IT Security and Compliance Community http://www.securityvibes.com en-uk Copyright SecurityVibes Sun, 08 Nov 2009 09:40:19 -0800 http://www.securityvibes.com/podcast.php acabezon@securityvibes.com SecurityVibes SecurityVibes.com is the first private online community especially created to further the exchange between CISOs (chief information security officers). SecurityVibes.com offers an open platform to gather contributions from members of its community who expose their visions, share their competencies, exchange their experiences and points of view on what’s new, whilst promoting their own expertise in the field of IT Security and Compliance. SecurityVibes acabezon@securityvibes.com No Fri, 06 Nov 2009 06:37:10 -0800 http://www.securityvibes.com/gerry-oneill-iisp-ciso-cso-career-security-professionals-recycled-benchai7-news-3003437.html http://www.securityvibes.com/images/upload/image/podcasts/6GerryONeillAssessCISOPt2.mp3 In Part 3 of Career Path to CISO, Gerry O'Neill, former head of global IT risk at Barclays and now CEO of The Institute of Information Security Professionals, hones in on; what sets CISOs apart from the rest of the field, recycled CISOs, and the core skills exhibited by a CISO. In Part 3 of Career Path to CISO, Gerry O'Neill, former head of global IT risk at Barclays and now CEO of The Institute of Information Security Professionals, hones in on; what sets CISOs apart from the rest of the field, recycled CISOs, and the core skills exhibited by a CISO. gerry oneill,www.instisp.org,institute of information security professionals,CISO,CSO,career,recycled CISO,Barclays Thu, 05 Nov 2009 06:23:53 -0800 http://www.securityvibes.com/gerry-oneill-iisp-ciso-cso-career-security-professionals-benchai7-news-3003436.html http://www.securityvibes.com/images/upload/image/podcasts/7GerryOneillAssessCisoPt1.mp3 In this podcast, Gerry O'Neill, former head of global IT risk at Barclays and now CEO of The Institute of Information Security Professionals, discusses assessing the capability of security professionals. In particular Gerry looks at CISOs and why a body which is just over three years old is well suited to assess the competence of a CISO. In this podcast, Gerry O'Neill, former head of global IT risk at Barclays and now CEO of The Institute of Information Security Professionals, discusses assessing the capability of security professionals. In particular Gerry looks at CISOs and why a body which is just over three years old is well suited to assess the competence of a CISO. gerry oneill,www.instisp.org,institute of information security professionals,CISO,CSO,assessing competence,career Sat, 31 Oct 2009 09:25:58 -0700 http://www.securityvibes.com/lucas-cardholm-ernest-young-enisa-boardroom-budget-benchai7-news-3003422.html http://www.securityvibes.com/images/upload/image/podcasts/LucasCardholm-ObtainingBudget.mp3 Lucas Cardholm, executive director at Ernest & Young, Sweden, shares insights from his years of experience with helping security professionals to obtain budget approval for projects. This podcast was recorded in a corner of one of the ENISA conference rooms so there is some background noise. Lucas Cardholm, executive director at Ernest & Young, Sweden, shares insights from his years of experience with helping security professionals to obtain budget approval for projects. This podcast was recorded in a corner of one of the ENISA conference rooms so there is some background noise. Lucas Cardholm,ernest and young,security budget,board level,enisa Wed, 28 Oct 2009 15:35:32 -0700 http://www.securityvibes.com/gehard-eschelbeck-webroot-rsa-virus-filtering-evolution-benchai7-news-3003418.html http://www.securityvibes.com/images/upload/image/podcasts/GerhardEschelbeck-BlackandWhiteLists.mp3 Interviewed at RSA Europe 2009, Gerhard Eschelbeck, CTO of Webroot, talks about malware filtering, its limits, its future, and how it's currently making social networks secure. Interviewed at RSA Europe 2009, Gerhard Eschelbeck, CTO of Webroot, talks about malware filtering, its limits, its future, and how it's currently making social networks secure. Gehard Eschelbeck,Webroot,RSA,malware,virus,filtering,social networks,blacklisting Mon, 26 Oct 2009 00:52:50 -0700 http://www.securityvibes.com/ari-juels-rsa-enisa-rfid-risks-privacy-benchai7-news-3003414.html http://www.securityvibes.com/images/upload/image/podcasts/AriJuels-RFID.mp3 Recorded at the ENISA 2009 Summer School, Dr Ari Juels, Chief Scientist and Director of RSA Laboratories, talks about the risks of RFID on issues such as the corporate supply chain and identity. Recorded at the ENISA 2009 Summer School, Dr Ari Juels, Chief Scientist and Director of RSA Laboratories, talks about the risks of RFID on issues such as the corporate supply chain and identity. ari juels,rsa,rfid,risks,privacy,enisa Thu, 22 Oct 2009 09:17:19 -0700 http://www.securityvibes.com/joao-da-silva-internet-of-things-rfid-privacy-european-commission-benchai7-news-3003413.html http://www.securityvibes.com/images/upload/image/podcasts/DrJoaodaSilva-Internetofthings.mp3 Speaking at the ENISA 2009 Summer School, Dr. Joao Da Silva, Director of the Network and Communication Directorate, European Commission, talks about the risks involved with the Internet of Things and the effects on privacy.   Speaking at the ENISA 2009 Summer School, Dr. Joao Da Silva, Director of the Network and Communication Directorate, European Commission, talks about the risks involved with the Internet of Things and the effects on privacy.   Joao da Silva,ENISA,european comission,internet of things,privacy,risk,rfid Fri, 16 Oct 2009 07:16:47 -0700 http://www.securityvibes.com/simon-van-merkom-enisa-swine-flu-telecoms-resilience-benchai7-news-3003405.html http://www.securityvibes.com/images/upload/image/podcasts/SimoneVanMerkom-TelecomResilience.mp3 In an interview at the recent ENISA Summer School, Simon Van Merkom, Ministry of Economic Affairs, The Netherlands talks about the Dutch Telecoms Infrastructure and why they have never had a disaster, together with their response to the potential threat of the H1N1 (swine flu) virus. In an interview at the recent ENISA Summer School, Simon Van Merkom, Ministry of Economic Affairs, The Netherlands talks about the Dutch Telecoms Infrastructure and why they have never had a disaster, together with their response to the potential threat of the H1N1 (swine flu) virus. simon van merkom,economic affairs,netherlands,telecoms,resilience,swine flu,h1n1,ENISA Tue, 13 Oct 2009 18:42:46 -0700 http://www.securityvibes.com/jon-gettinger-fortify-software-application-security-challenges-part2-benchai7-news-3003396.html http://www.securityvibes.com/images/upload/image/podcasts/JohnGettinger-Fortify-AppSecurity2.mp3 In part 2 of this podcast, Jon Gettinger, Senior Director at Fortify Software, discusses the amount of vulnerabilities found in a scan of any code and the risk involved when companies don't reveal that their software could potentially be compromised.   In part 2 of this podcast, Jon Gettinger, Senior Director at Fortify Software, discusses the amount of vulnerabilities found in a scan of any code and the risk involved when companies don't reveal that their software could potentially be compromised.   jon gettinger,fortify,software,application security,vulnerability,threat,scanning,management,utm Mon, 12 Oct 2009 18:34:12 -0700 http://www.securityvibes.com/jon-gettinger-fortify-software-application-security-challenges-part1-benchai7-news-3003395.html http://www.securityvibes.com/images/upload/image/podcasts/JohnGettinger-Fortify-AppSecurity1.mp3 In Part One of this podcast, Jon Gettinger from Fortify Software looks at the background of application security and the differences between automated scanning versus combined human and automated scanning. In Part One of this podcast, Jon Gettinger from Fortify Software looks at the background of application security and the differences between automated scanning versus combined human and automated scanning. jon gettinger,fortify,software,application security,vulnerability,threat,scanning Thu, 08 Oct 2009 15:00:55 -0700 http://www.securityvibes.com/roger-dean-electronic-identification-stork-eema-enisa-benchai7-news-3003392.html http://www.securityvibes.com/images/upload/image/podcasts/RogerDean-STORK%20and%20eID.mp3 Recorded at the recent ENISA Summer School 2009, Roger Dean, Executive Director of EEMA gives the latest from STORK regarding electronic identification (eID) across Europe, what it means to business, and who will be responsible for privacy. Recorded at the recent ENISA Summer School 2009, Roger Dean, Executive Director of EEMA gives the latest from STORK regarding electronic identification (eID) across Europe, what it means to business, and who will be responsible for privacy. roger dean,eema,stork,electronic identification,eID,enisa Wed, 30 Sep 2009 10:37:48 -0700 http://www.securityvibes.com/wim-hafkamp-rabobank-nicc-fi-isac-cybercrime-phishing-enisa-benchai7-news-3003388.html http://www.securityvibes.com/images/upload/image/podcasts/WimHafKamp-fi-isac.mp3 Wim Hafkamp, Information Security Manager at Rabobank and Chairman of FI-ISAC (Financial Institutions Information Sharing and Analysis Center) in the Netherlands recaps his talk at the ENISA (European Network and Information Security Agency) summer school. In his talk WIM Hafkamp discusses his work at FI-ISAC and how 2-way sharing within government, industry and police can lead to the capture of cybercriminals and reduce the effectiveness of cybercrime.   Wim Hafkamp, Information Security Manager at Rabobank and Chairman of FI-ISAC (Financial Institutions Information Sharing and Analysis Center) in the Netherlands recaps his talk at the ENISA (European Network and Information Security Agency) summer school. In his talk WIM Hafkamp discusses his work at FI-ISAC and how 2-way sharing within government, industry and police can lead to the capture of cybercriminals and reduce the effectiveness of cybercrime.   Wim Hafkamp,rabobank,fi-isac,nicc,cybercrime,phishing,information sharing,ENISA Thu, 24 Sep 2009 04:30:30 -0700 http://www.securityvibes.com/amichai-schulman-imperva-ponemon-pci-breach-benchai7-news-3003380.html http://www.securityvibes.com/images/upload/image/podcasts/Amichai%20CISO%20PCI.mp3 Amichai Schulman CTO of Imperva discusses his involvement with the Ponemon institute and the shocking discovery that 79% of companies have had a data breach in their PCI implementation. Schulman further looks at the successful organisations and how both CISO\CIO involvement was a major success factor and how PCI compliance bolstered the overall security posture of an organisation. References Ponemon Institute findings in brief Complete Ponemon Analyst Report (Need to register email details)   Amichai Schulman CTO of Imperva discusses his involvement with the Ponemon institute and the shocking discovery that 79% of companies have had a data breach in their PCI implementation. Schulman further looks at the successful organisations and how both CISO\CIO involvement was a major success factor and how PCI compliance bolstered the overall security posture of an organisation. References Ponemon Institute findings in brief Complete Ponemon Analyst Report (Need to register email details)   amichai,schulman,pci,breach,imperva,ponemon,eskenzipr Thu, 17 Sep 2009 09:24:27 -0700 http://www.securityvibes.com/john-harrison-landitd-sme-incident-response-warp-cpni-benchai7-news-3003377.html http://www.securityvibes.com/images/upload/image/podcasts/JohnHarrison-WARP.mp3 In this podcast, John Harrison of LanditD summarises his 2009 ENISA Summer School talk on how organisations can use the WARP model to create their own Warnings, Advice and Reporting teams without the associated overhead of a full CERT (Computer Emergency Response Team). Since 1996, Harrison has worked in the field of Critical Information Infrastructure Protection and for the last six years supported the UK's CPNI (Centre for the Protection of National Infrastructure) and their trusted information sharing WARP programme www.warp.gov.uk In this podcast, John Harrison of LanditD summarises his 2009 ENISA Summer School talk on how organisations can use the WARP model to create their own Warnings, Advice and Reporting teams without the associated overhead of a full CERT (Computer Emergency Response Team). Since 1996, Harrison has worked in the field of Critical Information Infrastructure Protection and for the last six years supported the UK's CPNI (Centre for the Protection of National Infrastructure) and their trusted information sharing WARP programme www.warp.gov.uk John Harrison,LanditD,WARP,incident response,SME,CPNI,BT Mon, 14 Sep 2009 00:22:51 -0700 http://www.securityvibes.com/nigel-brown-cabinet-office-resilient-telecommunications-bcp-part2-benchai7-news-3003373.html http://www.securityvibes.com/images/upload/image/podcasts/DrNigelBrown-ResilientTelecomsPart2.mp3 Dr Nigel Brown, Lead for Resilient Telecommunications Strategy for the Cabinet Office on resilient telecommunications continues his talk on resilient communications by looking at prioritising of communication and both technical and procedural interoperability. Cabinet Office on Resilient Telecommunications Resilient Telecommunications Part 1   Dr Nigel Brown, Lead for Resilient Telecommunications Strategy for the Cabinet Office on resilient telecommunications continues his talk on resilient communications by looking at prioritising of communication and both technical and procedural interoperability. Cabinet Office on Resilient Telecommunications Resilient Telecommunications Part 1   Dr Nigel Brown,Nigel Brown,cabinet office,telecommunications,bcp,business continuity,resilience Sun, 13 Sep 2009 00:10:37 -0700 http://www.securityvibes.com/nigel-brown-cabinet-office-resilient-telecommunications-bcp-benchai7-news-3003372.html http://www.securityvibes.com/images/upload/image/podcasts/DrNigelBrown-ResilientTelecommunicationsPt1.mp3 In this podcast, Dr Nigel Brown, Lead for Resilient Telecommunications Strategy for the Cabinet Office, shares his thoughts on resilient telecommunications for Corporations. For further information see the Cabinet Office Website. Tips for Resilient Telecommunications (Part 2)   In this podcast, Dr Nigel Brown, Lead for Resilient Telecommunications Strategy for the Cabinet Office, shares his thoughts on resilient telecommunications for Corporations. For further information see the Cabinet Office Website. Tips for Resilient Telecommunications (Part 2)   Dr Nigel Brown,Nigel Brown,cabinet office,telecommunications,bcp,business continuity Thu, 10 Sep 2009 00:25:55 -0700 http://www.securityvibes.com/andreas-wuchner-itriskspace-novartis-benchai7-news-3003368.html http://www.securityvibes.com/images/upload/image/podcasts/AndreasWuchner-RiskTools.mp3 Andreas Wuchner, Risk Manager for Novartis Pharmaceuticals and editor of www.ITRISKspace.com looks at some of the misunderstandings of what a risk is and how millions of pounds are being spent by corporations on tools to calculate risk when in fact the budget would be better spent if allocated to resolving issues with their people and processes.   Andreas Wuchner, Risk Manager for Novartis Pharmaceuticals and editor of www.ITRISKspace.com looks at some of the misunderstandings of what a risk is and how millions of pounds are being spent by corporations on tools to calculate risk when in fact the budget would be better spent if allocated to resolving issues with their people and processes.   andreas wuchner,itriskspace,risk tools,novartis pharmaceuticals Wed, 09 Sep 2009 03:44:02 -0700 http://www.securityvibes.com/gerry-oneill-iisp-ciso-cso-events-associations-benchai7-news-3003367.html http://www.securityvibes.com/images/upload/image/podcasts/GerryOneill-EventsandAssociations.mp3 From his time at Barclays, Gerry O'Neill, CEO of The Institute of Information Security Professionals, talks about which are the best security events and security associations to be a part of and where CISOs should be focussing their attention. From his time at Barclays, Gerry O'Neill, CEO of The Institute of Information Security Professionals, talks about which are the best security events and security associations to be a part of and where CISOs should be focussing their attention. institute of information security professionals,security events,security associations,IISP,Gerry O'Neill,CISO,CSO Thu, 27 Aug 2009 03:33:00 -0700 http://www.securityvibes.com/norman-russell-pinch-points-business-continuity-planning-benchai7-news-3003360.html http://www.securityvibes.com/images/upload/image/podcasts/NormanRussell-BusinessContinuityPinchPoints.mp3 Norman Russell, Director, Russell Security Consultants Ltd, ex City of London Supt and ex Corporate Head of Security at Barclays on the shortcomings of many business continuity plans. Norman Russell, Director, Russell Security Consultants Ltd, ex City of London Supt and ex Corporate Head of Security at Barclays on the shortcomings of many business continuity plans. norman russell,russell security consultants,BCP,business continuity,shortcomings,pinch points,blind spots,risk Wed, 26 Aug 2009 01:55:24 -0700 http://www.securityvibes.com/john-meakin-ciso-bp-security-budget-tips-benchai7-news-3003359.html http://www.securityvibes.com/images/upload/image/podcasts/JohnMeakanSecurityBudgets.mp3 John Meakin, CISO for BP shares his tips for effective management of security budgets.   John Meakin, CISO for BP shares his tips for effective management of security budgets.   John Meakin,CISO,BP,security,budget Mon, 24 Aug 2009 09:15:34 -0700 http://www.securityvibes.com/jason-creasey-cyber-crime-isf-smurfs-mules-probers-sleepers-benchai7-news-3003358.html http://www.securityvibes.com/images/upload/image/podcasts/JasonCreaseyISF-steps%20for%20CyberCrime.mp3 Jason Creasey, ISF, Head of Research discusses the five stages of a cyber crime; attack reconnaisance, develop attack methodology, extraction, exploitation, and laundering. Jason also includes examples of how each stage works and the types of people (Smurf, Mule, Prober, Sleeper) involved at each stage. This podcast was recorded at the (ISC)2 event on 28th July and focussed on one part of Jason's keynote on the 2010/2011 Threat Horizon. Jason Creasey, ISF, Head of Research discusses the five stages of a cyber crime; attack reconnaisance, develop attack methodology, extraction, exploitation, and laundering. Jason also includes examples of how each stage works and the types of people (Smurf, Mule, Prober, Sleeper) involved at each stage. This podcast was recorded at the (ISC)2 event on 28th July and focussed on one part of Jason's keynote on the 2010/2011 Threat Horizon. Jason Creasey,ISF,Information Security Forum,cybercrime,cyber crime,smurfs,mules,botnets,probers,sleepers,malware writers,threat horizon,(ISC)2