"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.
The announcement by RSA that it had been a victim of an advanced persistent threat shook the global information security industry. Stephen Northcutt of SANS Institute and David Navetta of the Information Law Group offer insight on what happened, what it means and how to respond.
The Internet is inherently insecure, and the only way to ensure today's evolving information systems is to build them upon three pillars of trust. This is the premise of Mike Ozburn, Principal at Booz Allen Hamilton, which has just authored a new white paper about these pillars.
Enforcing standards for privacy and security is a major part of a new health information exchange accreditation program, says Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission.
Physicians adopting electronic health records systems need to demonstrate to their patients that they're taking adequate steps to keep records secure because so many consumers are worried about health information privacy.