With Congress facing $1.2 trillion in budget cuts, Federal Chief Information Officer Steven VanRoekel says funding for cybersecurity initiatives will likely be affected. But with smart planning, government information technology should not be placed at risk.
Many organizations are weighing whether cyber-insurance is a worthwhile investment. A decision on the type of policy to buy, and what it should cover, depends, in part, on the type of information that could be exposed.
With HIPAA compliance audits slated to resume within about a year, what steps can healthcare organizations take to begin to prepare? OCR's Leon Rodriguez offers strategies based on initial audit findings and breach investigations.
A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
The Government Accountability Office is preparing a comprehensive analysis of the nation's cybersecurity strategy to determine its effectiveness in securing government IT and critical information infrastructures.
The line between national security and civilian systems is a blurry one, says Franklin Reeder, a former OMB executive, who co-authored a report identifying ways to cross the line to defend both.
The increase since 2006 in the number of IT security terms found in a new NIST glossary shows the importance of information security in the way we conduct business today.
Healthcare organizations need to more closely monitor how their business associates protect the security of patient information and step up risk assessments as they prepare to comply with looming HIPAA modifications, says attorney Lisa Sotto.
While unveiling a new online resource offering mobile device privacy and security tips to help prevent health data breaches, HHS officials also stress the need for annual risk assessments.
Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.
Inspector General Patrick Malley deems as inadequate the existing approach to state IT security governance that resulted in a breach last summer of a Department of Revenue tax system, which exposed the Social Security numbers of nearly 4 million taxpayers.
A new report says the Department of Health and Human Services must improve oversight of the HITECH Act's EHR incentive program, so that providers show better proof of compliance, including risk assessments.
The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack. NIST's Matthew Scholl offers strategies to mitigate the threat.
How do we provide mobile applications to our users that fulfill their need for immediate access, but also provide them with assurance that their information is safe? Here are four fundamentals.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
