The Finnish security provider F-Secure concludes the attack e-mail doesn't look too complicated. In fact, it's very simple. But the exploit inside Excel was a zero-day attack at the time and RSA couldn't have protected against it by patching its systems.
Organizations entering into a contract with a cloud computing vendor need to have a clear understanding of how the vendor operates before signing off on their services, says Chris Witt of Wake Technology Services Inc.
The American National Standards Institute has begun accepting applications from organizations that want to be accredited to certify electronic health records software for the HITECH Act EHR incentive program.
Preliminary results of our inaugural Healthcare Information Security Today survey, which is still open for participation, show that only about half of healthcare organizations have a plan in place to comply with the HITECH Act breach notification rule.
Don't miss your opportunity to participate in the Healthcare Information Security Today survey. Preliminary results show that about 40 percent of healthcare organizations rate their ability to counter security threats as poor, failing or in need of improvement.
A federal proposal that would require healthcare organizations to provide patients with a report listing everyone who has electronically accessed their records needs revamping, two regulatory experts agree.
A new, free guide on Facebook security, though geared for users, details the practices chief information security officers and other organizational security practitioners should share with their staffs to assure not only safe Internet hygiene when workers access Facebook from work, but for use with other social media...
Creating a culture of security within an organization may be on CISOs' wish lists, but it's often hard to educate and spread that message, says Justin Somaini, chief information security officer at Yahoo.
As social media continues to evolve and new threats continue to emerge, organizations must constantly re-evaluate their policies and conduct risk assessments, says Andrew Kennedy, who heads up social media policy for BITS.
Organizations eager to take advantage of cloud computing need to take a step back and consider many critical privacy and security issues, says Feisal Nanji, executive director at the security consulting firm Techumen.
The PCI Security Standards Council's new guidance for tokenization offers clarification and recommendations for merchants struggling to determine which tokenization solution is best, especially where compliance with the Payment Card Industry Data Security Standard is concerned.
As of Aug. 22, 306 major health information breaches affecting a total of almost 11.7 million individuals were included in the official federal tally. Fourteen incidents affecting a total of about 270,000 were added since July 22.