In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.

Mike has loads of nuggets of wisdom from his experience and we're certain that if you're a seasoned insider threat professional, or just thinking about the topic and wondering if you can do anything to protect your company - this show will be a good primer for furthering your discussion and learning.

Listen in, comment and share with your colleagues! Our show is always safe for the office and educational.

Talk back! Use our Twitter hashtag #DtSR to discuss this episode, ask questions, or suggest other topics or guests for the future!

Direct download: DtSR_Episode_212_-_Insider_Threat_Primer.mp3
Category:Enterprise Security -- posted at: 12:00am CDT

Information Security Podcasts

Quick note from Michael about the Straight Talk Framework -- >

  • I’ve separated the framework from the programs; the framework is free and available for download from my website. More on the way!
  • To support both the framework and the programs, I’ve just finished a video that introduces the 5 questions; I have an optional workbook available and make a special offer at the end of the video
  • I’m about to launch an online offering… stay tuned for details

$ 2.7 Million HIPAA Penalty For Two Smaller Breaches

  • http://www.healthcareinfosecurity.com/27-million-hipaa-penalty-for-two-smaller-breaches-a-9270?rf=2016-07-18-eh&mkt_tok=eyJpIjoiWW1GaE5ERmtNR05oTldRMiIsInQiOiJ5YWd6dDg4cW84TXVCR0NCVkJ0KytQTnVwOHQ2UHBON0FMeWVZRDVleE82d3Zpdyt2S1RwNWFmZEs0aVRyQ3lMTlk3YWdaa0VmbnV4djVIOVVxczFUYkdsTHBKRGpld3h5bXU3aHRoNnhUaz0ifQ%3D%3D
  • Interesting the info about the use of Google and lack of contract. How many other health companies are using Google or Microsoft to store some data?  Do they have the contracts in place?

Is the GOP seriously considering endorsing vigilante hacking?!

  • The wording here is dangerous, and could encourage vigilante justice
  • So much could go wrong here, so much collateral damage
  • You’ll likely hear a re-start of the hack back debate
  • http://www.inforisktoday.com/blogs/gop-platform-suggests-hack-back-suitable-cyber-defense-p-2186
  • What if we just called it “forward looking research in a kinetic state?”

NIST declares the age of SMS based 2-factor authentication over

  • https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/
  • Recommendation use app (like google authenticator), RSA token or something similar rather than SMS
  • How will this effect all of the financial institutions that have sms based 2-factor?   Even google supports SMS and App based.  
  • This is an interesting change.  Apparently just being released as part of their call for comments.
  • It’s not a ban; it’s a realization that through VoIP and the general approach to build our phone system, out of band isn’t as out of band as we’d think/like
  • http://krebsonsecurity.com/2016/08/social-security-administration-now-requires-two-factor-authentication/

The ninth circuit holds that accessing a website after receiving a cease and desist order does violate CFAA

  • http://www.lexology.com/library/detail.aspx?g=b042e35f-c9af-4bf4-a3bd-82204189be55
  • Curious if the reverse is true, then. And how bug bounties and other programs might create the invitation for people

A “famed hacker” is Grading Thousands of programs

  • https://theintercept.com/2016/07/29/a-famed-hacker-is-grading-thousands-of-programs-and-may-revolutionize-software-in-the-process/
Direct download: DtSR_Episode_205_-_NewsCast_for_August_2nd_2016.mp3
Category:NewsCast -- posted at: 10:59pm CDT

Information Security Podcasts