Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
The Government Accountability Office is preparing a comprehensive analysis of the nation's cybersecurity strategy to determine its effectiveness in securing government IT and critical information infrastructures.
Healthcare organizations need to more closely monitor how their business associates protect the security of patient information and step up risk assessments as they prepare to comply with looming HIPAA modifications, says attorney Lisa Sotto.
Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.
Inspector General Patrick Malley deems as inadequate the existing approach to state IT security governance that resulted in a breach last summer of a Department of Revenue tax system, which exposed the Social Security numbers of nearly 4 million taxpayers.
A new report says the Department of Health and Human Services must improve oversight of the HITECH Act's EHR incentive program, so that providers show better proof of compliance, including risk assessments.
The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack. NIST's Matthew Scholl offers strategies to mitigate the threat.
NIST issues its interagency report on supply chain practices as a congressional panel cautions against using Chinese-made components that some lawmakers fear might have been altered to spy on Western governments and businesses.
Despite numerous data breaches, as well as financial incentives and penalties, many healthcare organizations aren't taking risk assessment requirements seriously. Experts offer insights on best practices.
Incorporating new concepts such as security-control overlays and placing a renewed emphasis on information assurance, the forthcoming guidance is 'a total rewrite' from the 2009 version, NIST's Ron Ross says.