Enterprises should test the processes they establish to respond to advanced persistent threat attacks, just as they vet their business continuity plans, ISACA International President Robert Stroud says.
The National Institute of Standards and Technology should use the cryptographic community to help vet the advice it gets from the National Security Agency when creating cryptography guidance, a panel of prominent experts recommends.
It's hurricane season, but natural and man-made disasters can happen anytime. Unfortunately, healthcare organizations are often unprepared for how to rebound so their data operations continue to run smoothly and securely in the wake of a crisis.
Three Chinese nationals seeking to make "big bucks" broke into the computers of Boeing and other military contractors, stealing secrets on transport aircraft, a U.S. criminal complaint says. Read how they allegedly did it.
As the HHS Office for Civil Rights prepares for a change in its top leadership, information security leaders are watching to see whether the strategies of the HIPAA enforcement agency might shift as well.
The Department of Homeland Security confirms that "a potential intrusion" of the Office of Personnel Management's network occurred in March but says officials have not identified any loss of personally identifiable information.
Sorting through the privacy issues involved when giving patients access to their healthcare records via a Web portal is a challenging task, says federal adviser Micky Tripathi, who outlines some of the key issues involved.
With the Senate Intelligence Committee overwhelmingly approving the Cybersecurity Information Security Management Act, common wisdom dictates the bill will head directly to the Senate floor. Not so fast.
Several Blue Shield of California spreadsheet reports inadvertently containing the Social Security numbers of 18,000 physicians and others were released 10 times by the state's Department of Managed Health Care. How could this have been prevented?