Organizations incorporating social media into their daily operations tend to have gaps in policies, and key aspects are often an afterthought, says attorney David Adler, who pinpoints areas to address.
As victims of cyber-attacks on their domain name systems providers, The New York Times, Twitter and the Huffington Post UK may have opened themselves and their customers to more nefarious threats, a leading IT security expert says.
When participating in a health information exchange, providers need to take several HIPAA Omnibus Rule compliance steps, including spelling out responsibilities in the event of an HIE breach, says attorney Helen Oscislawski.
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems that describes topics designers should consider when developing specifications.
To build credibility for its HIPAA enforcement efforts, the Department of Health and Human Services needs to ramp up its breach prevention efforts for the health insurance exchanges slated to begin operations Oct. 1.
Creating circles of trust - networks of IT security professionals who rely on one another - is a key element in forthcoming National Institute of Standards and Technology guidance on incident response.
An important aspect of HIPAA Omnibus Rule compliance for covered entities as well as business associates and their subcontractors is policing what privacy attorney Gerard Stegmaier calls "the data supply chain."
NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.