Give it a listen!
eIQcast Episode 12 - Continuous Compliance Coming (or not)
April 06, 2009 11:42 AM PDT
As recently discussed in a post by Mike Rothman, a Visa executive this week sought to clarify a company claim that no PCI-compliant company has suffered a data breach. Given that PCI compliance is determined at a fixed moment in time, the unattainable ideal is "continuous" compliance.
In the latest episode of eIQcast, Ross Levanto asks eIQnetworks Product Evangelist John Linkous about Visa's claims. They review how companies can move toward the unattainable continuous compliance goal, and they provide tips on certain effective data security strategies not specifically mandated by the PCI rules.eIQcast Episode 11: Conficker Mania
April 01, 2009 05:51 AM PDT
On the eve of the April 1 expected trigger date of the worm Conficker, host Ross Levanto interviewed eIQnetworks Product Evangelist John Linkous in this episode of eIQcast. They discussed why everyone is especially concerned about this particular worm. They also reviewed certain data sources that should be monitored to determine if Conficker has struck a network.
Running time: 10:02eIQcast Episode 10: Stimulating the EHR
March 16, 2009 01:40 PM PDT
The American Recovery and Reinvestment Act signed by President Obama last month includes a new initiative to create standard electronic health records over the next few years. Since a standard way to exchange health information opens up the possibility of a hacker attack, the federal government is creating new rules to protect the health records.
In this episode of eIQcast, Ross Levanto interviews eIQnetworks Product Evangelist John Linkous. They walk through the new initiative outlined in the act and the timeline for the new IT rules addressing electronic record protection.
Running time: 11:22eIQcast Episode 9: HIPAA is back!
March 05, 2009 06:17 AM PST
It looks like 2009 maybe finally be the year of HIPAA. For those of you in the business for a long time, HIPAA was big news back in the early part of this decade (2001-2004), but due to a lack of enforcement, the regulation has not been top of mind for years, in the wake of Sarbanes-Oxley and PCI.
But that seems to be changing. Recently, the pharmacy company CVS/Caremark was levied a fine of more than $2M for a violation of HIPAA rules. Additionally, provisions in the stimulus bill recently signed into law by President Obama provide insight into future enforcement of HIPAA compliance. In this episode of eIQcast, host Ross Levanto interviews eIQnetworks Product Evangelist John Linkous on the news of the fine and what it means for IT and security managers.
Running time: 10:51eIQcast Episode 8: Another Payment Processor Breach
February 27, 2009 07:37 AM PST
As noted in an earlier post on this blog, news surfaced this week of credit card theft at a payment processing firm. While the name of the firm has not been announced, you'd think the crime scene investigators are on the job. The news comes merely weeks after payment processor Heartland Payment systems reported credit card theft from its network.
In the latest episode of eIQcast, host Ross Levanto interviews eIQnetworks Product Evangelist John Linkous, who discusses how the credit card information was reportedly stolen, whether this is evidence of a new trend, and how future incidents of this type may be prevented.eIQcast Episode 7: FAA and Incident Response
February 12, 2009 06:33 AM PST
In this episode of the eIQcast, Ross Levanto interviews Link (that's eIQ Product Evangelist John Linkous for newbies) about the recent FAA breach. Clearly the FAA had a strong incident response process in place since they disclosed the breach within a week. As with everything, there are always areas to improve, so John discusses some of the advantages of broad monitoring as well in detecting issues (and possible incidents) earlier in the process.
Running time: 11:35eIQcast Episode 6 - Configuration Audit
February 04, 2009 07:15 AM PST
This week, John and Mike tackle the concept of configuration audit and why it's important to ensure devices are configured correctly. We also discuss some of the configuration "standards" out there, like Center for Internet Security and some suggestions from the US Federal Government.
Running time: 12:23eIQcast Episode 5: Heartland and PCI
January 23, 2009 05:35 AM PST
This week's episode is focused on the Heartland data breach and it's eventual impact on PCI. Mike Rothman, eIQ's SVP of Strategy, is interviewed by Ross Levanto and discusses some of the specifics behind the breach and reinforces the message that log data alone is not going to catch these new attacks. More importantly, Mike talks about some of the changes that are needed with the PCI standard, given that two "PCI compliant" organizations have had high profile data breaches.
Running time: 10:57eIQcast Episode 4 - Drilldown on COSO/COBIT
January 13, 2009 08:32 AM PST
In this episode, John Linkous and Mike Rothman drill deep into the COSO/COBIT framework. Why do you care? Well a good part of the acceptable practices of little regulations like Sarbanes-Oxley and FISMA are directly related to COBIT. Thus, if you have to worry about those regulations, you should be familiar with COBIT. Check it out.
Running time: 11:43eIQcast Episode 3: Compliance Automation
December 24, 2008 09:50 AM PST
In the third episode of the eIQcast, John and Mike tackle the concept of compliance automation. What exactly are you automating? And how do you delve into some of the specific compliance regulations and frameworks to figure out how to do more with less. Given the economic backdrop heading into 2009, we believe that all customers will need to figure out how to make their operations much more effective and more importantly, efficient. Automation is one way to do that.
Mike rothman's Friends
Subscribe to this Podcast