Successfully implementing the SANS 20 Critical Security Controls requires far more than just deploying systems, platforms or services. Experts offer insights on effective strategies for leveraging technical controls.
Hackers allegedly trafficking in personally identifiable data have reportedly breached the computers of three major data aggregators, raising doubts about knowledge-based authentication as a tool to verify identity.
Top executives at healthcare organizations must take the lead in overcoming a culture that portrays privacy and security as barriers, says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT.
Although the U.S. and Chinese governments blame one another for cybermischief, they should collaborate to battle common cyberthreats, says Christopher Painter, the State Department's top cyberdiplomat.
Faced with the growing threat of breaches, cyber-attacks and fraud, more organizations are building robust incident response strategies that identify how an investigation would proceed. Experts offer insights on effective investigation management.
Although enforcement of the HIPAA Omnibus Rule may not begin with a big bang, experts warn that compliance should be a top priority, especially in light of looming audits. Learn why some predict a surge in breach notification.
As federal regulators begin to enforce the HIPAA Omnibus Rule this fall, they will also continue work on other privacy issues, including the long-awaited accounting of disclosures rule. Find out what's on the to-do list.
Federal regulators plan to launch a permanent HIPAA compliance audit program in 2014 that targets a larger number of organizations but covers a narrower scope of issues. Learn the details the nation's top HIPAA enforcer revealed.
Version 3.0 of the Payment Card Industry Data Security Standard, to be released later this year, will include a focus on the standardization of compliance assessments, says Bob Russo of the PCI Security Standards Council.
Attorney Ellen Giblin describes who should be involved in determining whether a breach should be reported in compliance with the new breach notification requirements of the HIPAA Omnibus Rule. She also offers other compliance insights.
The FDA has issued a final rule for a medical device identification system that aims to make it easier and more efficient to track adverse events, including problems caused by cybersecurity issues, such as malware.