Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.
When it comes to building a breach response team, too many healthcare organizations use a "volunteer firefighter model," taking inadequate steps to prepare for incidents, says security expert Brian Evans.
Legislation has been introduced in the House and Senate that would require a "kill switch" on smart phones, allowing consumers to remotely wipe personal data from their mobile devices if they're lost or stolen.
In the wake of high-profile breaches and data leaks, the government will pay a lot more attention to information security. Are security pros ready for this scrutiny? Professor Eugene Spafford has his doubts.
In the wake of the Target breach, the University of Pittsburgh Medical Center has ramped up Internet monitoring to detect early if the organization is a target for attacks, says John Houston, UPMC's security and privacy leader.
Identity is the new perimeter, and that concept stretches organizations into lots of new directions when managing access and privileges - especially in the mobile age, says John Hawley of CA Technologies.
In a keynote address at the RSA 2014 Conference, Kevin Mandia, founder of Mandiant, warns organizations to beware of "victim's fatigue," or letting your guard down after going six months without a breach.
Nationwide health information exchange is achievable in the next three years, but matching patients to the right records is a critical security, privacy and patient safety issue that first must be addressed, says new ONC leader Karen DeSalvo, M.D.