From point-of-sale hacks to malware and DDoS attacks, the top cyberthreats of 2012 have been aggressive and strong. Is it time for organizations to adopt a "hack back" strategy against perceived attackers?
In this week's breach roundup, read about the latest incidents, including three healthcare breaches involving missing devices. The largest affected 116,000 patients served by Alere Home Monitoring in Waltham, Mass.
Several legal experts say new federal guidance fleshes out details about how healthcare organizations should de-identify patient data aggregated for research. But one privacy advocate says the guidance is inadequate.
Inspector General Patrick Malley deems as inadequate the existing approach to state IT security governance that resulted in a breach last summer of a Department of Revenue tax system, which exposed the Social Security numbers of nearly 4 million taxpayers.
McAfee CPO Michelle Dennedy and Intel CISO Malcolm Harkins work for the same company, but in some ways they are worlds apart. How must privacy and security leaders bridge gaps to face challenges ahead?
President Obama has proclaimed December as Critical Infrastructure Protection and Resilience Month, and is using that declaration to continue his campaign to get Congress to enact comprehensive cybersecurity legislation.
The leaders in Congress on cybersecurity matters are the chairs of the committees that have jurisdiction over IT security. In both houses, chairmanship changes mean new lawmakers will lead legislative initiatives on cybersecurity in the 113th Congress.
South Carolina's Revenue Department went nearly a year without a chief information security officer before its tax system was hacked this summer. The agency's chief says the state couldn't find a qualified candidate for the job that pays $100,000 a year.
Developing a bring-your-own-device
policy that's well-integrated with an organization's overall information security strategy requires a multi-disciplinary, collaborative approach, says attorney Stephen Wu.
Comments are being accepted through Jan. 14, 2013, on potential privacy and security requirements to be included in the meaningful use rule for Stage 3 of the HITECH Act's electronic health record incentive program.