Yahoo's Justin Somaini believes his fellow CISOs in business and government do a good job keeping their bosses informed of proper information security practices, but could do better in educating the rank and file about them.
When economists dissected July's 0.1 point drop in overall unemployment, to 9.1 percent, they attributed the decline mostly to fewer people seeking work. But that's not the case for IT security professionals. There are few discouraged workers in the information technology occupation categories these days.
The HHS Office for Civil Rights should carefully consider comments received on its proposal to require healthcare organizations to provide patients with a complete list of everyone who has electronically viewed their information.
"The timing and the targets point to China," says cybersecurity policy expert James Lewis. "Spying right before the Beijing Olympics and focusing on Southeast Asia reflects China's larger interests more than those of any other country."
Extensive news coverage about the attacks against RSA and others have made customers jittery. "The publicity resulted in many customers' risk tolerance going down whilst their level of awareness and concern went up," says RSA CFO David Goulden.
"The lack of individual accountability over user accounts provides ample opportunities to conceal malicious activity such as theft or misuse of veteran data," VA Assistant Inspector General Belinda Finn says.
Two electronic health records pioneers that already have earned federal EHR incentive payments stress that a robust risk management program should be an essential component of any movement from paper to electronic records.
The arrest is part of a continuing investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.
There was good news and bad news in the reporting of major health information breaches in the past month. The good news: Only four incidents were added to the official federal tally. The bad news: One of those incidents affected 400,000 individuals.
It is no longer enough for information security professionals to secure critical information. They also need to be asking about the legitimacy of where this information comes from, says John Colley, managing director of (ISC)2 in EMEA.