NIST has issued long-awaited guidance on how to approach IT security as an engineering discipline. It's designed to help organizations build secure, trustworthy systems that meet evolving challenges, including the growth of the internet of things.
Most - but not all - ransomware attacks against healthcare organizations are reportable breaches requiring notification to affected individuals and federal regulators, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains in this video interview.
An analysis of how the Donald Trump administration will address health IT security and privacy leads the latest edition of the ISMG Security Report. Also, the ramifications of a big breach, and an FBI agent tackles ransomware.
A week after hackers apparently breached the websites of seven Indian embassies, one of the attackers claims to have breached an Indian consulate in the U.S. and posted data online to draw attention to vulnerabilities.
Ransomware has been one of the highest-profile cybercrimes of 2016, and the FBI has been at the heart of many investigations. Jay Kramer, a supervisory special agent with the bureau, discusses what he's learned about defending against ransomware in this video interview.
Western experts evaluating China's new cybersecurity law contend it will do very little to safeguard information but will erode privacy rights and make it harder for foreign enterprises to do business in China.
The success of Operation SAMBRE, a global cybercrime investigation into the theft of billions of dollars from banks throughout the world, proves why information sharing between law enforcement and the private sector is key to battling cybercrime.
A federal court of appeals has granted a temporary "stay," or delay, in implementing the FTC's consent order against LabMD while the now-shuttered cancer testing laboratory pursues its appeal of the commission's July ruling in the dispute over the lab's information security practices.
It's been a hot topic for years, but we are still only in the earliest stages of ensuring medical device security, according to expert Kevin Fu of Virta Laboratories. In this video interview, Fu discusses how this focus will evolve in 2017.
Yahoo in 2014 spotted that an attacker - later revealed to have compromised 500 million accounts - was inside its network, according to a new SEC filing. With Yahoo's $4.8 billion sale to Verizon still pending, the admission adds to the search giant's complications.
The breach of Democratic Party computers led to the release of a trove of emails embarrassing to Hillary Clinton that might have swayed the election. Should the IT security community fess up? Also, top government cybersecurity policymakers assess President-elect Donald Trump as an IT security influencer.
A group that hacked the Democratic National Committee - believed to be operating from Russia - has resumed its spear-phishing attacks, including fake emails bearing the names of Harvard University and the Clinton Foundation.