Among the many subjects the Privacy and Security Tiger Team will tackle in the weeks ahead is determining whether more guidelines are needed on the issues of accommodating corrections to electronic health records and ensuring data integrity.
An incident recently added to the official federal list of major health information breaches offers a reminder that dental practices, as well as medical practices, must adequately protect patient records.
In the wake of the RSA, Epsilon and Sony PlayStation data breaches, we spoke to two global information security leaders and asked for their three biggest leadership lessons learned. Here is what they shared.
"Our security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect the intrusion quickly, all perhaps by design," Sony Computer Entertainment America Chairman Kazuo Hirai said in a letter to Congress.
Big brother isn't the relation the government sees itself portraying in developing the National Strategy for Trusted Identities in Cyberspace. Uncle Sam has a more avuncular role in mind, giving advice and serving as a role model.
"On a global basis, countries are recognizing that they need a uniform commercial code, if you will, for data - a unified approach for managing IT infrastructure services," says Marlin Pohlman of the Cloud Security Alliance.
From mobile devices to social media and cloud computing, IT governance is all about risk management. "You can't de-risk everything, but you can de-risk the majority of circumstances you will see in normal operations," says governance expert Robert Stroud.
Experts warn of ingenious phishing attacks based on the latest news. "This is one of those rare opportunities that can build you a great list and a couple of zeros in your profit," one hacker is quoted as saying.
Sony says personal information from more than 100 million customer accounts has been breached. The information includes customers name, addresses, e-mail addresses, birth dates, gender, phone numbers, login names and hashed passwords.