NIST is developing risk management guidance on the IT supply chain that says organizations should take an incremental approach and ensure that they first reach a base maturity level in organizational practices.
Keeping risk assessment documentation and other compliance evidence in a centralized repository is a good way to prepare for any HIPAA audit or investigation, says Mark Dill, Cleveland Clinic's security leader.
When it comes to the impending Sept. 23 HIPAA Omnibus enforcement deadline, many smaller organizations are making serious progress - or seriously procrastinating, says compliance expert Margie Satinsky.
The panel would review the latest intelligence and communications technologies to determine the risk of unauthorized disclosure to national security and foreign policy, as well as assess the need to maintain the public trust.
The Obama administration is floating the idea that critical infrastructure owners would more likely adopt voluntary security best practices if the government engages the insurance industry to help develop its cybersecurity framework.
Federal advisers want to stress the value of risk assessments even more strongly in Stage 3 of the HITECH Act electronic health record incentive program. Meanwhile, regulators are studying how to address health information exchange security issues.
The apparatchiks at the Kremlin think they're clever sorts with plans to replace computers with typewriters to prevent the American e-spies at the National Security Agency from hacking into Russian intelligence systems.
Getting critical infrastructure operators involved is the biggest challenge the federal government faces in creating a cybersecurity framework, says NIST's Adam Sedgewick, who leads efforts to create the framework ordered by President Obama.