Two key Senators are circulating a draft of cybersecurity legislation designed to promote the sharing of cyberthreat information by offering liability protection. The bipartisan measure is in the early stages of review.
A new voluntary security and privacy certification program for covered entities in Texas aims to bolster compliance with HIPAA and state regulations, prevent breaches - and perhaps help organizations avoid federal sanctions.
Cloud-based advanced threat protection helps organizations detect sophisticated malware that is able to bypass existing security measures. The key is to start with the premise that the network is already infected, says Seculert's Dudi Matot.
Faced with a vulnerability that exposes Microsoft's Internet Explorer Web browser to a zero-day exploit involved in recent targeted attacks, CISOs need to take prompt action, security specialists say. Learn the steps they recommend.
Saying the administration had no advanced knowledge of the Heartbleed bug, President Obama's top cyber adviser has outlined circumstances in which the government would not disclose software vulnerabilities, though such conditions would be rare.
"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.
Business associate agreements should not be a dumping ground for healthcare entities to make demands on their vendors with provisions that go beyond specific HIPAA privacy and security regulations, says attorney Gerry Hinkley.