Smaller hospitals and clinics soon will get some extra guidance from federal regulators about preparing risk assessments. But a federal advisory group has urged the Department of Health and Human Services to offer far more guidance on a variety of information security issues.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
The draft legislation would have the Department of Homeland Security conduct risk assessments on critical national IT systems and lead efforts to adopt use of new technologies and practices to keep pace with emerging cyberthreats.
Penetration tests that demonstrate how an unauthorized user could gain access to patient information can be effective in building support for a bigger information security budget, says David Kennedy of Diebold, Incorporated.
In the interview, Kennedy:
Emphasizes the role that comprehensive information security...
Accountable Care Organizations that will be formed to coordinate treatment of some Medicare patients must make HIPAA compliance, including risk assessments, a top priority, says security expert Rebecca Herold.
NICE's Ernest McDuffie says a proposed cybersecurity workforce framework represents a consensus of government thought on how best to define the jobs, skills and tasks needed to secure information technology.
Improving regulatory compliance efforts is the No. 1 information security priority for healthcare organizations in the year ahead. That's a key finding of the inaugural Healthcare Information Security Today survey.
IT security practitioners should understand why the bits, bytes and network connections - the technologies - are important to their organization's goals. Ignorance of the mission, for IT security folks, isn't bliss.