Organizations across all industry sectors understand the importance of information security. But turning security awareness into meaningful action - that's the challenge that many midsized entities face, says Sophos' Nick Bray.
Cloud-based advanced threat protection helps organizations detect sophisticated malware that is able to bypass existing security measures. The key is to start with the premise that the network is already infected, says Seculert's Dudi Matot.
"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.
Business associate agreements should not be a dumping ground for healthcare entities to make demands on their vendors with provisions that go beyond specific HIPAA privacy and security regulations, says attorney Gerry Hinkley.
As 10 regional health information exchanges in New York become interconnected into a statewide network, consistency in core privacy and security policies is proving essential, says David Whitlinger, executive director of the statewide initiative.