Managers at all levels must understand their responsibilities in providing role-based cybersecurity training, says Patricia Toth, a computer scientist at the National Institute of Standards and Technology.
Healthcare providers and their business associates need to take steps to protect patient data as they would defend any other significant business asset, says David Holtzman, a former senior official at the agency that enforces HIPAA.
The theft of 2 million credentials reminds security professionals that their organizations are at risk because many employees use the same passwords and devices for personal and business purposes, data security lawyer Ronald Raether says.
You can be outraged that the NSA collects Internet communications records of U.S. citizens. But don't be surprised, says sociologist William Staples. This is just one example of our "culture of surveillance."
Governments and others using cloud-based services should keep 10 security tips in mind, including making sure they can maintain control of their data if a service provider goes bankrupt, says Dimitra Liveri, co-author of a new report.
From a risk management perspective, the federal HealthCare.gov website should be shut down until its technical problems are fixed and end-to-end security testing is completed, says consumer advocate Christopher Rasmussen.
For risk managers, an often overlooked step for minimizing supply chain risks is to continually monitor outsourcers and other third parties to address critical security issues, says the Information Security Forum's Steve Durbin.
Computer scientists at the Georgia Institute of Technology are developing new ways to apply encryption when storing or searching data in the cloud, says Paul Royal, associate director of the university's information security center.
When it comes to safeguarding the privacy and security of healthcare information, smaller clinics, as well as patients who use telehealth technologies, face considerable challenges because of a lack of expertise, says researcher David Kotz.
Every second, 80 "things" are being connected to the Internet, and ISACA's Rob Stroud says that requires information security professionals to identify and mitigate threats, protect individuals' privacy and manage access.
Curt Kwak, CIO of the Washington state health insurance exchange, explains the steps his team took to help ensure the launch went relatively smoothly, paving the way for thousands to sign up for insurance.