IT security leaders rely on penetration testing to determine whether applications are secure. But penetration tests can't be a primary source of assurance, says Jeff Williams, co-founder of OWASP.
With the tardy addition of the Sutter Health breach, the federal "wall of shame" tally of major healthcare information breaches now includes 385 incidents affecting more than 19 million individuals since September 2009.
Federal regulators are offering a hint about which of the pending rules affecting healthcare information privacy and security will be the first to be issued this year.
The recent breach that affected 24 million customers of Internet retailer Zappos.com should lead others to consider how much client information to store, says cybersecurity expert Fred H. Cate.
Does the U.S. government's shuttering of the file-sharing website Megaupload.com show that new laws are not needed to battle intellectual property piracy? Brookings's Allan Friedman believes it does.
With hundreds of schools hosting online information assurance and IT security degree and certification programs, how do students smartly pick the right ones for them?
Another guilty plea has been entered in a $200 million Medicare fraud scheme that involved bogus therapy sessions for the elderly in the Miami area. With the plea by Sandra Jimenez, nine defendants have now either pleaded guilty or been convicted at trial.
The Massachusetts eHealth Collaborative, a non-profit consultancy that experienced a health information breach, learned eight important lessons from the experience, says CEO Micky Tripathi.
Zappos was quick to communicate after discovering a data breach impacting 24 million customers. But did the online retailer respond appropriately, or make some missteps in its haste to notify? Francoise Gilbert of the IT Law Group gives a mixed review.
Hospitals and other covered entities looking for insights on how to prepare for a HIPAA compliance audit -as well as prevent breaches - should build a self-audit approach based on the findings of a recent government report, says attorney Timothy McCrystal.
Symantec reportedly said a 2006 breach led to the theft of the source code to its flagship Norton security software, reversing its previous position that it had not been hacked.
Security managers need the heads up from non-IT executives before they dismiss employees, some of whom might seek payback for their sacking by pilfering data or sabotaging systems, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
