Healthcare entities are increasingly turning to the cloud, and regulators are increasingly focused on cloud service providers' security. Time to ensure those business associate agreements are in order, says Symantec's Rick Bryant.
Buried deep within a 308-page report from a presidential panel on ways to tighten federal surveillance and IT security programs are important recommendations on how to mitigate the insider threat at federal agencies.
Another federal investigation of a relatively small health data breach has resulted in a financial penalty, this time for a physician group practice in Massachusetts. Find out the details behind the settlement.
American and Russian negotiators met last month to discuss cybersecurity issues, including the use of the Nuclear Risk Reduction Centers to improve communications between the two nations to mitigate malicious cyber-activity.
A federal district judge in New York upheld the constitutionality of the National Security Agency's program to collect metadata of phone calls made by Americans. The ruling conflicts with another federal judge's recent decision.
A preliminary version of the cybersecurity framework takes a too-broad approach to privacy, says security and privacy attorney Harriet Pearson. And that could result in fewer organizations adopting the voluntary security guidelines.
One key way to reduce the risk of a breach is continuous improvement of information security programs. It's dangerous to put security controls in place and then walk away, thinking you're finished, warns security expert Kate Borten.
The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
Chase Bank's decision to limit daily ATM cash withdrawals on debit cards linked to the Target breach has raised questions among other issuers about whether PINs were, in fact, compromised. Is Chase just being cautious?
Ramping up efforts to mitigate insider threats needs to be a top 2014 priority at healthcare organizations as electronic health records become more ubiquitous, says privacy and security expert Stevie Davidson, who provides practical insights.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.