A preliminary version of the cybersecurity framework takes a too-broad approach to privacy, says security and privacy attorney Harriet Pearson. And that could result in fewer organizations adopting the voluntary security guidelines.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
President Obama defends the National Security Agency's bulk-collection initiative, but suggests he may adopt some of the recommendations presented by a panel that proposes changes in the NSA's surveillance program.
Karen DeSalvo, M.D., health commissioner of New Orleans, will be the next national coordinator for health IT. What privacy and security issues will she face as leader of the office that crafts guidelines for the HITECH Act's EHR incentive program?
A federal district court judge's ruling that a National Security Agency program collecting metadata from telephone calls could be unconstitutional suggests that the law hasn't kept pace with changing technology.
A letter from eight prominent online companies to President Obama and Congress calls for reform of government surveillance programs, outlining concerns about the way the NSA monitors online and telephone communications.
The Department of Health and Human Services should make several revisions in its plans for a revamp of the HIPAA accounting of disclosures rule and conduct pilot tests before implementing a final rule, an advisory panel recommends.
National policies regarding cybersecurity can have a positive or negative effect on global trade efforts, says Allan Friedman, research director of the Brookings Institution's Center for Technology Innovation.
A federal advisory panel will recommend that the Department of Health and Human Services take an incremental approach to implementing a revised HIPAA accounting of disclosures rule. Find out about tentative plans for fine-tuning the rule.
For risk managers, an often overlooked step for minimizing supply chain risks is to continually monitor outsourcers and other third parties to address critical security issues, says the Information Security Forum's Steve Durbin.