As the Department of Health and Human Services gears up for its second round of HIPAA compliance audits, the focus will shift to using these audits for potential enforcement actions, including financial settlements, predicts attorney Anna Spencer.
The National Institute of Standards and Technology has issued a Guide to Application Whitelisting that provides step-by-step instructions on deploying automated application whitelisting to help prevent malware from accessing IT systems.
The so-called 30-day cybersecurity sprint championed by Federal CIO Tony Scott has resulted in a strategy and implementation plan for federal government civilian agencies that focuses on a defense-in-depth approach to IT security.
FBI Director James Comey's declaration that the Obama administration will not pursue legislation to require vendors to create a backdoor that would permit law enforcement to circumvent encryption on mobile devices isn't the end of the matter.
An alert issued - and then yanked - by the FBI about fraud vulnerabilities linked to EMV chip cards is reigniting the debate between bankers and retailers over whether EMV in the U.S. should be chip-and-PIN or chip-and-signature.
Two final rules for the HITECH Act electronic health record incentive program strongly emphasize the value of risk assessments and encryption as measures for safeguarding patient information. Here's an analysis of the details.
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.
President Obama, in reaching any type of cybersecurity accord with Chinese President Xi Jinping, should borrow from the diplomacy he used to reach the Iranian nuclear agreement: Get the best deal possible and then distrust but verify.
For years, information security experts have been warning users to create complex, unique passwords, and organizations to secure them properly. But an analysis of 12 million cracked Ashley Madison passwords shows how much we're still failing.
If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
A controversy over the University of Oregon's handling of a student's mental health records is building momentum for reforms in a regulation that allows schools to use, and in some cases disclose, certain education records of students without their consent.
Security is a busy sector: Symantec jettisoned Veritas, Zscaler became a "unicorn" after its most recent funding round, and we have other M&A news from Cisco, Fidelity National Information Services and Proofpoint.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.