Yale New Haven Health System — A Real-World Case Study

With an increase in cyber attacks across industries, and in particular healthcare with medical-related identity theft accounting for 43 percent of all identity thefts reported in the United States last year according to the Identity Theft Resource Center, managing risk has never been more pressing for organizations.

With risk growing daily and the consequences — both in terms of data loss, patient and employee confidence and potential fines — looming large, one healthcare organization that takes cyber security seriously is Yale New Haven Health System.

Steve Bartolotta, who heads the health system’s information security and risk management program talks about the challenges facing organizations today across verticals and what measures he recommends taking.

In this podcast with securitycurrent’s Vic Wheatman, Bartolotta talks about the actual tools he uses to support Yale New Haven’s risk management system and what he has gained. Or you can read about it too by clicking here.


Where are the New Security Professionals Coming From?

There is a shortage of operational security professionals, with approximately 100,000 open positions seeking technically qualified people. Supporting education in STEM, sourcing ex-military and promoting people from the ranks of general information technology are some of the ways the market is working to fill the gap.

securitycurrent’s Vic Wheatman speaks with John Pescatore, securitycurrent’s Ask Mr. Security Answer Person and the SANS Institute Director of Emerging Security Trends about the pressing nature of the problem.


What Happens When Your Security Vendor is Acquired with Allegis Capital’s Ackerman – Venture Capital Series Part 2

One of the primary exit strategies for security startups is to be acquired. Sometimes that’s a good thing, other times, not so much.

Hear about some of the issues associated with acquisitions and where startups added value to a security platform or suite of a larger solution provider.

And get the inside scoop on what Allegis Capital’s Founder and Managing Director Robert Ackerman sees as some of the most creative, innovative, and cutting edge information security ideas of today.

In part two of a three-part series, Ackerman discusses exits and technologies he is watching.



Voltage Spies Secure Email.

From email to texting and other forms of social media, the need for protected communications underscores the requirement to continue encrypted messaging development.

Despite legacy and current solutions on this matter, academic and private research continues in an effort to apply encryption to solving new business problems in numerous contexts.

securitycurrent’s Vic Wheatman speaks with Voltage’s Chief Technology Officer Terrence Spies about the continuing evolution of secure messaging.



Vetting Security Startups — Venture Capital Series Part 3

How can CISOs differentiate among “me too” information security startups? What is the role of incubators in helping new companies get started? And how is the NSA considered one of the best “graduate schools” in cybersecurity?

Security Current’s Vic Wheatman explores this and other topics with Allegis Capital’s Founder and Managing Director Robert Ackerman in part three of our investor series.



Using User Behavior Intelligence To Identify Account Takeovers

Massive database breaches have resulted in millions of user identification and authentication profiles being compromised. Identifying unauthorized attempts to access systems or accounts is a basic requirement for financial institutions, etailers, retailers, healthcare providers and other enterprises.

Knowing the difference between employee and attacker behavior is key to avoiding security alert fatigue and requiring scarce resources to parse the good from the bad access attempts.

Further, collecting information about rogue takeovers for forensic purposes is a good idea. Security Current’s Vic Wheatman speaks on these issues and others with Mark Seward, Vice President of Marketing for Exabeam in this sponsored podcast.



Tufin Talks Increasing Security and Agility Through Security Policy Orchestration

Enterprise networks grow more complex by the day. With hundreds to thousands of firewall rules, devices and routers across on-premise and hybrid cloud environments, it is difficult to have visibility into the security policy change process. This complexity, combined with the increasing rate of change, leads to vulnerability in the network. In addition, business owners need to have applications provisioned quickly but have little consideration as to the security implications of their requests.

In this Tufin sponsored podcast, David Cass, the Global Partner, Cloud Security and FSS CISO at IBM, discusses with Sagi Bar-Zvi, Tufin’s Solution Architect for the Americas, the benefits to CISOs of automating security policy orchestration. The two talk about how it delivers agility while verifying change requests – sometimes hundreds per day – will not cause a security breach once made.


Tokenization. What is it?

How does tokenization compare to encryption and format preserving encryption?

Are there performance issues regarding its use? Is it standardized so one solution can exchange tokens with a different implementation?

securitycurrent’s Victor Wheatman speaks with Voltage CTO Terrence Spies who urges enterprises to look at their infrastructures, take inventories of what pieces of data they are storing and could be breached, and then catalogue them as they are potential candidates for tokenization.



Threat Intelligence. What is It? How is it Used?

Threat Intelligence is more than just a list of bad actors’ IP addresses. The best sources of threat intelligence tend to be the more mature and ‘enlightened’ providers who employ a substantial number of security analysts who can evaluate the nature of the threats.

In fact, some are able to drill down not only to specific groups of threat actors or countries that may be after an organization but to the specific people who may be out to get them as well. But how do most organizations use this information and what kind of threat intelligence would help you the most?

It is often law enforcement that finds evidence of a security breach first. Being able to respond effectively to breaches can reflect on an organization’s reputation.

securitycurrent’s Vic Wheatman discusses these topics with Gartner Research Vice President Dr. Anton Chuvakin.



Threat Intelligence

What is it? Who provides it? What should an enterprise do with it?
securitycurrent’s Victor Wheatman speaks with Spire Security‘s Pete Lindstrom on this central topic in information security.