The Situational Room by eIQnetworks » podcast

eIQcast, Episode 22 – “Update on PCI DSS”

John Linkous — Wed, 28 Oct 2009 00:00:51 +0000

Discussions about PCI-DSS rules this year have focused on how effective the guidelines really are at preventing theft of credit card data. Recent survey data indicates merely following PCI does not protect a wide range of protected data.

In the newest episode of the eIQcast, eIQneworks Product Evangelist John Linkous provides an update on PCI compliance and how far it goes to actually keep credit card data secure.

Running time: 10:38

Direct Link: http://eiqcast.podOmatic.com/entry/2009-10-28T13_09_11-07_00

eIQcast, Episode 19 – “BUSTED! The Heartland Hacker Goes Down”

John Linkous — Tue, 18 Aug 2009 00:00:26 +0000

This past Monday the U.S. Justice Department charged 28 year-old Albert Gonzalez with a series of crimes that resulted in the theft of more than 130 million credit and debit card numbers from late 2006 to early 2008.

The indictment places blame for several high-profile data theft incidents on a small group of individuals who found holes in websites used to transfer the credit card data. Basically, these folks have to be the best hackers out there if they were behind every high profile data breach of the past two years.

In the latest episode of eIQcast, Security and Compliance Evangelist John Linkous reviews the charges, talks about how retailers and consumers can protect themselves, and notes how the crime was carried out by exploiting a well-known (and extremely easy to replicate) web site security weakness.

Running time: 13:30

Direct Link: http://eiqcast.podOmatic.com/entry/2009-08-18T14_31_20-07_00

eIQcast, Episode 16 – “The Need for Automation”

John Linkous — Thu, 11 Jun 2009 00:00:00 +0000

As noted in the previous post, the results of spring surveys show that security spending is trending down. While that’s not exactly a surprise, it puts security managers in a pickle. Given the economic situation, how are they to keep their systems secure and compliant, especially since the regulations haven’t changed and the hackers don’t take time off during a recession? That question is the subject of the latest episode of eIQcast, where Ross Levanto interviews eIQnetworks senior vice president of strategy Mike Rothman.

Running time: 10:46

Direct Link: http://eiqcast.podomatic.com/entry/2009-06-11T14_33_26-07_00

eIQcast, Episode 10 – “Electronic Health Records”

John Linkous — Mon, 16 Mar 2009 00:00:39 +0000

The American Recovery and Reinvestment Act signed by President Obama last month includes a new initiative to create standard electronic health records over the next few years. Since a standard way to exchange health information opens up the possibility of a hacker attack, the federal government is creating new rules to protect the health records.

In this episode of eIQcast, Ross Levanto interviews eIQnetworks Product Evangelist John Linkous. They walk through the new initiative outlined in the act and the timeline for the new IT rules addressing electronic record protection.

Running time: 11:22

Direct Link: http://eiqcast.podOmatic.com/entry/2009-03-16T13_40_07-07_00

eIQcast, Episode 7 – “FAA Data Breach and Incident Response”

John Linkous — Thu, 12 Feb 2009 00:00:22 +0000

In this episode of the eIQcast, Ross Levanto interviews John Linkous about the recent FAA breach. Clearly the FAA had a strong incident response process in place since they disclosed the breach within a week. As with everything, there are always areas to improve, so John discusses some of the advantages of broad monitoring as well in detecting issues (and possible incidents) earlier in the process.

Running time: 11:35

Direct Link: http://eiqcast.podOmatic.com/entry/2009-02-12T06_33_03-08_00

eIQcast, Episode 5 – “Heartland and PCI”

John Linkous — Fri, 23 Jan 2009 00:00:40 +0000

This week’s episode is focused on the Heartland data breach and it’s eventual impact on PCI. Mike Rothman, eIQ’s SVP of Strategy, is interviewed by Ross Levanto and discusses some of the specifics behind the breach and reinforces the message that log data alone is not going to catch these new attacks. More importantly, Mike talks about some of the changes that are needed with the PCI standard, given that two “PCI compliant” organizations have had high profile data breaches.

Running time: 10:57

Direct Link: http://eiqcast.podomatic.com/player/web/2009-01-23T05_35_33-08_00

eIQcast, Episode 4 – Drilldown on COBIT

John Linkous — Tue, 13 Jan 2009 00:00:49 +0000

In this episode, John Linkous and Mike Rothman drill deep into the COSO/COBIT framework. Why do you care? Well a good part of the acceptable practices of little regulations like Sarbanes-Oxley and FISMA are directly related to COBIT. Thus, if you have to worry about those regulations, you should be familiar with COBIT. Check it out.

Running time: 11:42

Direct Link: http://eiqcast.podOmatic.com/entry/2009-01-13T08_32_55-08_00

eIQcast, Episode 3 – “Compliance Automation”

John Linkous — Wed, 24 Dec 2008 00:00:52 +0000

In the third episode of the eIQcast, John and Mike tackle the concept of compliance automation. What exactly are you automating? And how do you delve into some of the specific compliance regulations and frameworks to figure out how to do more with less. Given the economic backdrop heading into 2009, we believe that all customers will need to figure out how to make their operations much more effective and more importantly, efficient. Automation is one way to do that.

Running time: 12:41

Photo credit: Gastev

Direct Link: http://eiqcast.podomatic.com/entry/2008-12-24T09_50_13-08_00

eIQcast, Episode 2 – “Security Automation”

John Linkous — Wed, 10 Dec 2008 00:00:35 +0000

In the second eIQcast, John and Mike discuss the need to automate security operations and some of the issues therein. The reality is that attacks have not stopped, but in this kind of macro-economic environment the opportunity to add resources to defend against attacks is limited. Thus we all need to work more effectively and more efficiently, which is what security automation is all about.

Running time: 13:01

Direct Link: http://eiqcast.podOmatic.com/entry/2008-12-10T07_52_11-08_00

eIQcast, Episode 1 – “Low and Slow Attacks”

John Linkous — Mon, 01 Dec 2008 00:00:05 +0000

In this inaugural episode of the eIQcast, Mike Rothman and John Linkous decompose a particularly nasty attack called the “low and slow” attack, which is designed to make existing defenses obsolete. Listeners will understand how the low and slow attack works and also how to defend against it using security management technology (like eIQ’s SecureVue).

Running time: 13:10

Direct Link: http://eiqcast.podomatic.com/player/web/2008-12-01T07_23_13-08_00