Healthcare Information Security Podcast

Dena Haritos Tsamitis has an ambitious goal for the year: to improve cyber awareness among 10 million people globally. The Director of Education, Training and Outreach at Carnegie Mellon University's CyLab, Dena discusses: The cyber awareness challenge among people of all ages; Effective techniques for improving awareness; How organizations can improve and maximize their own efforts. Dena oversees education, training and outreach for Carnegie Mellon CyLab, the university's cybersecurity research center. She leads the MySecureCyberspace initiative to raise "cyber awareness" in Internet users of all ages through a portal, game and curriculum. She guides the education initiatives of the NSF Situational Awareness for Everyone center, which explores ways to improve computer defenses by incorporating models of human, computer and attack interactions into the defenses themselves. Also through CyLab, she serves as Principle Investigator on two NSF-funded programs: the Scholarship for Service (SFS) program and the Information Assurance Capacity Building Program (IACBP). The SFS program provides full scholarships to highly qualified students pursuing studies in information assurance. The IACBP is an intensive summer program to help build information assurance education and research capacity at minority-serving colleges and universities.

Interview with James Van Dyke of Javelin Strategy & Research Identity fraud crimes expanded at a 12% rate in 2009. What can we expect to see in 2010? Javelin Strategy & Research is out with its latest Identity Fraud Study. For insight on the study results and what they mean to organizations across industry, James Van Dyke of Javelin discusses: Headlines from this year's study; Trends and threats to watch; What organizations and individuals can do to better protect themselves. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

Interview with James Van Dyke of Javelin Strategy & Research Identity fraud crimes expanded at a 12% rate in 2009. What can we expect to see in 2010? Javelin Strategy & Research is out with its latest Identity Fraud Study. For insight on the study results and what they mean to organizations across industry, James Van Dyke of Javelin discusses: Headlines from this year's study; Trends and threats to watch; What organizations and individuals can do to better protect themselves. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

Interview with James Van Dyke of Javelin Strategy & Research Identity fraud crimes expanded at a 12% rate in 2009. What can we expect to see in 2010? Javelin Strategy & Research is out with its latest Identity Fraud Study. For insight on the study results and what they mean to organizations across industry, James Van Dyke of Javelin discusses: Headlines from this year's study; Trends and threats to watch; What organizations and individuals can do to better protect themselves. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

When it comes to enterprise security, an organization gets its tone from the top - even when the tone is set accidentally. How do you set the right tone? That's the topic of the new book from former CISO Jennifer Bayuk: "Enterprise Security for the Executive: Setting the Tone from the Top." In an interview about her book, Bayuk discusses: The key audience she wants to reach; The main message for enterprise leaders; Today's top enterprise security challenges and how leaders should tackle them. Bayuk is an independent consultant on topics of information confidentiality, integrity and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. She has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Security Software Engineer. Bayuk frequently publishes on information security and audit topics. She has lectured for organizations that include ISACA, NIST, and CSI. She is certified in Information Systems Audit (CISA), Information Security Management (CISM), Information Systems Security (CISSP), and IT Governance (CGEIT). She has Masters Degrees in Computer Science and Philosophy.

When it comes to enterprise security, an organization gets its tone from the top - even when the tone is set accidentally. How do you set the right tone? That's the topic of the new book from former CISO Jennifer Bayuk: "Enterprise Security for the Executive: Setting the Tone from the Top." In an interview about her book, Bayuk discusses: The key audience she wants to reach; The main message for enterprise leaders; Today's top enterprise security challenges and how leaders should tackle them. Bayuk is an independent consultant on topics of information confidentiality, integrity and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. She has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Security Software Engineer. Bayuk frequently publishes on information security and audit topics. She has lectured for organizations that include ISACA, NIST, and CSI. She is certified in Information Systems Audit (CISA), Information Security Management (CISM), Information Systems Security (CISSP), and IT Governance (CGEIT). She has Masters Degrees in Computer Science and Philosophy.

When it comes to enterprise security, an organization gets its tone from the top - even when the tone is set accidentally. How do you set the right tone? That's the topic of the new book from former CISO Jennifer Bayuk: "Enterprise Security for the Executive: Setting the Tone from the Top." In an interview about her book, Bayuk discusses: The key audience she wants to reach; The main message for enterprise leaders; Today's top enterprise security challenges and how leaders should tackle them. Bayuk is an independent consultant on topics of information confidentiality, integrity and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. She has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Security Software Engineer. Bayuk frequently publishes on information security and audit topics. She has lectured for organizations that include ISACA, NIST, and CSI. She is certified in Information Systems Audit (CISA), Information Security Management (CISM), Information Systems Security (CISSP), and IT Governance (CGEIT). She has Masters Degrees in Computer Science and Philosophy.

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerability analysis, information system security audits, network analysis and forensic incident analysis. He has a patent pending on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing Same.

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerability analysis, information system security audits, network analysis and forensic incident analysis. He has a patent pending on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing Same.

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerability analysis, information system security audits, network analysis and forensic incident analysis. He has a patent pending on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing Same.

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

One of the nation's best-known healthcare data security experts who's advising federal regulators on policy issues offers advice to organizations preparing to comply with the data breach notification requirements of the HITECH Act. In an interview, Dixie Baker of SAIC advises hospitals and others to: Study how the HITECH Act, and the interim final rule on breach notification, precisely define what constitutes a data breach; Consider encrypting more information to protect against breaches; Implement detailed processes for notifying affected individuals and federal regulators about a breach; and Train all staff members about how to avoid a breach, how to recognize one and what do if one should occur. Baker is senior vice president and chief technology officer for health and life sciences at Science Applications International Corp., a McLean, Va.-based scientific, engineering and technology applications company. The consultant has played a key role in the federal government's efforts to set policies and standards for healthcare data security. She chairs the privacy and security workgroup of the Health Information Technology Standards Committee. She's also a member of the full committee, as well as the privacy and security workgroup of the HIT Policy Committee. These federal advisory bodies make recommendations to the Office of the National Coordinator for Health IT within the U.S. Department of Health and Human Services. The recommendations are used to create standards for electronic health records under the Medicare and Medicaid EHR incentive payment program, as funded under the American Recovery and Reinvestment Act. Baker, who holds a PhD in education research and methodologies from University of Southern California, has been with SAIC since 1995.

One of the nation's best-known healthcare data security experts who's advising federal regulators on policy issues offers advice to organizations preparing to comply with the data breach notification requirements of the HITECH Act. In an interview, Dixie Baker of SAIC advises hospitals and others to: Study how the HITECH Act, and the interim final rule on breach notification, precisely define what constitutes a data breach; Consider encrypting more information to protect against breaches; Implement detailed processes for notifying affected individuals and federal regulators about a breach; and Train all staff members about how to avoid a breach, how to recognize one and what do if one should occur. Baker is senior vice president and chief technology officer for health and life sciences at Science Applications International Corp., a McLean, Va.-based scientific, engineering and technology applications company. The consultant has played a key role in the federal government's efforts to set policies and standards for healthcare data security. She chairs the privacy and security workgroup of the Health Information Technology Standards Committee. She's also a member of the full committee, as well as the privacy and security workgroup of the HIT Policy Committee. These federal advisory bodies make recommendations to the Office of the National Coordinator for Health IT within the U.S. Department of Health and Human Services. The recommendations are used to create standards for electronic health records under the Medicare and Medicaid EHR incentive payment program, as funded under the American Recovery and Reinvestment Act. Baker, who holds a PhD in education research and methodologies from University of Southern California, has been with SAIC since 1995.