The potential of governments messing with commercial IT security products - think China and the NSA - means organizations need to improve lines of communications to assure the integrity of the IT wares they acquire. ISF's Steve Durbin discusses mitigating supply-chain risk.
While preparing a speech to be delivered in Korea, NIST's Ron Ross wanted to convey the message of the importance of computer security. He hit on five themes - threat, assets, complexity, integration and trustworthiness - which form the acronym TACIT.
Whether reports that the National Security Agency entered into a secret contract with security provider RSA are true or not - and RSA says they're not - the reputations of all American security vendors have been tarnished.
The Centers for Medicare and Medicaid Services is creating a new position of chief risk officer in a multi-faceted effort to analyze and address problems with the troubled HealthCare.gov rollout. What are the security implications?
The HHS Office for Civil Rights, which enforces HIPAA, has some compliance issues of its own to address, according to a new inspector general report. But OCR officials say they've been addressing those matters.
Many healthcare providers and their business associates have a long way to go with their HIPAA compliance efforts. But two new resources from federal regulators could help pave the way to better security.
The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.
Business associates have been involved with fewer major health data breaches so far this year, compared with 2012. Are they getting better at prevention, or are they just under-reporting breaches?
Organizations need to know how other enterprises handle cyber-attacks to truly understand whether their IT security investments will pay off, the EastWest Institute's Karl Rauscher says.
As efforts to fix technical glitches on the HealthCare.gov website for Obamacare continue, taking steps to ensure security should be a top priority. Otherwise, efforts to build trust in the system will fail.
NIST is revising its 3-year-old smart-grid guidance to address technological and policy changes that have made the power grid more susceptible to vulnerabilities and threatened utility customers' privacy.
The White House says the conversation between the president and business leaders focused on how to encourage adoption of the cybersecurity framework. Participants also discussed the need for framework adoption by suppliers.
At a Congressional hearing Oct. 30, HHS Secretary Kathleen Sebelius addressed several security issues related to the Obamacare rollout, including testing of the HealthCare.gov website.
Purdue University's Eugene Spafford discusses the ethical issues that have been brought to the forefront by former NSA contractor Edward Snowden's leaks of classified details on a number of top-secret government surveillance programs.
Organizations collect a wealth of information as part of their governance, risk and compliance programs, and security professionals are missing out on important insights if they don't take advantage of it.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.