security organization, but to create a culture of IT security and trust. In a state where many agencies operate their own independent information systems -- stovepipes, she calls them - encouraging agency heads and their IT staffs to adapt to new approaches proves to be a challenge, one she's willing to take on. "People have their own domains, and they're the lord of their domains, and that's where they feel comfortable," says Rowley, who's been on the job since last September. "Part of that is a trust issue, as well. There's now an office of CISO in the state, and that's new to people. That involves change, and as we all know, change is difficult." In an interview with GovInforSecurity.com Managing Editor Eric Chabrow, Rowley discusses how she plans to change old habits by fostering an information security culture in Vermont, as well as working to codify information assurance policies and

There are more opportunities than ever for skilled information security professionals. This is the belief of Gerald Masson, Director of Johns Hopkins University Information Security Institute, and in an exclusive interview he discusses: Job prospects for information security professionals in the public and private sectors; Growing opportunities in the healthcare field; What students need to know if they're either starting or re-starting their careers. Masson received his PhD from Northwestern University in 1971. He has developed and taught numerous graduate and undergraduate courses addressing various aspects of the field of computer networking and systems architecture. He has published over 150 technical papers, co-authored two books and is an inventor on six patents. His research addresses a range of issues dealing with the foundations and implementations of distributed systems regarding issues such as survivability, real-time performance monitoring techniques, and security mechanisms used for networ

Cloud computing is among the hottest topics in the federal government, with its efficiencies promising to save agencies and eventually taxpayers money. Despite its attractiveness, few agencies have implemented any type of cloud computing initiative, mostly because of IT security concerns. The Defense Information Systems Agency is among the few government agencies actively involved in cloud computing. In this interview, Henry Sienkiewicz, technical program advisor in DISA's Computing Services Directorate, discusses how DISA: Employs cloud computing securely behind its own firewall; Wrestles with the cultural change to a new computing model; and Collaborates with vendors to host and manage their commercial software-as-a-service applications on DISA servers.

Verizon Business investigated 90 major data breaches in 2008, including 285 million compromised records. Nearly ¾ of those breaches were external hacks, and 99.9 percent of the records were compromised via servers and applications. These are among the findings of Verizon's new 2009 Data Breach Investigations Report. In an exclusive interview, Dr. Peter Tippett, VP of Technology and Innovation at Verizon Business, discusses: The survey results; What these results mean to financial institutions and government entities; Which threats to watch out for most in the coming months. Tippett is the chief scientist of the security product testing and certification organization, ICSA Labs, an independent division of Verizon Business. An information security pioneer, Tippett has led the computer security industry for more than 20 years, initially as a vendor of security products, and over the past 16 years, as a key strategist. He is widely credited with creating the first commercial anti-virus product

As the swine flu outbreak triggers new fears of a global pandemic, security organizations must dust off and review their emergency management plans. For insight on how to prepare for swine flu, pandemic expert Regina Phelps offers expert insight on: What you need to know about swine flu; How your organization should respond - internally and with customers; Where and what to watch for updates over the coming days. Regina Phelps is an internationally recognized expert in the field of emergency management and continuity planning. With over 26 years of experience, she has provided consultation and educational speaking services to clients in four continents. She is founder of Emergency Management & Safety Solutions, a consulting company specializing in emergency management, continuity planning and safety. Resources Swine Flu Update Swine Flu FAQ

To this point, information security professionals have been generalists. Going forward, they'll have to be specialists. At least this is the opinion of John Rossi, professor of systems management/information assurance. In an exclusive interview on the future of the information security profession, Rossi discusses: Why information security is headed toward specialization; The new capacities security professionals must develop; How academic institutions and industry groups must change how they educate security pros. Rossi is a Professor of Systems Management/Information Assurance in the Information Operations and Assurance Department at the National Defense University (NDU) Information Resources Management College (IRMC). Prior to joining the NDU/IRMC faculty, he was a computer scientist for information security, research, and training with the U.S. Federal Aviation Administration Headquarters. He was Security Division Manager of the U.S. Department of Energy's Nuclear Weapons Production Security Assess

Navy CIO Robert Carey was among the first federal CIOs to embrace blogging as a way to keep in touch with his various constituencies, including officers and sailors. Carey believes steps can be taken to embrace new technologies while maintaining security. In this second of two parts of an exclusive interview, Carey discusses: Securing the new Navy-Marine intranet to debut next year; How the Navy employs social networking, though with some security restrictions; and Plans to implement secure cloud computing as a way to exploit technical efficincies. Carey joined the Navy's Office of CIO in 2000, regularly being elevated from e-business team leader, to director of the Smart Card Office, to deputy CIO for policy and integration to CIO. Previously, Carey served in a variety of engineering and program management leadership positions within the Navy's acquisition community in the undersea warfare domain. A 1982 graduate of the University of South Carolina with a BS in engineering, Carey earned a master of engi

Information Security is among the top priorities for departmental and agency chief information officers, and no one knows that better than Navy CIO Robert Carey, who carries the double duty of co-chairing the federal CIO Council's Committee on Information Security and Identity Management. In this first of two parts of an exclusive interview, Carey discusses: Information security initiatives being tackled by the CIO Council panel he co-chairs with Justice Department CIO Vance Hitch; How the Federal Information Security Management Act benefited government IT security; and Why he feels there's no need for a separate Chief Information Security Officer Council. Carey joined the Navy's Office of CIO in 2000, regularly being elevated from e-business team leader, to director of the Smart Card Office, to deputy CIO for policy and integration to CIO. Previously, Carey served in a variety of engineering and program management leadership positions within the Navy's acquisition community in the undersea warfare domain

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.

It's a simple proposition for successful applicants to the Scholarship for Service (SFS) Program: Get your information security education paid for, and then come work for the U.S. government. "It's one of the most generous scholarships I've ever seen," says Victor Piotrowski, Lead Program Director of SFS for the National Science Foundation. In an exclusive interview, Piotrowski discusses: The origins of SFS; How students can apply; Where graduates are finding jobs. Before joining NSF, Piotrowski served as a Professor and Chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.

From the Heartland data breach to the new Massachusetts data protection law, privacy is the hot topic in business and government. In an exclusive interview, Peter Kosmala, assistant director of the International Association of Privacy Professionals (IAPP), discusses: The top privacy topics in business and government; How organizations are tackling these issues; The potential impact of state and federal privacy legislation; The value of the Certified Information Privacy Professional (CIPP) credential. Kosmala oversees product management for the IAPP with specific oversight of distance learning products, privacy certifications and industry awards programs. He also manages business development efforts between the IAPP and peer organizations in the information security, information auditing and legal compliance arenas as well as organizations based in the Asia-Pacific region. The IAPP, based in York, Maine, was founded in 2000 with a mission to define, promote and improve the privacy profession globally.

Chief of Computer Security Division Describes New Challenges Computer scientists at the National Institute of Standards and Technology are actively working on a number of projects aimed at helping federal agencies secure their IT systems. Helping direct those projects is Curtis Barker, chief of the Computer Security Division at NIST's Information Technology Laboratory. The division provides standards needed to protect federal government information systems against threats to the confidentiality, integrity and availability of information and services. In an interview, Barker describes active projects underway in the division, including: Identifying information security processes that can be automated; Improving ways for federal information security managers to more easily identify controls NIST identifies as crucial to secure government IT; and Identifying the security challenges of Web 2.0 and cloud computing so federal agencies can safely implement these technologies. Barker has been at NIST for more

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated iden

The Information Resources Management College isn't your father's or mother's graduate school. Part of the National Defense University, run by the Defense Department and based at Fort McNair in Washington, D.C., IRMC offers graduate-level courses to government employees working in civilian and defense agencies in 10 programs, including its fastest growing, information assurance. In this interview, college Director Robert Childs and faculty members Robert Young and Stephen Mancini discuss: What government information security professionals can get out of the college to help advance their careers. The unusual background of some of its faculty. How the college will align its future courses with the information security goals of the Obama administration. Robert Childs was named head of the Information Resources Management College in 1999. He established Centers of Excellence for Education in E-government and Information Assurance while expanding the number of institutions offering cooperative masters and doctor

A big complaint about the Federal Information Security Management Act (FISMA) is that agencies complying with its provisions merely prove they're following processes aimed at securing information systems, but they don't necessarily prove the systems are indeed secure. In an exclusive interview, Ron Ross, the National Institute of Standards and Technology's FISMA guru, explains: The current challenges agencies face in complying with FISMA. How NIST standards, if adopted, will help secure government IT. Why no metric will fully assure systems will always be safe. Ron Ross is a senior computer scientist at the National Institute of Standards and Technology's Computer Security Division. His areas of specialization include security requirements definition, security testing and evaluation and information assurance. Ross leads the Federal Information Security Management Act Implementation Project for NIST.

Because of the economic conditions, risks to organizations - from the inside and out - are at a critical high. Risk managers at public and private organizations are forced to make careful decisions on how to invest scarce resources. In an exclusive interview, Joe Restoule, President of the Risk and Insurance Management Society (RIMS), discusses: The top risk management issues of 2009; How risk managers should focus their available resources; Advice for professionals looking to start a career in risk management. Restoule currently serves as RIMS president. He has served on RIMS board since 2001 in various capacities, including vice president and secretary. RIMS is a not-for-profit organization dedicated to advancing the practice of risk management. Founded in 1950, RIMS represents more than 4,000 industrial, service, nonprofit, charitable and governmental entities. The Society serves more than 10,500 risk management professionals around the world.

Despite the recession and record job losses, information security remains a top concern for public and private sector organizations. But what can security professionals do to protect their careers and be considered for these jobs? In an exclusive interview, Pat Myers, chair of (ISC)2, discusses: Top security and risk management issues facing organizations; How security professionals can protect and invest in their careers; Advice for people looking to either start or move into an information security career. An (ISC)² Board member since 1999, Myers has more than 23 years experience in all facets of information security, working extensively in financial services for such companies as Charles Schwab, Inc., Wells Fargo Bank, American Express, and Williams-Sonoma, Inc. She was previously a Director with RedSiren and was "CyberDean" of their Information Security University.

Cybersecurity is a major priority of the Obama Administration, and at Carnegie Mellon University's Software Engineering Institute, it's a key component of the CERT Program's Survivability and Information Assurance (SIA) curriculum. In an exclusive interview, Lawrence Rogers, chief architect of the SIA program, discusses: The need for cybersecurity education; The greatest cybersecurity needs in government and business; Potential career paths for cybersecurity professionals. Lawrence R. Rogers is a senior member of the technical staff in the CERT Program (also the home of the CERT Coordination Center). He has been writing articles for the non-computer professional for several years and was the chief architect and main contributor to the CERT Survivability and Information Assurance (SIA) Curriculum. He is currently a member of the Cyber Forensics team and teaches courses on system administration, cyber forensics, and incident handling.