It's impractical for organizations to ban staff members from using personally owned devices for work or to avoid having a formal BYOD policy, says Peter Swire, a former presidential adviser on privacy issues.
When it comes to breach prevention, many organizations are improving their own security posture, but neglecting that of their strategic partners. Trend Micro's Tom Kellermann outlines third-party risks.
In an interview about virtual supply chain threats, Kellermann discusses:
Supply chain gaps organizations...
Regulations initially cause organizations to spend more funds on data breaches, but eventually those rules could save enterprises money, the Ponemon Institute's Larry Ponemon says in analyzing his latest study on breach costs.
On average, 86 percent of web applications have at least one serious vulnerability, and each app is attacked about 4,000 times per year, says Imperva's Terry Ray. So, how must security be improved?
USC's Viterbi School of Engineering has just announced a new master's degree in cybersecurity. What's the new program's genesis, and how will it help address the IT security staffing crunch?
Intermountain Healthcare deserves praise for its gutsy leadership on information security. It's calling attention to the value of thorough risk assessments, acknowledging its need to improve security and developing best practices to share.
Operating in a cloud environment opens up organizations to a new dimension of insider threat problems, says Alex Nicoll of Carnegie Mellon University's CERT Insider Threat Center.
Intermountain Healthcare stepped up its risk assessment efforts to better identify security issues and help ensure it can pass a federal HIPAA audit. Plus, it's developing security best practices to share with others.
Collecting massive amounts of data on individuals, whether in the government or private sector, has become the norm in our society. It's not quite Orwellian, but it's a situation we might have to learn to live with.
As they develop mitigation strategies, organizations must keep in mind that all cyber-attacks, ranging from DDoS to phishing, ultimately aim to compromise data - and they virtually all are advanced and persistent.
Many healthcare organizations can improve their risk assessments by thinking about those evaluations in a new way, says privacy and security attorney Kirk Nahra.
How organizations view security is about to change, says Hugh Thompson of the security firm RSA. He explains why analytics will turn everything we thought we knew about security on its head.
With promises of ramped up HIPAA enforcement by federal regulators, and changes in the breach notification rule under the HIPAA Omnibus Rule, it's time for organizations to get serious about insider risks.
An inspector general's audit of the Department of Veterans Affairs will highlight security control deficiencies in four key areas. Inconsistent enforcement of programs is a major concern.
Federal advisers are considering options for reinforcing the importance of risk assessments in the rules for Stage 3 of the HITECH Act's incentive program for electronic health records.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
