Although cyber security risk is now top of mind among executives and regulators, measuring and managing security risk levels has been a difficult task. Current risk management tools offer limited visibility and leave organizations vulnerable to emerging threats internally and within the networks of business partners...
The basis of any good security program is conducting a thorough and timely risk analysis; but that can be difficult for smaller healthcare organizations. That's why a federal agency will soon unveil an app designed to make the process easier.
Russia's offensive military actions in Crimea and its threats to the rest of Ukraine are raising concerns about how the conflict could play out in cyberspace.
Security experts disagree about whether the breach of a refrigeration vendor is ultimately to blame for the network attack that compromised Target. Here, they explain their views.
Here's what to expect in the cybersecurity framework, a catalog of tools to be released Feb. 13 that's designed to help critical infrastructure owners develop information security protection programs.
In the past few months, the "Internet of Things" has gained more attention, and the cybersecurity and privacy implications are only beginning to be addressed in many quarters.
The breach at Target stores that may have affected as many as 40 million credit and debit card account holders is a watershed moment that could greatly raise awareness of cybersecurity risks, says privacy attorney David Navetta.
A new, free iPhone app is designed to help organizations navigate 46 state data breach notification laws as well as federal statutes, such as HIPAA, attorney Scott Vernick says.
A preliminary version of the cybersecurity framework takes a too-broad approach to privacy, says security and privacy attorney Harriet Pearson. And that could result in fewer organizations adopting the voluntary security guidelines.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
The Centers for Medicare and Medicaid Services is creating a new position of chief risk officer in a multi-faceted effort to analyze and address problems with the troubled HealthCare.gov rollout. What are the security implications?
The HHS Office for Civil Rights, which enforces HIPAA, has some compliance issues of its own to address, according to a new inspector general report. But OCR officials say they've been addressing those matters.
The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.